Closed
Bug 51363
Opened 24 years ago
Closed 24 years ago
Won't complete connection for logged in user of my.lycos.com
Categories
(Core :: Networking: HTTP, defect, P3)
Tracking
()
RESOLVED
FIXED
People
(Reporter: mwitbrock, Assigned: darin.moz)
References
()
Details
Attachments
(4 files)
1.26 KB,
patch
|
Details | Diff | Splinter Review | |
2.66 KB,
patch
|
Details | Diff | Splinter Review | |
891 bytes,
patch
|
Details | Diff | Splinter Review | |
1.38 KB,
patch
|
Details | Diff | Splinter Review |
Clear out lycos.com cookies (if you have any). Create a my.lycos.com account (maybe use another browser for this). Go to my.lycos.com site and try to log in. Get weird 302 page text that looks as if it may be failing to set some cookies correctly. If lycos cookies are already set, attempts to contact my.lycos.com result in an indefinite network wait. This bug appeared about 1 or 2 weeks ago. If it can be confirmed as a problem with something that is being sent from the server, I can have people at this end (i.e. at Lycos) look into fixing it, but I need your help in diagnosing the source of the problem.
Comment 1•24 years ago
|
||
Using latest build 2000090508 under Windows 95 I get some kind of cookie error when logging into http://my.lycos.com/ After hitting the "login" button this text appears: HTTP/1.1 302 Object moved Server: Microsoft-IIS/5.0 Date: Wed, 06 Sep 2000 02:01:36 GMT Set-Cookie: lycos_sso=guid%3Dterrigena%7Cln%26app_id%3Dly_ml%26pref_sso% 3Dall_allow%26mod_time%3D968205800%26ctime%3D3145658497%26version%3D1.8%26state% 3D0%26secret%3D1829638da0eff06233cc42f3e6dfad29; expires=Sat, 03-Mar-2001 10:01:36 GMT; domain=.lycos.com; path=/ Location: / Content-Length: 122 Content-Type: text/html Expires: Wed, 06 Sep 2000 02:01:36 GMT Set-Cookie: REGTARGET=+; expires=Mon, 31-Dec-1990 05:00:00 GMT; domain=.lycos.com; path=/ Set-Cookie: LOGIN=HUID=6e4058e2444f01901c7008eb50783baf&UID=terrigena&GUID=terrigena&HASH=; expires=Tue, 31-Dec-2002 05:00:00 GMT; domain=.lycos.com; path=/ Set-Cookie: LYSPORTS=; expires=Tue, 01-Jan-1980 05:00:00 GMT; domain=.lycos.com; path=/ Set-Cookie: USER=COUNTRY=US&NETMINDMAIL=&PLANETALL=&INFOE=Y2hhcmxlcw%3D% 3D&EMAILNOTIFY=1&GENDER=M&BIRTHDATE=12%2F09% 2F1984&CITY=Schenectady&EMAIL=neoplazma%40home%2Ecom&FNAME=Terrigena&INFO=app% 5Ffeature&ZIPCODE=12345&LNAME=EarthBorn; expires=Tue, 31-Dec-2002 05:00:00 GMT; domain=.lycos.com; path=/ Set-Cookie: LYCOSWEATHER=; expires=Mon, 31-Dec-1990 05:00:00 GMT; domain=.lycos.com; path=/ Set-Cookie: P=TRAFFIC% 2DPERZONES=&LYSHOP=&SPM=&LOTTOZIP=&LYMB=&PRIMARYMAIL=&HORO=&REMINDERS=&RANDOMREF =&SAVEDSEARCH=&TOPNEWS=&STOREDFILES=0&LYCHAT=&COOKIEUPDATE=9%2F5%2F2000+10%3A01% 3A37+PM&LYTV=&LOCALDIR=&BOOKS=&METRICWEATHER=0&COMICS=&FRAC=; expires=Tue, 31- Dec-2002 05:00:00 GMT; domain=.lycos.com; path=/ Set-Cookie: LYCOSSTOCKS=; expires=Tue, 01-Jan-1980 05:00:00 GMT; domain=.lycos.com; path=/ Set-Cookie: MergedPortfolio=; expires=Tue, 01-Jan-1980 05:00:00 GMT; domain=.lycos.com; path=/ Set-Cookie: SSO=1; expires=Tue, 31-Dec-2002 05:00:00 GMT; domain=.lycos.com; path=/ Cache-control: private <head><title>Object moved</title></head> <body><h1>Object Moved</h1>This object may be found <a HREF="/">here</a>.</body>
Summary: Won't complete connection for logged in user of my.lycos.com → Won't complete connection for logged in user of my.lycos.com
Comment 2•24 years ago
|
||
over to cookies component.
