Closed Bug 512301 Opened 15 years ago Closed 15 years ago

crash @ nsWifiMonitor::DoScan() using GeoGuide add-on

Categories

(Core :: DOM: Geolocation, defect)

Product:
Core
Component:
DOM: Geolocation
Platform:
ARM
Windows Mobile 6 Professional
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
status1.9.2 --- final-fixed
fennec 1.0b3+ ---

People

(Reporter: crowderbt, Assigned: dougt)

Details

Attachments

(1 file, 2 obsolete files)

patch v.2
1.47 KB, patch
blassey
: review+
pavlov
: approval1.9.2+
Details | Diff | Splinter Review 
Keeping security-sensitive until we're sure.

xul.dll!nsWifiMonitor::DoScan(void) Line: 345, Byte Offsets: 0x10	C++
xul.dll!nsWifiMonitor::Run(void) Line: 156, Byte Offsets: 0x44	C++
xul.dll!nsThread::ProcessNextEvent(int mayWait = 0x00000001, int* result = 0x0a62fdbc) Line: 527, Byte Offsets: 0x368	C++
xul.dll!NS_ProcessNextEvent_P(nsIThread* thread = 0x5e2e71a0, int mayWait = 0x00000001) Line: 230, Byte Offsets: 0x84	C++
xul.dll!nsThread::ThreadFunc(void* arg = 0x5e2e71a0) Line: 254, Byte Offsets: 0x15c	C++
fwiw, this doesn't happen (or is alot less likely) when the addon is not installed and you simply do a geolocation request.
crowder, in the bug you mentioned you were dying in PerformQuery() still true?  asking this, sadly, cause I cant reproduce.
Yeah, PerformQuery()... I was running w/ a debug build, perhaps that is the difference?
could you have oom'd?
Yes, it's certainly possible, though as I mentioned in IRC, the code would seem to handle that case!
tracking-fennec: --- → ?
tracking-fennec: ? → 1.0b3+
Attached patch patch v.1 (obsolete) — Splinter Review 
if buffer does go null because resize failed, we will crash.
Assignee: nobody → doug.turner
Attachment #398203 - Flags: review?(bugmail)
Attachment #398203 - Flags: review?(bugmail) → review-
Comment on attachment 398203 [details] [diff] [review]
patch v.1


>+  if (!buffer)
>+    return ERROR_OUTOFMEMORY;
>+

The buffer isn't being allocated in this function, so its not correct to return OOM from it.

I think it would be better to add some assertions about oid_buffer_size such as != 0 and < kMaximumBufferSize.  Also, checking the buffer for null before passing it to PerformQuery would be good.
> The buffer isn't being allocated in this function, so its not correct to return
OOM from it.

http://msdn.microsoft.com/en-us/library/aa450919.aspx

How about ERROR_NOT_ENOUGH_MEMORY?

> checking the buffer for null before passing it to PerformQuery would be good.

I do not think we want to have another #ifdef WINCE -- it is fine to pass null to the win32 version of PerformQuery.
Attached patch patch v.2 (obsolete) — Splinter Review 

        Attachment #398203 -
        Attachment is obsolete: true

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch v.2Splinter Review
      

    


  

    
  

        Attachment #399202 -
        Attachment is patch: true

        Attachment #399202 -
        Attachment mime type: application/octet-stream → text/plain

        Attachment #399202 -
        Flags: review?(bugmail)

    
  

        Attachment #398213 -
        Attachment is obsolete: true

        Attachment #399202 -
        Flags: review?(bugmail) → review+

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/e11dd2be5fb9

This crash was pretty intermittent.  This patches a obvious crash during OOM.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED

    
  

        Attachment #399202 -
        Flags: approval1.9.2?

    
  

        Attachment #399202 -
        Flags: approval1.9.2? → approval1.9.2+
Group: core-security

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: