Closed Bug 666637 Opened 14 years ago Closed 9 years ago

Firefox Crash in nsSocketOutputStream::Write

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1222933

People

(Reporter: marcia, Unassigned)

References

Details

(Keywords: crash, Whiteboard: [necko-backlog])

Crash Data

Seen across all versions. https://crash-stats.mozilla.com/report/list?signature=PR_Write to the reports. Currently #58 top crash on the FF 5 release. Correlation reports shows some correlation to the Yandex bar: 43% (49/115) vs. 5% (5161/114256) yasearch@yandex.ru (Yandex.Bar, https://addons.mozilla.org/addon/3495) 64% (74/115) vs. 27% (30627/114256) jqs@sun.com (Java Quick Starter, http://java.sun.com/javase/downloads/) 20% (23/115) vs. 3% (3674/114256) {37964A3C-4EE8-47b1-8321-34DE2C39BA4D} 12% (14/115) vs. 2% (2403/114256) {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} (Download Statusbar, https://addons.mozilla.org/addon/26) 7% (8/115) vs. 0% (542/114256) dmremote@westbyte.com 7% (8/115) vs. 1% (615/114256) {54BB9F3F-07E5-486c-9B39-C7398B99391C} (Text Link, https://addons.mozilla.org/addon/1939) 7% (8/115) vs. 1% (619/114256) dmpluginff@westbyte.com 7% (8/115) vs. 1% (643/114256) dmbarff@westbyte.com 7% (8/115) vs. 1% (847/114256) elemhidehelper@adblockplus.org (Adblock Plus: Element Hiding Helper, https://addons.mozilla.org/addon/4364) 6% (7/115) vs. 0% (391/114256) {6236BA26-C117-4007-928C-DE0716C7FA58} 6% (7/115) vs. 0% (474/114256) {6236BA26-C117-4007-928C-DE0716C7FA78} (Chameleon Bob: layouts for Facebook, https://addons.mozilla.org/addon/11584) 6% (7/115) vs. 0% (484/114256) {6236BA26-C117-4007-928C-DE0716C7FA68} (Express Tab, https://addons.mozilla.org/addon/14584) 6% (7/115) vs. 0% (491/114256) {6236BA26-C117-4007-928C-DE0716C7FA48} 6% (7/115) vs. 0% (509/114256) {6236BA26-C117-4007-928C-DE0716C7FA38} 7% (8/115) vs. 1% (1667/114256) {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} (FlashGot, https://addons.mozilla.org/addon/220) 8% (9/115) vs. 2% (2666/114256) {e4a8a97b-f2ed-450b-b12d-ee082ba24781} (Greasemonkey, https://addons.mozilla.org/addon/748) https://crash-stats.mozilla.com/report/index/1d32ec2f-e422-4e06-a2c7-3917a2110623 rame Module Signature [Expand] Source 0 nspr4.dll PR_Write nsprpub/pr/src/io/priometh.c:146 1 nspr4.dll PR_Write nsprpub/pr/src/io/priometh.c:146 2 ntdll.dll ExecuteHandler2@20 3 xul.dll nsSocketOutputStream::Write netwerk/base/src/nsSocketTransport2.cpp:576 4 xul.dll nsHttpConnection::OnReadSegment netwerk/protocol/http/nsHttpConnection.cpp:557 5 xul.dll nsHttpTransaction::ReadRequestSegment netwerk/protocol/http/nsHttpTransaction.cpp:444 6 xul.dll nsStringInputStream::ReadSegments xpcom/io/nsStringStream.cpp:284 7 xul.dll nsHttpTransaction::ReadSegments netwerk/protocol/http/nsHttpTransaction.cpp:469 8 xul.dll nsHttpConnection::OnSocketWritable netwerk/protocol/http/nsHttpConnection.cpp:593 9 xul.dll nsHttpConnection::OnOutputStreamReady netwerk/protocol/http/nsHttpConnection.cpp:805 10 xul.dll nsSocketOutputStream::OnSocketReady netwerk/base/src/nsSocketTransport2.cpp:515 11 xul.dll nsSocketTransport::OnSocketReady netwerk/base/src/nsSocketTransport2.cpp:1588 12 xul.dll nsSocketTransportService::DoPollIteration netwerk/base/src/nsSocketTransportService2.cpp:682 13 xul.dll nsSocketTransportService::OnProcessNextEvent netwerk/base/src/nsSocketTransportService2.cpp:543 14 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:582 15 winmm.dll timeGetTime 16 xul.dll NS_ProcessPendingEvents_P obj-firefox/xpcom/build/nsThreadUtils.cpp:200 17 nspr4.dll nspr4.dll@0x1b3af 18 xul.dll nsSocketTransportService::Run netwerk/base/src/nsSocketTransportService2.cpp:583 19 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:618 20 xul.dll nsRunnable::Release obj-firefox/xpcom/build/nsThreadUtils.cpp:55 21 nspr4.dll _PR_NativeRunThread nsprpub/pr/src/threads/combined/pruthr.c:426 22 nspr4.dll pr_root nsprpub/pr/src/md/windows/w95thred.c:122 23 mozcrt19.dll _callthreadstartex obj-firefox/memory/jemalloc/crtsrc/threadex.c:348 24 mozcrt19.dll _threadstartex obj-firefox/memory/jemalloc/crtsrc/threadex.c:326 25 kernel32.dll BaseThreadStart
Component: Networking → Networking: HTTP
QA Contact: networking → networking.http
Looking at crash-stats for crashes just in PR_Write many of them don't involve networking so I think this is better filed under NSPR. I see crashes when writing out the prefs file as well as the update.status file during startup for example. Marcia, would you mind if I moved this over to NSPR?
Assignee: nobody → wtc
Group: core-security
Component: Networking: HTTP → NSPR
Product: Core → NSPR
QA Contact: networking.http → nspr
Version: 5 Branch → 4.8.7
Group: core-security
Also seeing this @ SetStatusApplying during startup http://hg.mozilla.org/releases/mozilla-2.0/annotate/fca718600ca0/toolkit/xre/nsUpdateDriver.cpp#l221
Summary: Firefox Crash @ PR_Write → Firefox Crash @ PR_Write (also @ SetStatusApplying where it calls PR_Write)
Summary: Firefox Crash @ PR_Write (also @ SetStatusApplying where it calls PR_Write) → Firefox Crash @ PR_Write (also @ @0xea90ee5 in SetStatusApplying where it calls PR_Write)
Depends on: 716345
Crash Signature: [@ PR_Write ] → [@ PR_Write ] [@ PR_Write | nsSocketOutputStream::Write(char const*, unsigned int, unsigned int*)]
Assignee: wtc → nobody
Component: NSPR → Networking
Product: NSPR → Core
QA Contact: nspr → networking
Summary: Firefox Crash @ PR_Write (also @ @0xea90ee5 in SetStatusApplying where it calls PR_Write) → Firefox Crash in nsSocketOutputStream::Write
Version: 4.8.7 → unspecified
From the cache code I suspect PR_Write with buffer=null and count=0 causes the crash. One would expect in case of count=0, not access the buffer at all.
Crash Signature: [@ PR_Write ] [@ PR_Write | nsSocketOutputStream::Write(char const*, unsigned int, unsigned int*)] → [@ PR_Write ] [@ PR_Write | nsSocketOutputStream::Write(char const*, unsigned int, unsigned int*)] [@ PR_Write | nsSocketOutputStream::Write]
Whiteboard: [necko-backlog]
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.