We have a number of these crashes mostly from 3.5.1 and 3.5.2 (but one from 3.5 as well), which seems to have something to do with the initialization of the offline cache service: <http://crash-stats.mozilla.com/report/list?query_search=signature&query_type=exact&query=ns_if_addref%3CnsOfflineCacheDevice*%3E(nsOfflineCacheDevice*)&date=&range_value=1&range_unit=weeks&do_query=1&signature=ns_if_addref%3CnsOfflineCacheDevice*%3E(nsOfflineCacheDevice*)> The crash happens on this line: <http://hg.mozilla.org/releases/mozilla-1.9.1/annotate/001b77ffc015/netwerk/cache/src/nsDiskCacheDeviceSQL.cpp#l954> It seems like the |cacheService| pointer is somehow corrupted. On a sidenote, is the code on line 950 correct? What if an extension for example tries to override nsICacheService? I'd expect this to crash in that case. The user reports indicate that some of them have seen this when clicking the Advanced button in the Options window. But I don't see any reason why this can't happen when a web page tries to use the offline cache (and thus triggering the initialization of the offline cache.) If that can happen, then we'd have a crash which can get triggered from a webpage. Thus, I'm filing this as a security bug.
Thanks for the duplicate hint, Henrik!
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 502403
Crash Signature: [@ns_if_addref<nsOfflineCacheDevice*>(nsOfflineCacheDevice*) ]
You need to log in before you can comment on or make changes to this bug.