Closed
Bug 327331
Opened 18 years ago
Closed 16 years ago
nsNavHistory::Init allows improper initialization
Categories
(Firefox :: Bookmarks & History, defect, P3)
Firefox
Bookmarks & History
Tracking
()
RESOLVED
FIXED
Firefox 3 beta4
People
(Reporter: benjamin, Assigned: sdwilsh)
Details
Attachments
(2 files, 3 obsolete files)
7.75 KB,
patch
|
Details | Diff | Splinter Review | |
3.90 KB,
patch
|
benjamin
:
review+
|
Details | Diff | Splinter Review |
If nsNavHistory::Init fails, it will permanently leak the nsNavHistory object through pref observers and observerservice observers: CreateLookupIndexes() should be called before attaching observers. Once we attach observers we should not throw exceptions. In addition, there are situations (such as when getService is called with an interface nsNavHistory doesn't implement) where the constructor function itself could fail. We should use a specialty singleton constructor func to ensure against error.
Reporter | ||
Comment 1•18 years ago
|
||
Attachment #212019 -
Flags: review?(brettw)
Comment 2•18 years ago
|
||
Comment on attachment 212019 [details] [diff] [review] Use a singleton constructor, rev. 1 > if (NS_SUCCEEDED(rv) && historyFile) { > importer->ImportHistory(historyFile, this); > } > } > >- return CreateLookupIndexes(); >+ return NS_OK; Can you put a comment above the return statement saying something about not adding anything here and referencing the above comment? The bottom of the function is the most tempting place to add new stuff, and most people won't read the previous one. I just noticed that the bookmark service has the same problem. Filed bug 327350 on that.
Attachment #212019 -
Flags: review?(brettw) → review+
Reporter | ||
Comment 3•18 years ago
|
||
Fixed on trunk.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Comment 4•18 years ago
|
||
All places stuff needs to be manually checked into 1.8 branch as well. It looks like this didn't make it.
Status: RESOLVED → VERIFIED
Reporter | ||
Comment 5•18 years ago
|
||
This was mostly backed out by bug 327331 with a cryptic comment: Indeed, create would not put the pointer in the service manager. That's ok, because we use the gHistoryService object itself in the constructor, so there isn't a chance that I can see of ever creating a dual object. The problem here is that if you use the following code: var history = Components.classes[navhistorycontractid].getService(Components.interfaces.nsINotImplemented); The constructor succeeds, adds observers, and sets gHistoryService, while getservice fails (due to the unimplemented interface)... then you *can* assert.
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
Comment 6•18 years ago
|
||
Sorry about the cryptic comment, I was in the middle of having the build broken and couldn't find you on IRC. I was definitely seeing double initialization, although I realize now its because of my build being out of sync here. We can check it in again. I can do it next week or you can do it anytime you want. You really need to but it on the branch this time, though. Places is kept in sync between trunk and branch.
Updated•18 years ago
|
Priority: -- → P2
Updated•18 years ago
|
Priority: P2 → P3
Reporter | ||
Updated•18 years ago
|
Target Milestone: Firefox 2 alpha2 → Firefox 3 alpha1
Comment 7•17 years ago
|
||
this was checked in but not marked fixed. need to do further analysis of svc init to determine if this is fixed or not. would like to have some kind of automated test that tests init with critical failure scenarios, etc.
Reporter | ||
Comment 8•17 years ago
|
||
Dietrich, as far as I know this was backed out and never checked back in (it doesn't appear on current trunk).
Assignee: benjamin → dietrich
Status: REOPENED → NEW
Updated•17 years ago
|
Target Milestone: Firefox 3 alpha1 → Firefox 3 alpha5
Comment 9•17 years ago
|
||
(In reply to comment #1) > Created an attachment (id=212019) [details] > Use a singleton constructor, rev. 1 > hm, this actually is allowing multiple initialization. interestingly, if i initialize from xpconnect first, it works ok. but if i first initialize the bookmarks service (which inits history), then try to get the service from js, then it'll double initialize.
