Closed Bug 591567 Opened 15 years ago Closed 15 years ago

Null-pointer deref leading to crash [@ nsTArray_base] when serializing nsHttpResponseHead

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 590121

People

(Reporter: cjones, Unassigned)

References

(
URL
)

Details

STR: (1) Navigate to http://bugzilla.mozilla.org. Repro'd this 3/3 times. ==3334== Invalid read of size 8 ==3334== at 0x6356A34: nsTArray_base::Length() const (nsTArray.h:66) ==3334== by 0x795CB4C: IPC::ParamTraits<nsTArray<nsHttpHeaderArray::nsEntry> >::Write(IPC::Message*, nsTArray<nsHttpHeaderArray::nsEntry> const&) (IPCMessageUtils.h:256) ==3334== by 0x795B395: void IPC::WriteParam<nsTArray<nsHttpHeaderArray::nsEntry> >(IPC::Message*, nsTArray<nsHttpHeaderArray::nsEntry> const&) (ipc_message_utils.h:124) ==3334== by 0x795B8F3: IPC::ParamTraits<nsHttpHeaderArray>::Write(IPC::Message*, nsHttpHeaderArray const&) (PHttpChannelParams.h:149) ==3334== by 0x795B3BA: void IPC::WriteParam<nsHttpHeaderArray>(IPC::Message*, nsHttpHeaderArray const&) (ipc_message_utils.h:124) ==3334== by 0x795B918: IPC::ParamTraits<nsHttpResponseHead>::Write(IPC::Message*, nsHttpResponseHead const&) (PHttpChannelParams.h:168) ==3334== by 0x795B483: void IPC::WriteParam<nsHttpResponseHead>(IPC::Message*, nsHttpResponseHead const&) (ipc_message_utils.h:124) ==3334== by 0x795C83E: void mozilla::net::PHttpChannelParent::Write<nsHttpResponseHead>(nsHttpResponseHead const&, IPC::Message*) (PHttpChannelParent.h:245) ==3334== by 0x7958D51: mozilla::net::PHttpChannelParent::SendRedirect1Begin(mozilla::net::PHttpChannelParent*, IPC::URI const&, unsigned int const&, nsHttpResponseHead const&) (PHttpChannelParent.cpp:229) ==3334== by 0x64D7152: mozilla::net::HttpChannelParentListener::AsyncOnChannelRedirect(nsIChannel*, nsIChannel*, unsigned int, nsIAsyncVerifyRedirectCallback*) (HttpChannelParentListener.cpp:227) ==3334== by 0x63A8F1D: nsAsyncRedirectVerifyHelper::DelegateOnChannelRedirect(nsIChannelEventSink*, nsIChannel*, nsIChannel*, unsigned int) (nsAsyncRedirectVerifyHelper.cpp:180) ==3334== by 0x63A9447: nsAsyncRedirectVerifyHelper::Run() (nsAsyncRedirectVerifyHelper.cpp:274)
tracking-fennec: --- → ?
This looks very similar to bug 591567.
Whiteboard: DUPEME
bug 590121
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
tracking-fennec: ? → ---
Whiteboard: DUPEME
You need to log in before you can comment on or make changes to this bug.