Assignee: asa → morse
Status: UNCONFIRMED → NEW
Component: Browser-General → Cookies
Ever confirmed: true
QA Contact: doronr → tever
Comment 3•24 years ago
|
||
It's not cookies but rather networking. However I just spent enough time on bug 50471 to realize that this is a dup of that bug. Fortunately, a fix was check in today. *** This bug has been marked as a duplicate of 50471 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Updated•24 years ago
|
Component: Cookies → Networking
Reporter | ||
Comment 4•24 years ago
|
||
Which build should it show up as resolved in. It's still not working in build 2000090508 Michael
Comment 5•24 years ago
|
||
The fix was checked in on 9-5 in the afternoon. So I wouldn't expect it to be in a 9-5 build. Try a build from 9-6 or later.
Reporter | ||
Comment 6•24 years ago
|
||
Still doesn't seem to work with Build 2000090708 on Windows 2000 (doesn't complete connection when logging in through http://my.lycos.com/h/infosimple.asp?c=1) Perhaps this isn't really resolved?
Reporter | ||
Comment 7•24 years ago
|
||
As I mentioned yesterday, the fix to 50417 doesn't seem to have fixed this. I'm reopening... hope that's OK
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Reporter | ||
Updated•24 years ago
|
Component: Networking → Cookies
Reporter | ||
Comment 9•24 years ago
|
||
Our MyLycos engineering team finally got a chance to look into this. It turns out that the problem seems to be related to cookie length. My Lycos user login results in an attempt to set a quite long (but < 4096 bytes) cookie. This seems to be what causes moz and ns6pr3 to hang then time out. Reducing the cookie length at our end solved the problem. Debugging this identified another problem. Apparently Moz reacts badly to attempts to delete non-existent cookies. Lycos will implement a work-around to enable my lycos to work properly with these bugs, but it would be good if they were fixed - presumably there are other long cookies, and null deletes out there.
Comment 10•24 years ago
|
||
I'll take a look from this end and see if I can determine what is going on. But one comment I didn't understand: > Apparently Moz reacts badly to attempts to delete non-existent cookies. How are you attempting to delete them. The only way that a site has for removing a cookie is to set another cookie having the same name and having an expiration date sometime in the past. So if the cookie is non-existent, you are saying that moz behaves badly at attempts to set cookies with past-dated expirations. Am I interpreting your comment correctly?
Comment 11•24 years ago
|
||
to "delete" the cookies we are setting the Expiration date to a date in the past (December 31, 1990), as well as setting the domain and path. We are not setting the contents of the cookie, however. If we try to do the above on a cookie that doesn't exist, we get into a situation where the browser hangs. As for the cookie size issue, we start to see problems with cookies around the 1,210 - 1,215 byte mark for the entire domain. you can edit individual cookies to get them over that mark, but if you log out of My Lycos and then try to log back in, we see hanging.
Comment 12•24 years ago
|
||
I'm not seeing the behavior described here at all. Instead here is what I am seeing: 1. First time -- no cookies. After logging in I get a flock of cookies, some expiring at end of session and some lasting longer. 2. Close browser and reenter. Do not visit lycos yet. At this point I see three lycos cookies -- login, p, and user. 3. Visit lycos. Am not asked to login, apparently because I already had a login cookie. Instead I am automatically logged in. At this point I still have the same three cookies -- login, p, and user. 4. Log out of lycos. At this point I have the following cookies -- lycos_sso from lycosnetwork.com, lycos_sso from lycos.com, and CookieStatus from tripod.com. First two will expire at end of session, third is more permanent. 5. Close browser and reenter. Do not visit lycos yet. At this point I still have the tripod cookie and I also notice a double-click cookie named id. That's strange -- I didn't have it when I exited the browser and I haven't visited any sites since. Hmmm! 6. Go to lycos site. I am asked to login. No further cookies are set yet. 7. I log in. Get the same flock of cookies that I observed in step 1. If you are observing something different, please give step-by-step details of what you are doing and what cookies are set (use the cookie manager) after each step. Bottom line, however, is that this is working for me.
Comment 13•24 years ago
|
||
Because of the strange appearance of the double-click cookie in step 5, I decided to rerun the test. This time I also recorded exactly what cookies are getting set: 1. First time -- no cookies. After logging in I get the following cookies that expire at the end of the session: lycos.com/lycos_sso, lycos.com/lycos_test, lycosnetwork.com/lycos_sso, lycosnetwork.com/test and the following that live longer. lycos.com/LOGIN, lycos.com/P, lycos.com/USER 2. Close browser and reenter. Do not visit lycos yet. At this point I see three lycos cookies -- LOGIN, P, and USER. 3. Visit lycos. Am not asked to login, apparently because I already had a login cookie. Instead I am automatically logged in. At this point I still have the same three cookies -- LOGIN, P, and USER. 4. Log out of lycos. At this point I have the following cookies set to expire at end of session lycos.com/lycos_sso, lycosnetwork.com/lycos_sso and the following one which will live longer tripod.com/CookieStatus 5. Close browser and reenter. Do not visit lycos yet. At this point I still have the tripod cookie and I also notice a double-click cookie named id. NOW HOW IS THAT POSSIBLE???? Both cookies are set to live beyond the end of the session, the doubleclick one going way out to the year 2030. 6. Go to lycos site. I am asked to login. No further cookies are set yet. 7. I log in. Get the same flock of cookies that I observed in step 1. Also the tripod and doubleclick cookies are there as well (they were not there in step 1). So I got the same results as in my previous test. Can't explain where that doubleclick cookie is coming from since it wasn't present when I shut down the browser in step 5 but suddenly appeared when I reentered browser later in that same step. That shouldn't be possible!
Reporter | ||
Comment 14•24 years ago
|
||
I just deleted all my terra lycos cookies lycos.com quote.com terra.com (and verious national versions) tripod.com and tried to go to my.lycos.com It bounces me to http://my.lycos.com/h/infosimple.asp?c=1 When I try to log in by extering my username and password, it hangs. HOWEVER when I create a new user (bananafood1234 password banana) it works fine. This suggests that John Anguish is correct when he says that the problem is cookie size. My account, which is highly personalised, presumably has more cookie information than the fresh bananafood1234 account. Personalising Morse's account, perhaps using another browser, may get it to exhibit the hang. Or perhaps John has a synthetic account that hangs that Morse could use.
Comment 15•24 years ago
|
||
Here is an account on the verge of not working: Username: johnny_net6 P@$$W0RD: holliston You should currently be able to log in with this account. Once you're logged in, Click the "Add" link in the My Page Setup box. This will take you to a page that will allow you to add components to your page. Add one or two components to your page by clicking the checkbox and then click the "I'm Done" button. This will add the components to your page and take you back to My Lycos. Now click the "Log Out" link next to where it says "Welcome, Johnny". Now attempt to log in again. It should hang.
Comment 16•24 years ago
|
||
Is this going to be a one-time test -- i.e., once I use the above account and get the hang, I can't use it again to re-reproduce the problem? If so, then you'll need to create a bunch of these accounts for me to play with because I'm certainly going to have to make several iterations before seeing what the problem is.
Comment 17•24 years ago
|
||
Oops. forgot the undo process. The easiest way to undo this is to log in to that account with a different browser (Netscape 4.7 or IR-egads!) and remove however many components you added. Just to be sure, log in and out with the other browser every time you do this.
Comment 18•24 years ago
|
||
Well it's not a cookie problem. I set a breakpoint in the cookie module and it is never getting called. Furthermore, I put a print statement at the point that the response headers are getting set (in nsHTTPResponse.cpp). The last response header is getting butchered. In particular, here are the last few headers that are being reported (first entry is the header name and the second is the value: <set-cookie> <P=LYSHOP=6%2C8%2C12%2C15%2C16&FRAC=1&COOKIEUPDATE=11%2F20%2F2000+5%3A14%3A14 +PM&STOCKSFIELDS=b%2Cc%2Cl%2Cd&C=EM%2CCN1%2CSRH%2CCO%2CSP%2CWG%2CAN%2CCH%2CMB %2CERIC%2CTR%2CLO%2CLD%2CQCIPO%2CWS%2CRM%2CSPNE%2CABBY%2CCC%2CAG%2CLT%2CAU%2C FL%2CSH%2C%3AWE%2CNE%2CHO%2CSE%2CGM%2CRR%2CTV%2CQCNC%2CPF%2CYP%2CCG%2CTM%2C%7 C%3A; expires=Tue, 31-Dec-2002 05:00:00 GMT; domain=.lycos.com;path=/> <set-cookie> <SSO=1; expires=Tue, 31-Dec-2002 05:00:00 GMT; doHTTP/1.1 100 Continue> <http/1.1> <100 Continue> <http/1.1> <100 Continue> It appears that some characters got lost in the final set-cookie header (right after the "do" of "domain") and after that the parser was unable to recover. I looked up the stack to see how far back the error existed and it was in the ParseHTTPHeader method of nsHTTPResponseListener.cpp -- the value being set for mHeaderBuffer in that routine is already bad. Furthermore, the example login of johnny_net6 fails for me, even if I remove several entries. Yet that was working for the reporter. So the point of failure is not dependent on an absolute cookie size (as reported in this bug report) but rather that critical cookie size will differ on different machines. This is further evidence that this is a transmission problem.
Comment 19•24 years ago
|
||
This bug might be a dup of bug 58261.
Comment 20•24 years ago
|
||
Here's what is going on. The ReadSegment method in nsPipe2.cpp reads in a buffer full of traffic and then dispenses it one line at a time until there are no more lines left in the buffer. Normally all the http response headers fits into the buffer, so all the headers (one header is one line) can be extracted without the need for refilling the buffer. However if the response headers are too large to all fit into the buffer at the same time, the buffer will eventually need to be refilled. The refill operation occurs when there is nothing left in the buffer. However it should also occur if what is left in the buffer is only a partial line (i.e., does not contain a line-feed). The attached patch rectifies this problem. This might not be the best way to fix the problem so I welcome suggestions for a better patch.
Comment 21•24 years ago
|
||
Comment 22•24 years ago
|
||
Gagan, could you please code review the above patch. Thanks.
Comment 23•24 years ago
|
||
You are adding special cases in the pipe code for a |writer|. A great amount of work was done to abstrace this out. There should be no check in ReadSegment for either the length of the closure or some "magic" char at some n location. The length of the closure should be returned in the writeCount parameter from the writer(). wrt the check at length-1 of the closure. I guess with the context now about opqueing the data that is actually flowing, it is obvious your check is just evil. Kind of a mute point now, but why would not call str->Length() twice? Cache the return val. and save yourself a few instructions. I could not reproduce this problem with a build from a few weeks ago. If I could I would have dug deeper into what the cause could have been. I was guessing that a problem could be in the nsHTTPServerListener. Maybe it is not watching the LF stuff as well as it should (Just a guess)?
Comment 24•24 years ago
|
||
Doug, have you tested using my.lycos.com and login of (johnny_net6, holliston)? This is definitely failing. As I mentioned, my patch might not be the best way to go because I don't have as deep a knowledge of this section of code as you do. But my analysis of the problem is accurate -- we are getting out of synch when the http response doesn't fit into the buffer such that the last line in the buffer is incomplete.
Comment 25•24 years ago
|
||
Rick Potts needs to look into this as he's closest to pipes now. The special check in the pipe code doesn't seem right though.
Assignee: gagan → rpotts
Comment 26•24 years ago
|
||
Let me repeat -- I'm not saying that my patch is the right thing to do. But I am saying that my analysis of why it is failing is correct and that the fact that my patch stops the failure proves it. So if my patch is not the right way to fix it, then what is?
Comment 27•24 years ago
|
||
Steve, we need to figure out why you get into this condition first. When we know that, the fix should be obvious. Did you take a look at the nsHTTPServerListener? If you want to stop by today and show me how to reproduce this, I can help you investigate this further.
Comment 28•24 years ago
|
||
Yes, I did look at the nsHTTPServerListener. See my comment of 11-20 in which I said: I looked up the stack to see how far back the error existed and it was in the ParseHTTPHeader method of nsHTTPResponseListener.cpp -- the value being set for mHeaderBuffer in that routine is already bad. Then on 11-21 I figured out why that was happening and explained that in my next posting. The thing that got me into this bad condition was an http response that was too large to fit in the buffer that had been allocated for it. I'll be available to work with you on this anytime today.
Comment 29•24 years ago
|
||
Oops, I see that you were referring to nsHTTPServerListener and I was talking about nsHTTPResponseListener. I got confused for a second. No, I didn't look at nsHTTPServerListener.
Comment 30•24 years ago
|
||
This is a pretty serious bug so I'm surprised that it's marked "future". Affects all websites that return a large http response. Rick Potts, have you had a chance to look at this yet?
Comment 31•24 years ago
|
||
Looks like gagan futured it on 9-12, no doubt because it wasn't going to make Netscape 6. Setting mozilla0.8 milestone keyword, clearing TM (since rpotts has not had a chance to target it). /be
Keywords: mozilla0.8
Target Milestone: Future → ---
Comment 33•24 years ago
|
||
A while back stream (pipe) code was smacked pretty good. Alot of the logic was moved from the pipe caller to the |writer| functions. The http server response listener use to just read all of the aval data on the stream. Now it reads only complete lines ending with a LF. There are times, as this bug points out, that the |writer| function can not complete a write without futher data. (The response from the server so long (> 4k) that it the |writer| function runs out of date on the input stream.) The trailing LF is in the next 4k window. To fix this problem without bastardizing the abstraction, the |writer| needs to return some error which tells the pipe implemention that more data is required on the input stream inorder to complete the write. Attached will be a fix for this bug. Morse et. al, please verify that it does indeed fix things. Gagan, please review.
Comment 34•24 years ago
|
||
Comment 35•24 years ago
|
||
Where is NS_BASE_STREAM_INCOMPLETE_OPERATION defined, and what exactly does it mean? If it's new, its definition is not included in the patch. But really, if it is new, can we avoid it altogether, by using NS_BASE_STREAM_WOULD_BLOCK for the early return you added to nsWriteLineToString and returning NS_OK; at the end? From nsPipe2.cpp, I do not understand why any writer implementation should return NS_BASE_STREAM_WOULD_BLOCK after consuming the data handed to it in the readBuffer. /be
Comment 36•24 years ago
|
||
By adding the following line to xpcom/base/nsError.h, I was able to get the patch to compile: #define NS_BASE_STREAM_INCOMPLETE_OPERATION NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_BASE, 8) Having done so, I ran the test and was able to log on to my.lycos.com using the indicated username/password. But after being at the site for about half a minute, the system suddenly crashed. Below is the stack trace. I don't know yet if this is related to the patch or not. NTDLL! 77f76274() il_delete_container(il_container_struct * 0x052df950) line 647 + 42 bytes IL_NetRequestDone(il_container_struct * 0x052df950, ilIURL * 0x052d7030, int 0) line 1179 + 9 bytes NetReaderImpl::NetRequestDone(NetReaderImpl * const 0x044df550, ilIURL * 0x052d7030, int 0) line 139 + 20 bytes ImageConsumer::OnStopRequest(ImageConsumer * const 0x04477480, nsIChannel * 0x050500b0, nsISupports * 0x00000000, unsigned int 0, const unsigned short * 0x100a9bc0 gCommonEmptyBuffer) line 551 nsDocumentOpenInfo::OnStopRequest(nsDocumentOpenInfo * const 0x05053cd0, nsIChannel * 0x050500b0, nsISupports * 0x00000000, unsigned int 0, const unsigned short * 0x100a9bc0 gCommonEmptyBuffer) line 277 nsHTTPFinalListener::OnStopRequest(nsHTTPFinalListener * const 0x05053c70, nsIChannel * 0x050500b0, nsISupports * 0x00000000, unsigned int 0, const unsigned short * 0x100a9bc0 gCommonEmptyBuffer) line 1166 + 42 bytes InterceptStreamListener::OnStopRequest(InterceptStreamListener * const 0x05770da0, nsIChannel * 0x050500b0, nsISupports * 0x00000000, unsigned int 0, const unsigned short * 0x100a9bc0 gCommonEmptyBuffer) line 1212 nsHTTPChannel::ResponseCompleted(nsIStreamListener * 0x05770da0, unsigned int 0, const unsigned short * 0x100a9bc0 gCommonEmptyBuffer) line 1923 + 42 bytes nsHTTPServerListener::OnStopRequest(nsHTTPServerListener * const 0x0576d350, nsIChannel * 0x0576c614, nsISupports * 0x050500b0, unsigned int 0, const unsigned short * 0x100a9bc0 gCommonEmptyBuffer) line 730 nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x052db550) line 300 + 46 bytes nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x052db560) line 92 + 12 bytes PL_HandleEvent(PLEvent * 0x052db560) line 576 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00ada390) line 509 + 9 bytes _md_EventReceiverProc(HWND__ * 0x002c0880, unsigned int 49376, unsigned int 0, long 11379600) line 1054 + 9 bytes USER32! 77e71268() 00ada390()
Comment 37•24 years ago
|
||
The crash occurred on the following PR_ASSERT statement at line 647 in ilclient.cpp: PR_ASSERT(ic->clients == NULL); and indeed ic->clients is not null at this point.
Comment 38•24 years ago
|
||
Crash is reproducible. Furthermore, the page never finishes loading (at least the throbber doesn't quiet down).
Comment 39•24 years ago
|
||
Looking one level up the stack (into IL_NetRequestDone) at the time of the crash, I see that ic->state is equal to IC_ABORT_PENDING. That doesn't seem right. Is it?
Comment 40•24 years ago
|
||
Morse, wierd! I am seeing that assert too. Although I only hit my changes in my diffs once. I will have to investigate it further tomorrow. Brendan, |writer|'s only return NS_OK if they consume all the data. This writer does not and only does work line-by-line. Since the writer now controls processing (eg. it does not just consume everything on the pipe) , it needs some way to indicate the condition when all data is not consumed because the writer was expecting more. The two current states: 1. All data consumed. Status code: NS_OK 2. Not all data consumed. Status code: NS_BASE_STREAM_WOULD_BLOCK My proposed state 3. Not all data consumed because more data is needed: NS_BASE_STREAM_INCOMPLETE_OPERATION. I am not sure if it is the right name for such a status code. Basically what it allows you to do is shift the window in the pipe so that you can write data and immediately refill. Is better? NS_BASE_STREAM_REFILL_NEEDED? Sorry that I did not include the xpcom diff. It is basically what steve suggested plus a comment. I will attach it for completeness.
Comment 41•24 years ago
|
||
Comment 42•24 years ago
|
||
hmm, I'm confused here. why should HTTP's special (requiring LFs before continuing) handling of data change the pipe impl? If it needs more data to continue, more data should be on it's way (otherwise we should treat the response as incomplete and fail the HTTP transaction).
Comment 43•24 years ago
|
||
Because there is a state that the pipe logic did not handle which required me to add this new error/status code. The problem is that there is no way that the |writer| method can write data (which pushes the window in the pipe forward) and force a (re-)FILL. Why do we need to do this??? So, say that you want to read until you receive a complete line (like the http stuff does). Everything works until a line crosses over the 4k pipe buffer. Now, in order for your writer function to complete a line, the pipe needs to be refilled (cause the LF is in the next 4k blob) Ok, what can you do? Returning zero byte written caused the pipe window not to advance. There are only two error codes that you can return: NS_OK which will spit you out of ReadSegments, and NS_...BLOCK which will make you continue to re-read the same section. There is no combo of byte written and error code what will allow you to write bytes and force a refill on the pipe. If you look at the flow in the pipe code, you will see that if any sucessful write happens, the control will return to the caller of ReadSegments().
