Note: There are a few cases of duplicates in user autocompletion which are being worked on.

Status

()

Core
Networking: HTTP
--
critical
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: mcmanus, Assigned: mcmanus)

Tracking

({crash})

11 Branch
mozilla11
crash
Points:
---

Firefox Tracking Flags

(firefox8 unaffected, firefox9 unaffected, firefox10 unaffected)

Details

(crash signature)

Attachments

(1 attachment)

(Assignee)

Description

6 years ago
from socorro
ID: be35d598-4240-420c-9eb5-2ea142111205
Signature: nsHttpConnectionMgr::nsHalfOpenSocket::OnTransportStatus

0 	XUL 	nsHttpConnectionMgr::nsHalfOpenSocket::OnTransportStatus 	netwerk/protocol/http/nsHttpConnectionMgr.cpp:2111
1 	XUL 	nsSocketTransport::SendStatus 	netwerk/base/src/nsSocketTransport2.cpp:906
2 	XUL 	nsSocketTransport::OnSocketReady 	netwerk/base/src/nsSocketTransport2.cpp:1402
3 	XUL 	nsSocketTransportService::DoPollIteration 	netwerk/base/src/nsSocketTransportService2.cpp:759
4 	XUL 	nsSocketTransportService::Run 	netwerk/base/src/nsSocketTransportService2.cpp:642
5 	XUL 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:625
6 	XUL 	NS_ProcessNextEvent_P 	obj-firefox/x86_64/xpcom/build/nsThreadUtils.cpp:245
7 	XUL 	nsThread::ThreadFunc 	xpcom/threads/nsThread.cpp:273
8 	libnspr4.dylib 	_pt_root 	nsprpub/pr/src/pthreads/ptthread.c:187
9 	libsystem_c.dylib 	libsystem_c.dylib@0x4e8be 	
10 	libsystem_c.dylib 	libsystem_c.dylib@0x51b74 	
11 	libnspr4.dylib 	PR_JoinThread 	nsprpub/pr/src/pthreads/ptthread.c:577

mSocketTransport is null. There is an effective check for this a little later on (mSocketTransport == trans), so that should preceed the spdy hash key code.
(Assignee)

Comment 1

6 years ago
This requrires the manual pref-on, so there is no regression here.
status-firefox10: --- → unaffected
status-firefox11: --- → affected
status-firefox8: --- → unaffected
status-firefox9: --- → unaffected
Target Milestone: --- → mozilla11
(Assignee)

Comment 2

6 years ago
Created attachment 579068 [details] [diff] [review]
patch 0

Simple patch to move spdy server hash code to after the "is this the right transport?" check.
Assignee: nobody → mcmanus
Attachment #579068 - Flags: review?(honzab.moz)
Comment on attachment 579068 [details] [diff] [review]
patch 0

Review of attachment 579068 [details] [diff] [review]:
-----------------------------------------------------------------

r=honzab

Interesting we may have mSocketTransport null while handling the notification.  We should remove nsHalfOpenSocket from callbacks of the transport on shutdown.

However, this is enough to fix this crash.  I had to catch this.

When changing this code, could you please also move status == nsISocketTransport::STATUS_CONNECTED_TO as the first condition in the list?  It could save some execution bits.
Attachment #579068 - Flags: review?(honzab.moz) → review+
(Assignee)

Updated

6 years ago
Duplicate of this bug: 707924

Updated

6 years ago
Crash Signature: [@ nsHttpConnectionMgr::nsHalfOpenSocket::OnTransportStatus(nsITransport*, unsigned int, unsigned __int64, unsigned __int64) ]

Updated

6 years ago
Severity: major → critical
Keywords: crash
Hardware: x86_64 → All
(Assignee)

Comment 5

6 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/0a5f66d5d8e4
Crash Signature: [@ nsHttpConnectionMgr::nsHalfOpenSocket::OnTransportStatus(nsITransport*, unsigned int, unsigned __int64, unsigned __int64) ] → [@ nsHttpConnectionMgr::nsHalfOpenSocket::OnTransportStatus(nsITransport*, unsigned int, unsigned __int64, unsigned __int64) ] [@ nsHttpConnectionMgr::nsHalfOpenSocket::OnTransportStatus ]

Comment 6

6 years ago
https://hg.mozilla.org/mozilla-central/rev/0a5f66d5d8e4
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED

Comment 7

6 years ago
Backed out (along with the rest of the SPDY landing) in order to stop us hitting the MSVC virtual address limit, so we can reopen the trees (bug 709193).

Sucks, but we don't really have any other choice here :-(

https://hg.mozilla.org/integration/mozilla-inbound/rev/dc48c0992358
Status: RESOLVED → REOPENED
Depends on: 709193
Resolution: FIXED → ---
Target Milestone: mozilla11 → ---

Comment 8

6 years ago
Relanded on mozilla-central :-)

https://hg.mozilla.org/mozilla-central/rev/cf0b31ff2b6d
Status: REOPENED → RESOLVED
Last Resolved: 6 years ago6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla11

Updated

6 years ago
No longer depends on: 709193

Updated

6 years ago
status-firefox11: affected → ---
You need to log in before you can comment on or make changes to this bug.