Closed
Bug 508686
Opened 15 years ago
Closed 15 years ago
Crash in [@ns_if_addref<nsOfflineCacheDevice*>(nsOfflineCacheDevice*) ] (initialization of the offline cache)
Categories
(Core :: Networking: Cache, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 502403
People
(Reporter: ehsan.akhgari, Unassigned)
References
()
Details
(Keywords: crash)
Crash Data
We have a number of these crashes mostly from 3.5.1 and 3.5.2 (but one from 3.5 as well), which seems to have something to do with the initialization of the offline cache service: <http://crash-stats.mozilla.com/report/list?query_search=signature&query_type=exact&query=ns_if_addref%3CnsOfflineCacheDevice*%3E(nsOfflineCacheDevice*)&date=&range_value=1&range_unit=weeks&do_query=1&signature=ns_if_addref%3CnsOfflineCacheDevice*%3E(nsOfflineCacheDevice*)> The crash happens on this line: <http://hg.mozilla.org/releases/mozilla-1.9.1/annotate/001b77ffc015/netwerk/cache/src/nsDiskCacheDeviceSQL.cpp#l954> It seems like the |cacheService| pointer is somehow corrupted. On a sidenote, is the code on line 950 correct? What if an extension for example tries to override nsICacheService? I'd expect this to crash in that case. The user reports indicate that some of them have seen this when clicking the Advanced button in the Options window. But I don't see any reason why this can't happen when a web page tries to use the offline cache (and thus triggering the initialization of the offline cache.) If that can happen, then we'd have a crash which can get triggered from a webpage. Thus, I'm filing this as a security bug.
Reporter | ||
Comment 1•15 years ago
|
||
Thanks for the duplicate hint, Henrik!
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Updated•15 years ago
|
Status: RESOLVED → VERIFIED
Updated•15 years ago
|
Group: core-security
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ns_if_addref<nsOfflineCacheDevice*>(nsOfflineCacheDevice*) ]
You need to log in
before you can comment on or make changes to this bug.
Description
•