Closed Bug 508686 Opened 15 years ago Closed 15 years ago

Crash in [@ns_if_addref<nsOfflineCacheDevice*>(nsOfflineCacheDevice*) ] (initialization of the offline cache)

Categories

(Core :: Networking: Cache, defect)

Product:
Core
Component:
Networking: Cache
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 502403

People

(Reporter: ehsan.akhgari, Unassigned)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

We have a number of these crashes mostly from 3.5.1 and 3.5.2 (but one from 3.5 as well), which seems to have something to do with the initialization of the offline cache service:

<http://crash-stats.mozilla.com/report/list?query_search=signature&query_type=exact&query=ns_if_addref%3CnsOfflineCacheDevice*%3E(nsOfflineCacheDevice*)&date=&range_value=1&range_unit=weeks&do_query=1&signature=ns_if_addref%3CnsOfflineCacheDevice*%3E(nsOfflineCacheDevice*)>

The crash happens on this line:

<http://hg.mozilla.org/releases/mozilla-1.9.1/annotate/001b77ffc015/netwerk/cache/src/nsDiskCacheDeviceSQL.cpp#l954>

It seems like the |cacheService| pointer is somehow corrupted.

On a sidenote, is the code on line 950 correct?  What if an extension for example tries to override nsICacheService?  I'd expect this to crash in that case.

The user reports indicate that some of them have seen this when clicking the Advanced button in the Options window.  But I don't see any reason why this can't happen when a web page tries to use the offline cache (and thus triggering the initialization of the offline cache.)  If that can happen, then we'd have a crash which can get triggered from a webpage.  Thus, I'm filing this as a security bug.
Thanks for the duplicate hint, Henrik!
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
Group: core-security
Crash Signature: [@ns_if_addref<nsOfflineCacheDevice*>(nsOfflineCacheDevice*) ]
You need to log in before you can comment on or make changes to this bug.