Comment 44•24 years ago
|
||
I'm not buying this yet. Please bear with me here: First, the nsWriteLineToString function should return NS_OK if it consumed all of the input readBuffer (fromRawSegment parameter). The final return could look like this: return (count < 0) ? NS_OK : NS_BASE_STREAM_WOULD_BLOCK; I hope we can agree on this much. But there's something wrong with nsPipe::nsPipeInputStream::ReadSegments, IMHO: it blows past both a zero writeCount result (which should be asserted against, because any writer that can't write any bytes should return ...WOULD_BLOCK); and it expects out params to be valid after a failure return code, ...WOULD_BLOCK. This is unnecessary and violates the rules of XPCOM. What should happen: a "short write" should not return ...WOULD_BLOCK, it should return NS_OK and a writeCount < *readCount. That condition, not ...WOULD_BLOCK, should imply the current Fill logic. Then, ...WOULD_BLOCK can be used as HTTP needs to use it in this LF-out-of-window case, and we don't need a new error code. I'm attaching a patch. /be
Comment 45•24 years ago
|
||
Whoops! I didn't notice that nsWriteLineToString's count argument is PRUint32. The amended return statement I wrote assumed it was PRInt32, but that was a straw man to show how NS_BASE_STREAM_WOULD_BLOCK is being abused as a success code (implying valid out params). Anyway, patch soon. /be
Comment 46•24 years ago
|
||
I think that I understand what you are saying, but how does your solution handle the case when all data was writen but more is needed before ReadSegments returns?
Comment 47•24 years ago
|
||
I think I'm agreeing with Jud's last comment (2000-12-06 09:25). In the case where HTTP is accumulating an nsCString till LF, but has not seen an LF yet, why won't the pipe fill up eventually with the TCP segment that contains that LF? Is the problem that the "writer" function in ReadSegments doesn't free pipe buffer space for a subsequent TCP segment to fill, by invoking another ReadSegments via nsPipe::nsPipeOutputStream::WriteFrom => ...::WriteSegments => nsReadFromInputStream => Read => ReadSegments? Can anyone debug the failing situation and say where the later TCP segment, the one with the LF, is in memory, and why it didn't get passed into ReadSegments again? /be
Assignee | ||
Comment 48•24 years ago
|
||
HTTP headers can span multiple lines. nsHTTPServerListener::ParseHTTPHeader handles this case. It should therefore be very close to being able to handle the case when a header spans multiple pipe segments. Because of this, I would prefer to try to fix this in HTTP. In fact, as I look at the code, it seems like HTTP does try to handle the case of a header spanning multiple pipe segments. Perhaps, it did at one time work. Also, ReadSegments is a low-level API. It gives you access to the pipe's data segments. Currently, we require a consumer to empty a segment before moving on to the next segment. Why change this? Doug suggested that we give the consumer some way of forcing a re-FILL of the pipe segment, but this would require an extra memcpy. That is, the pipe implementation would have to copy (or move) the memory from the existing segment to the start of the new segment. HTTP is already doing a memcpy (when it gets data out of the segment) just to be able to parse the HTTP header, so why add the additional memcpy? At first, I was not happy with nsWriteLineToString returning WOULD_BLOCK. This seemed wrong to me because there is no i/o that would block. But, I understand that it is used to force the pipe to only call nsWriteLineToString once. Whereas, if it returned NS_OK, the pipe would repeatedly call it until all data in the segment (as well as all data in the remaining segments) was consumed. Since HTTP does not want to buffer up all of the headers before parsing them, it can't have nsWriteLineToString return NS_OK. When I get a chance, I want to try to put together a patch to fix HTTP. Like I said above, the code is in place, but it is buggy... let's just fix it.
Comment 49•24 years ago
|
||
I do not think that we ever allowed a consumer to not empty a segment before moving on to the next segment. A consumer needs to finish all data that is handed to him before a refill occurs. This can be thought as an optimization to avoid many memcpy's. Well, if you think that the proper fix should be in http, than you will have to mantain a buffer and state for incomplete reads. I tend to think that this is worse than an additional memcpy that you mentioned.
Assignee | ||
Comment 50•24 years ago
|
||
My point was that HTTP already maintains an additional buffer. HTTP has to maintain a separate buffer in order to handle long headers. That is, it needs to have the entire header in a single buffer. Currently, HTTP gives up if that buffer grows above 60k (assumes this to correspond to an evil server). The problem with using the pipe's segment as this buffer is that the pipe segment is not large enough (4k right?), so I don't see how HTTP can avoid maintaining a separate header buffer. Keep in mind that in most cases, the HTTP header buffer is going to be small... < 80 bytes. My patch for this makes nsWriteLineToString return NS_OK if it has not found a LF in the remaining portion of the segment. I haven't tested it yet, but I believe this should work. Afterall, if it returns NS_OK, then the pipe implementation will call me back with the next segment. If there is not a next segment, then ParseHTTPHeader will have to wait until the next OnDataAvailable, which it already knows how to do.