Comment 10•17 years ago
|
||
changing the title to reflect that the leak-observers-if-init-fails problem is gone, but the getService-with-not-implemented-iid problem still exists. spinning off the "fragile in error conditions" to bug 327350, covering each of the places services. this does not necessarily block A5, as we don't have any reported problems, and the scenario in comment #5 is more likely from extension code than internally.
Summary: nsNavHistory::Init is fragile and leaky in error conditions → nsNavHistory::Init allows improper initialization
Updated•17 years ago
|
Flags: blocking-firefox3+
Target Milestone: Firefox 3 alpha5 → Firefox 3 alpha6
Updated•17 years ago
|
Whiteboard: [swag: .5d]
Comment 11•17 years ago
|
||
preventative, pushing to beta 1.
Target Milestone: Firefox 3 alpha6 → Firefox 3 beta1
Updated•17 years ago
|
Target Milestone: Firefox 3 M7 → Firefox 3 M8
Updated•17 years ago
|
Target Milestone: Firefox 3 M8 → Firefox 3 M9
Updated•17 years ago
|
Target Milestone: Firefox 3 M9 → Firefox 3 M10
Updated•17 years ago
|
Target Milestone: Firefox 3 M10 → Firefox 3 Mx
Updated•17 years ago
|
Target Milestone: Firefox 3 Mx → Firefox 3 M11
Updated•17 years ago
|
Priority: P3 → P4
Assignee | ||
Updated•17 years ago
|
Assignee: dietrich → sdwilsh
Priority: P4 → P3
Target Milestone: Firefox 3 beta3 → Firefox 3 beta4
Assignee | ||
Updated•17 years ago
|
Whiteboard: [swag: .5d] → [needs patch]
Assignee | ||
Comment 12•17 years ago
|
||
OK, so it looks like the first part of comment 0 is already addressed here. While figuring out what was going on in nsNavHistory::Init, I went ahead and added some javadoc comments to places in nsNavHistory.h, and I made the warnings about adding things after the observers a bit more scary looking to ensure that nobody EVER adds something after them without really thinking hard about it first.
Attachment #300760 -
Flags: review?(dietrich)
Assignee | ||
Comment 13•17 years ago
|
||
Basically the first patch :)
Attachment #212019 -
Attachment is obsolete: true
Attachment #300785 -
Flags: review?(benjamin)
Assignee | ||
Updated•17 years ago
|
Whiteboard: [needs patch] → [has patch][needs review dietrich][needs review bsmedberg]
Version: unspecified → Trunk
Comment 14•17 years ago
|
||
Comment on attachment 300760 [details] [diff] [review] v1.0 cleanup >+ /** >+ * Initializes the database file. If the database does not exist, was >+ * corrupted, or aForceInit is true, we re-import bookmarks. We also backup not really true for non-fx apps. please correct to "we recreate the database". >+ * the database if it was corrupted or aForceInit is true. >+ * >+ * @param aForceInit >+ * Indicates if we should close an open database connection or not. >+ */ > nsresult InitDBFile(PRBool aForceInit); >+ /** >+ * Initializes the database. This performs any necessary migrations for the >+ * database. All migration is done inside a transaction that is rolled back >+ * if any error occurs. i'd clarify to say that history is imported, and some prefs set. but even those prefs i'm planning on moving out to browser, to make this less browser-dependent (bug 394205). >+ /** >+ * Used to setup the idle timer used to update global frecency. >+ */ > nsCOMPtr<nsITimer> mIdleTimer; also for expiration, etc. i'd generalize to "periodic update and cleanup tasks", or something to that effect.
Attachment #300760 -
Flags: review?(dietrich) → review+
Assignee | ||
Updated•17 years ago
|
Whiteboard: [has patch][needs review dietrich][needs review bsmedberg] → [needs new patch][has review dietrich][needs review bsmedberg]
Assignee | ||
Comment 15•17 years ago
|
||
(In reply to comment #14) > also for expiration, etc. i'd generalize to "periodic update and cleanup > tasks", or something to that effect. There is mExpireNowTimer for expirations, mLazyTimer for lazy add, mAutoCompleteTimer for autocomplete, and this one... We should consider optimizing that situation...
Attachment #300760 -
Attachment is obsolete: true
Assignee | ||
Updated•17 years ago
|
Whiteboard: [needs new patch][has review dietrich][needs review bsmedberg] → [has patch][has r dietrich][needs r bsmedberg]
Assignee | ||
Comment 16•16 years ago
|
||
Comment on attachment 301034 [details] [diff] [review] v1.1 cleanup [checked-in] Checking in toolkit/components/places/src/nsNavHistory.cpp; new revision: 1.241; previous revision: 1.240 Checking in toolkit/components/places/src/nsNavHistory.h; previous revision: 1.130
Attachment #301034 -
Attachment description: v1.1 cleanup → v1.1 cleanup [checked-in]
Assignee | ||
Updated•16 years ago
|
Flags: in-testsuite-
Flags: in-litmus-
Whiteboard: [has patch][has r dietrich][needs r bsmedberg] → [has patch][needs r bsmedberg]
Reporter | ||
Updated•16 years ago
|
Attachment #300785 -
Flags: review?(benjamin) → review+
Assignee | ||
Updated•16 years ago
|
Whiteboard: [has patch][needs r bsmedberg] → [has patch][has r][can land]
Assignee | ||
Comment 17•16 years ago
|
||
So, the last patch was actually triggering the "creating nsNavHistory twice" assertion when running test_exclude_livemarks.js. My hunch was that somehow we were hitting a refcount of 0, so this fixes it. I just don't know if this fixes the situation where we leak because getService is called on an interface nsNavHistory does not implement. Since this changed so much, re-requesting review. This patch just does what the download manager and storage service does. How places just passes pointers to itself around is rather confusing I might add...
Attachment #300785 -
Attachment is obsolete: true
Attachment #302151 -
Flags: review?(benjamin)
Assignee | ||
Updated•16 years ago
|
Whiteboard: [has patch][has r][can land] → [has patch][needs r bsmedberg]
Reporter | ||
Comment 18•16 years ago
|
||
Comment on attachment 302151 [details] [diff] [review] v1.1 Oh man, how I hate the SINGLETON_CONSTRUCTOR macro!
Attachment #302151 -
Flags: review?(benjamin) → review+
Assignee | ||
Updated•16 years ago
|
Whiteboard: [has patch][needs r bsmedberg] → [has patch][has r][can land]
Assignee | ||
Comment 19•16 years ago
|
||
Why do you hate the SINGLETON_CONSTRUCTOR macro? Checking in toolkit/components/places/src/nsNavHistory.cpp; new revision: 1.250; previous revision: 1.249 Checking in toolkit/components/places/src/nsNavHistory.h; new revision: 1.138; previous revision: 1.137 Checking in toolkit/components/places/src/nsPlacesModule.cpp; new revision: 1.6; previous revision: 1.5
Status: NEW → RESOLVED
Closed: 18 years ago → 16 years ago
Resolution: --- → FIXED
Whiteboard: [has patch][has r][can land]
Comment 20•15 years ago
|
||
Bug 451915 - move Firefox/Places bugs to Firefox/Bookmarks and History. Remove all bugspam from this move by filtering for the string "places-to-b-and-h". In Thunderbird 3.0b, you do that as follows: Tools | Message Filters Make sure the correct account is selected. Click "New" Conditions: Body contains places-to-b-and-h Change the action to "Delete Message". Select "Manually Run" from the dropdown at the top. Click OK. Select the filter in the list, make sure "Inbox" is selected at the bottom, and click "Run Now". This should delete all the bugspam. You can then delete the filter. Gerv
Component: Places → Bookmarks & History
QA Contact: places → bookmarks
You need to log in
before you can comment on or make changes to this bug.
Description
•