The default bug view has changed. See this FAQ.

crash [@ nsWebSocketEstablishedConnection::ConsoleError]

VERIFIED FIXED in Firefox 6

Status

()

Core
Networking: WebSockets
--
critical
VERIFIED FIXED
6 years ago
6 years ago

People

(Reporter: nhirata, Assigned: jdm)

Tracking

({crash, verified-aurora, verified-beta})

Trunk
mozilla6
ARM
Android
crash, verified-aurora, verified-beta
Points:
---

Firefox Tracking Flags

(firefox6 fixed, fennec6+)

Details

(crash signature)

Attachments

(1 attachment)

This bug was filed from the Socorro interface and is 
report bp-0a0cd71d-c32e-4880-bc7a-f16a12110610 .
============================================================= 
Frame 	Module 	Signature [Expand] 	Source
0 	libxul.so 	nsWebSocketEstablishedConnection::ConsoleError 	content/base/src/nsWebSocket.cpp:399
1 	libxul.so 	nsWebSocketEstablishedConnection::FailConnection 	content/base/src/nsWebSocket.cpp:428
2 	libxul.so 	nsWebSocket::Close 	content/base/src/nsWebSocket.cpp:1304
3 	libxul.so 	nsIWebSocket_Close 	obj-firefox/js/src/xpconnect/src/dom_quickstubs.cpp:27806
4 	libxul.so 	js::Interpret 	js/src/jsinterp.cpp:4678
5 	libxul.so 	js::Invoke 	js/src/jsinterp.cpp:613
6 	libxul.so 	js::ExternalInvoke 	js/src/jsinterp.cpp:816
7 	libxul.so 	JS_CallFunctionValue 	js/src/jsapi.cpp:5087
8 	libxul.so 	nsJSContext::CallEventHandler 	dom/base/nsJSEnvironment.cpp:1901
9 	libxul.so 	nsGlobalWindow::RunTimeout 	nsCOMPtr.h:888
10 	libxul.so 	nsGlobalWindow::TimerCallback 	dom/base/nsGlobalWindow.cpp:9585
11 	libxul.so 	nsTimerImpl::Fire 	xpcom/threads/nsTimerImpl.cpp:425
12 	libxul.so 	nsTimerEvent::Run 	nsAutoPtr.h:969
13 	libxul.so 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:618
14 	libxul.so 	NS_ProcessNextEvent_P 	obj-firefox/xpcom/build/nsThreadUtils.cpp:245
15 	libxul.so 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:134
16 	libxul.so 	mozilla::ipc::MessagePumpForChildProcess::Run 	ipc/glue/MessagePump.cpp:230
17 	libxul.so 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:219
18 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:511
19 	libxul.so 	nsBaseAppShell::Run 	widget/src/xpwidgets/nsBaseAppShell.cpp:191
20 	libxul.so 	XRE_RunAppShell 	toolkit/xre/nsEmbedFunctions.cpp:671
21 	libxul.so 	mozilla::ipc::MessagePumpForChildProcess::Run 	ipc/glue/MessagePump.cpp:222
22 	libxul.so 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:219
23 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:511
24 	libxul.so 	XRE_InitChildProcess 	toolkit/xre/nsEmbedFunctions.cpp:514
25 	libmozutils.so 	ChildProcessInit 	other-licenses/android/APKOpen.cpp:799
26 	plugin-container 	main 	ipc/app/MozillaRuntimeMainAndroid.cpp:69
27 	libc.so 	libc.so@0xd43a 

STR:
1. go to chat.mibbit.com
2. wait for it to finish loading
3. if you don't get the crash; hit reload

Expected: no crash
Actual: this crash and bug
Component: General → Networking: WebSockets
Product: Fennec → Core
QA Contact: general → networking.websockets
tracking-fennec: --- → ?
Mozilla/5.0 (Android; Linux armv71; rv7.0a1) Gecko/20110610 Firefox/7.0a1 Fennec/7.0a1
Device: Thunderbolt
OS: Android 2.2

bug 663468 also is related to this via the website.
(Assignee)

Comment 2

6 years ago
This will probably be hidden by bug 537787, but it would be good to figure out why this is crashing as-is.
(Assignee)

Updated

6 years ago
Assignee: nobody → josh
(Assignee)

Comment 3

6 years ago
Aha. Because we fail in ParseURL, the connection object is never initialized to non-null. Close, however, assumes it's non-null and happily derefences a null pointer.
(Assignee)

Comment 4

6 years ago
Created attachment 538585 [details] [diff] [review]
Avoid derefencing null connection pointer when closing a websocket.
(Assignee)

Updated

6 years ago
Attachment #538585 - Flags: review?(mcmanus)
Comment on attachment 538585 [details] [diff] [review]
Avoid derefencing null connection pointer when closing a websocket.

Review of attachment 538585 [details] [diff] [review]:
-----------------------------------------------------------------

thanks
Attachment #538585 - Flags: review?(mcmanus) → review+
(Assignee)

Updated

6 years ago
Keywords: checkin-needed
http://hg.mozilla.org/mozilla-central/rev/51e2db1a5567
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla7
Crash Signature: [@ nsWebSocketEstablishedConnection::ConsoleError]
Attachment #538585 - Flags: approval-mozilla-aurora?
I still see crashing coming into 6.0a2, but no more crashes coming into 7.0a1
(In reply to comment #7)
> I still see crashing coming into 6.0a2, but no more crashes coming into 7.0a1

Needed on mozilla-aurora. Seems safe, as it's been on trunk for a few days.

Comment 9

6 years ago
Comment on attachment 538585 [details] [diff] [review]
Avoid derefencing null connection pointer when closing a websocket.

Approved for mozilla-aurora
Attachment #538585 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
http://hg.mozilla.org/releases/mozilla-aurora/rev/10884b0d2970
Target Milestone: mozilla7 → mozilla6
tracking-fennec: ? → 6+
status-firefox6: --- → fixed

Comment 11

6 years ago
Verified fixed on Firefox 6 Beta 2: Mozilla /5.0 (Android;Linux armv7l;rv:6.0) Gecko/20110713 Firefox/6.0 Fennec/6.0

Device: LG Optimus 2X (Android 2.2)
Status: RESOLVED → VERIFIED
This can't be verified in Firefox 6 yet. We don't have the beta 3 build with the change.
Status: VERIFIED → RESOLVED
Last Resolved: 6 years ago6 years ago

Comment 13

6 years ago
Ok Kevin, I was testing this following the steps from description and I didn't got any crash, probably I should leave this one to someone else to verify after beta 3.
Andreea, in reviewing this I made a mistake. I saw that the patch was checked into Aurora and did not notice that the checkin date was a month prior. 

Visiting chat.mibbit.com did not crash

Mozilla/5.0 (Android; Linux armv7l; rv:8.0a1) Gecko/20110726 Firefox/8.0a1 Fennec/8.0a1 ID:20110726030825

Mozilla/5.0 (Android; Linux armv7l; rv:7.0a2) Gecko/20110726 Firefox/7.0a2 Fennec/7.0a2 ID:20110726042816
Status: RESOLVED → VERIFIED
Keywords: verified-aurora, verified-beta
You need to log in before you can comment on or make changes to this bug.