Comment 51•24 years ago
|
||
I'm with darin as far as http needing a buffer in which to accumulate very long integral protocol strings goes, but nsPipe::nsPipeInputStream::ReadSegments is still busted. I'll cough up a patch as soon as I can. /be
Assignee | ||
Comment 52•24 years ago
|
||
Assignee | ||
Comment 53•24 years ago
|
||
The patch I just attached seems to fix the HTTP headers problem. The assertion in imagelib is still showing up though. Assertion failure: ic->clients == NULL, at ilclient.cpp:647 I think that this might be a different problem all together. Pam may know best what is going on here. If it is a different problem then we should really open up a new bug.
Comment 54•24 years ago
|
||
I wouldn't conclude so quickly that it is a different problem. Although my patch violates the abstraction that we want to preserve for pipe's, it does allow the site to come up without any assertion. That suggests that there might be something in the way you are fixing the problem that is causing the assertion.
Assignee | ||
Comment 55•24 years ago
|
||
I would agree... except that the assertion was not reached until I closed the window. It had already finished loading by this time. I will give it another try though just to make sure that it never happens while the page is still loading. Then I think we could conclude that these are separate problems.
Comment 56•24 years ago
|
||
But that can be explained by the fact that what was loaded was incorrect due to the way the patch is handling crossing over buffer boundaries.
Comment 57•24 years ago
|
||
I have to retract something that I said. I just tested out my patch again and it turns out that it asserts and crashes same as the other patches presented here. It takes a while for the page to finish loading and the crash to occur, so I guess I just didn't wait long enough when I tried it before.
Assignee | ||
Comment 58•24 years ago
|
||
I get the crash in NS6 as well, provided the cookies are already set using a patched mozilla. This is not conclusive, but it does suggest that this crash might be another bug altogether. So, I'd like to get my patch checked in, and then open up a new bug for the crash. Can I get a review on the patch? I've noticed the crash in two different cases: 1) after resizing the window, and 2) after closing the window.
Comment 59•24 years ago
|
||
I would now agree that the crash sounds like a different bug altogether. As far as when you get it, I get it consistently when the page finishes loading (as indicated by the throbber), which takes a long time. Coult it be that your page didn't finish loading at the time you tried your other activities (resizing window, closing window) in which case you simply aborted the loading causing the loading-done handlers to fire.
Assignee | ||
Comment 60•24 years ago
|
||
Sounds likely... I also noticed that all HTTP network activity had long since stopped. So whatever is keeping the throbber going it is most likely not something having to do with HTTP (although HTTP could still be involved, since data could very well be coming from the cache instead of the net).
Assignee | ||
Comment 61•24 years ago
|
||
r=dougt (according to him) on the 12/7 patch.
Comment 62•24 years ago
|
||
sr=mscott for Darin's 12/7 patch.
Assignee | ||
Comment 63•24 years ago
|
||
Landed 12/7 patch on the trunk.
Assignee | ||
Comment 64•24 years ago
|
||
marking this bug fixed... i opened up bug 62881 for the imagelib fatal assertion.
Updated•24 years ago
|
Component: Cookies → Networking
Comment 65•24 years ago
|
||
I am not sure how this got assigned to me and reopened...
Assignee: dougt → darin
Comment 66•24 years ago
|
||
doug, I assigned it to you on 12-5 at your request. Looks like you never reassigned it to darin when he took it over. Furthermore, looks like darin never marked it fixed although he said he was doing so on 12-14.
Assignee | ||
Comment 67•24 years ago
|
||
my mistake... the changes did land on the trunk. marking FIXED (for real this time).
Status: NEW → RESOLVED
Closed: 24 years ago → 24 years ago
Resolution: --- → FIXED
Updated•24 years ago
|
Keywords: mozilla0.8
You need to log in
before you can comment on or make changes to this bug.
Description
•