Closed
Bug 642291
Opened 15 years ago
Closed 15 years ago
crash [@ nsBufferedInputStream::Write] demos.mozilla.org motivational poster
Categories
(Firefox for Android Graveyard :: General, defect)
Tracking
(fennec2.0+)
VERIFIED
FIXED
| Tracking | Status | |
|---|---|---|
| fennec | 2.0+ | --- |
People
(Reporter: kbrosnan, Assigned: dougt)
References
()
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
2.45 KB,
patch
|
bent.mozilla
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-1421ee2d-0d70-4eca-992d-0fbef2110316 .
=============================================================
I crashed after entering text and then pressing submit caused the tab to crash.
|
Reporter | |
Updated•15 years ago
|
|
||
Comment 1•15 years ago
|
||
Relevant stack:
0 libxul.so nsBufferedInputStream::Write NeckoMessageUtils.h:229
1 libxul.so nsMultiplexInputStream::Write nsCOMPtr.h:492
2 libxul.so mozilla::net::PHttpChannelChild::SendAsyncOpen nsCOMPtr.h:492
3 libxul.so mozilla::net::HttpChannelChild::AsyncOpen nsCOMPtr.h:492
4 libxul.so nsXMLHttpRequest::Send content/base/src/nsXMLHttpRequest.cpp:2688
5 libxul.so nsIXMLHttpRequest_Send dom_quickstubs.cpp:25985
We're hitting:
>226 nsCOMPtr<nsIClassInfo> classInfo = do_QueryInterface(aParam.mStream);
>227 char cidStr[NSID_LENGTH];
>228 nsCID cid;
>229 nsresult rv = classInfo->GetClassIDNoAlloc(&cid);
where classInfo is null. That seems really bizarre to me; I was under the impression that every xpcom class needed an nsIClassInfo in order to be instantiated. Any thoughts, dwitte?
|
|
Reporter | |
Updated•15 years ago
|
blocking2.0: --- → ?
|
|
Reporter | |
Updated•15 years ago
|
blocking2.0: ? → ---
tracking-fennec: --- → ?
|
Assignee | |
Comment 2•15 years ago
|
||
##!!! ASSERTION: You can't dereference a NULL nsCOMPtr with operator->().: 'mRawPtr != 0', file ../../../dist/include/nsCOMPtr.h, line 819
==1132== Invalid read of size 8
==1132== at 0x5BB332D: IPC::ParamTraits<IPC::InputStream>::Write(IPC::Message*, IPC::InputStream const&) (NeckoMessageUtils.h:229)
==1132== by 0x5BB2C68: void IPC::WriteParam<IPC::InputStream>(IPC::Message*, IPC::InputStream const&) (ipc_message_utils.h:124)
==1132== by 0x5BB1D19: nsBufferedInputStream::Write(IPC::Message*) (nsBufferedStreams.cpp:523)
==1132== by 0x5BB33FF: IPC::ParamTraits<IPC::InputStream>::Write(IPC::Message*, IPC::InputStream const&) (NeckoMessageUtils.h:234)
==1132== by 0x7336D5A: void IPC::WriteParam<IPC::InputStream>(IPC::Message*, IPC::InputStream const&) (ipc_message_utils.h:124)
==1132== by 0x7336B0C: nsMultiplexInputStream::Write(IPC::Message*) (nsMultiplexInputStream.cpp:475)
==1132== by 0x5BB33FF: IPC::ParamTraits<IPC::InputStream>::Write(IPC::Message*, IPC::InputStream const&) (NeckoMessageUtils.h:234)
==1132== by 0x72D2BE9: void IPC::WriteParam<IPC::InputStream>(IPC::Message*, IPC::InputStream const&) (ipc_message_utils.h:124)
==1132== by 0x72D337E: void mozilla::net::PHttpChannelChild::Write<IPC::InputStream>(IPC::InputStream const&, IPC::Message*) (PHttpChannelChild.h:270)
==1132== by 0x72CF55D: mozilla::net::PHttpChannelChild::SendAsyncOpen(IPC::URI const&, IPC::URI const&, IPC::URI const&, IPC::URI const&, unsigned int const&, nsTArray<mozilla::net::RequestHeaderTuple, nsTArrayDefaultAllocator> const&, nsHttpAtom const&, IPC::InputStream const&, int const&, unsigned short const&, unsigned char const&, int const&, int const&, bool const&, unsigned long const&, nsCString const&, bool const&, nsCString const&) (PHttpChannelChild.cpp:86)
==1132== by 0x5CE3808: mozilla::net::HttpChannelChild::AsyncOpen(nsIStreamListener*, nsISupports*) (HttpChannelChild.cpp:971)
==1132== by 0x62BE894: nsXMLHttpRequest::Send(nsIVariant*) (nsXMLHttpRequest.cpp:2688)
==1132== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==1132==
Same thing.
