Closed
Bug 512301
Opened 15 years ago
Closed 15 years ago
crash @ nsWifiMonitor::DoScan() using GeoGuide add-on
Categories
(Core :: DOM: Geolocation, defect)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
status1.9.2 | --- | final-fixed |
fennec | 1.0b3+ | --- |
People
(Reporter: crowderbt, Assigned: dougt)
Details
Attachments
(1 file, 2 obsolete files)
1.47 KB,
patch
|
blassey
:
review+
pavlov
:
approval1.9.2+
|
Details | Diff | Splinter Review |
Keeping security-sensitive until we're sure. xul.dll!nsWifiMonitor::DoScan(void) Line: 345, Byte Offsets: 0x10 C++ xul.dll!nsWifiMonitor::Run(void) Line: 156, Byte Offsets: 0x44 C++ xul.dll!nsThread::ProcessNextEvent(int mayWait = 0x00000001, int* result = 0x0a62fdbc) Line: 527, Byte Offsets: 0x368 C++ xul.dll!NS_ProcessNextEvent_P(nsIThread* thread = 0x5e2e71a0, int mayWait = 0x00000001) Line: 230, Byte Offsets: 0x84 C++ xul.dll!nsThread::ThreadFunc(void* arg = 0x5e2e71a0) Line: 254, Byte Offsets: 0x15c C++
Assignee | ||
Comment 1•15 years ago
|
||
fwiw, this doesn't happen (or is alot less likely) when the addon is not installed and you simply do a geolocation request.
Assignee | ||
Comment 2•15 years ago
|
||
crowder, in the bug you mentioned you were dying in PerformQuery() still true? asking this, sadly, cause I cant reproduce.
Reporter | ||
Comment 3•15 years ago
|
||
Yeah, PerformQuery()... I was running w/ a debug build, perhaps that is the difference?
Assignee | ||
Comment 4•15 years ago
|
||
could you have oom'd?
Reporter | ||
Comment 5•15 years ago
|
||
Yes, it's certainly possible, though as I mentioned in IRC, the code would seem to handle that case!
Assignee | ||
Updated•15 years ago
|
tracking-fennec: --- → ?
Updated•15 years ago
|
tracking-fennec: ? → 1.0b3+
Assignee | ||
Comment 6•15 years ago
|
||
if buffer does go null because resize failed, we will crash.
Assignee: nobody → doug.turner
Attachment #398203 -
Flags: review?(bugmail)
Updated•15 years ago
|
Attachment #398203 -
Flags: review?(bugmail) → review-
Comment 7•15 years ago
|
||
Comment on attachment 398203 [details] [diff] [review] patch v.1 >+ if (!buffer) >+ return ERROR_OUTOFMEMORY; >+ The buffer isn't being allocated in this function, so its not correct to return OOM from it. I think it would be better to add some assertions about oid_buffer_size such as != 0 and < kMaximumBufferSize. Also, checking the buffer for null before passing it to PerformQuery would be good.
Assignee | ||
Comment 8•15 years ago
|
||
> The buffer isn't being allocated in this function, so its not correct to return OOM from it. http://msdn.microsoft.com/en-us/library/aa450919.aspx How about ERROR_NOT_ENOUGH_MEMORY? > checking the buffer for null before passing it to PerformQuery would be good. I do not think we want to have another #ifdef WINCE -- it is fine to pass null to the win32 version of PerformQuery.
Assignee | ||
Comment 9•15 years ago
|
||
Attachment #398203 -
Attachment is obsolete: true
Assignee | ||
Comment 10•15 years ago
|
||
Assignee | ||
Updated•15 years ago
|
Attachment #399202 -
Attachment is patch: true
Attachment #399202 -
Attachment mime type: application/octet-stream → text/plain
Attachment #399202 -
Flags: review?(bugmail)
Assignee | ||
Updated•15 years ago
|
Attachment #398213 -
Attachment is obsolete: true
Updated•15 years ago
|
Attachment #399202 -
Flags: review?(bugmail) → review+
Assignee | ||
Comment 11•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/e11dd2be5fb9 This crash was pretty intermittent. This patches a obvious crash during OOM.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•15 years ago
|
Attachment #399202 -
Flags: approval1.9.2?
Assignee | ||
Comment 12•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/dc79ef0716c6 <-- fixes bustage
Updated•15 years ago
|
Attachment #399202 -
Flags: approval1.9.2? → approval1.9.2+
Comment 13•15 years ago
|
||
Doug landed these on 1.9.2: http://hg.mozilla.org/releases/mozilla-1.9.2/rev/47badd5f4c74 http://hg.mozilla.org/releases/mozilla-1.9.2/rev/8eed6221990c
status1.9.2:
--- → final-fixed
Updated•13 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•