Closed Bug 386614 Opened 12 years ago Closed 12 years ago

Crash [@ nsSocketTransportService::Shutdown] when toggling offline/online in 2 frames

Categories

(Core :: Networking, defect, critical)

x86
Windows XP
defect
Not set
critical

Tracking

()

VERIFIED FIXED

People

(Reporter: martijn.martijn, Assigned: timeless)

References

Details

(Keywords: crash, regression, testcase)

Crash Data

Attachments

(2 files)

Attached file testcase
See testcase, which crashes current trunk builds after a few reloads.
The testcase uses enhanced privileges, so you need to download it to your computer to test.

It doesn't crash in 2006-05-10 build, but crashes in a 2006-05-12 build.
I think a regression from bug 326273, somehow.

https://crash-reports.mozilla.com/reports/report/index/ac234d0a-28a0-11dc-80c7-001a4bd43ed6
0  	nsSocketTransportService::Shutdown()
1 	nsIOService::SetOffline(int)
2 	NS_InvokeByIndex_P
3 	AutoJSSuspendRequest::SuspendRequest()
4 	XPC_NW_toString
5 	ReservedSlotIndexOK
6 	XPC_WN_GetterSetter(JSContext *,JSObject *,unsigned int,long *,long *)
7 	js_Invoke
8 	js_InternalInvoke
9 	js_InternalGetOrSet

Content of both iframes:
<script>
function toggleoffline(){
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
var ioService = Components.classes["@mozilla.org/network/io-service;1"].
       getService(Components.interfaces.nsIIOService2);
ioService.offline = !ioService.offline;
}
setInterval(toggleoffline,20);
</script>
There is a topcrasher in nsSocketTransportService::Shutdown, but it doesn't appear to be exactly the same as bp-ac234d0a-28a0-11dc-80c7-001a4bd43ed6 because it isn't reentrant. But marking blocking+ for the topcrasher.

biesi, can you take a look?
Assignee: nobody → cbiesinger
Flags: blocking1.9+
I think I sent quite a few crash reports with this stacktrace. Maybe I caused this to be a topcrasher?
Summary: Crash [@ nsSocketTransportService::Shutdown] when togglig offline/online in 2 frames → Crash [@ nsSocketTransportService::Shutdown] when toggling offline/online in 2 frames
Attached patch maybe this worksSplinter Review
Assignee: cbiesinger → timeless
Status: NEW → ASSIGNED
Attachment #270834 - Flags: superreview?(cbiesinger)
Attachment #270834 - Flags: review?(martijn.martijn)
Comment on attachment 270834 [details] [diff] [review]
maybe this works

It works indeed, it makes the crash go away.
But I'm not really qualified to review this code.
Attachment #270834 - Flags: review?(martijn.martijn) → review?(cbiesinger)
Comment on attachment 270834 [details] [diff] [review]
maybe this works

+        return NS_ERROR_FAILURE;

nsThread::Shutdown uses NS_ERROR_UNEXPECTED when it is reentered, perhaps that'd be better here as well?
Attachment #270834 - Flags: superreview?(cbiesinger)
Attachment #270834 - Flags: superreview+
Attachment #270834 - Flags: review?(cbiesinger)
Attachment #270834 - Flags: review+
Comment on attachment 270834 [details] [diff] [review]
maybe this works

mozilla/netwerk/base/src/nsSocketTransportService2.cpp		1.26
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Flags: in-testsuite?
a real testcase should probably use nsITimer directly instead of setTimeout.
Verified fixed, using:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a7pre) Gecko/2007071905 Minefield/3.0a7pre

Thanks for fixing!
Status: RESOLVED → VERIFIED
Crash Signature: [@ nsSocketTransportService::Shutdown]
You need to log in before you can comment on or make changes to this bug.