|
|
Assignee | |
Comment 3•15 years ago
|
||
DataOwnerAdapter doesn't have a class info, i think. testing.
|
|
Assignee | |
Comment 4•15 years ago
|
||
Assignee: nobody → doug.turner
Attachment #520002 -
Flags: review?(jst)
|
|
||
Comment 5•15 years ago
|
||
Won't this just break sooner now? We unconditionally try to serialize any input stream, and since Write is infallible we just abort if we can't QI to nsIIPCSerializable.
|
|
Assignee | |
Comment 6•15 years ago
|
||
I don't think so?
I removed the interface that advertising that the object is serializable. So, here:
http://mxr.mozilla.org/mozilla-central/source/netwerk/ipc/NeckoMessageUtils.h#210
we enter this block of code, and serialize the stream to a string.
In the former case, we were jumping over that block and ending up here:
http://mxr.mozilla.org/mozilla-central/source/netwerk/ipc/NeckoMessageUtils.h#226
There was no classInfo on the object and dying.
I added a classInfo interface and implementation, but really wasn't sure what CID (read that, what specific implementation), I should say that this object is. It really is an internal class that doesn't need to be recreated in the other process.
|
||
Updated•15 years ago
|
tracking-fennec: ? → 2.0+
Comment on attachment 520002 [details] [diff] [review]
patch v.1
This patch looks fine, but it will mean that DOMFile can't be passed over IPC quickly. Nether dougt nor I can figure out if that ever worked, though.
Attachment #520002 -
Flags: review?(jst) → review+
|
|
Assignee | |
Comment 8•15 years ago
|
||
that can't be passed quickly doing this. right now all content is streamed from the parent to the child using a similar path. If this ever turns out to be a hot spot, we can optimize.
|
|
||
Comment 9•15 years ago
|
||
(In reply to comment #6)
> I don't think so?
>
> I removed the interface that advertising that the object is serializable. So,
> here:
>
> http://mxr.mozilla.org/mozilla-central/source/netwerk/ipc/NeckoMessageUtils.h#210
>
> we enter this block of code, and serialize the stream to a string.
>
>
>
> In the former case, we were jumping over that block and ending up here:
>
> http://mxr.mozilla.org/mozilla-central/source/netwerk/ipc/NeckoMessageUtils.h#226
>
> There was no classInfo on the object and dying.
>
> I added a classInfo interface and implementation, but really wasn't sure what
> CID (read that, what specific implementation), I should say that this object
> is. It really is an internal class that doesn't need to be recreated in the
> other process.
My mistake. I was recalling the original serialization that forbade any attempt to use non-IPC-kosher types.
|
|
Assignee | |
Comment 10•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/b853c6efa929
http://hg.mozilla.org/releases/mozilla-2.1/rev/8f5312936381
http://hg.mozilla.org/releases/mozilla-2.1/rev/c5caacf23a8e (tag)
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
|
||
Comment 11•15 years ago
|
||
verified FIXED on build:
Mozilla/5.0 (Android; Linux armv7l; rv:2.1) Gecko/20110318 Firefox/4.0b13pre Fennec/4.0 ID:20110318114419
Status: RESOLVED → VERIFIED
|
||
Comment 12•15 years ago
|
||
jdm: for the record, nsIClassInfo is optional in virtually all cases, although it does provide certain features.
|
||
Updated•15 years ago
|
Summary: crash [@ nsBufferedInputStream::Write] demos.mozilla.org motovational poster → crash [@ nsBufferedInputStream::Write] demos.mozilla.org motivational poster
|
||
Updated•14 years ago
|
Crash Signature: [@ nsBufferedInputStream::Write]
You need to log in
before you can comment on or make changes to this bug.
Description
•