Closed
Bug 744816
Opened 13 years ago
Closed 13 years ago
Fennec crashes in concurrent access of password db
Categories
(Firefox for Android Graveyard :: General, defect, P1)
Tracking
(blocking-fennec1.0 beta+)
VERIFIED
FIXED
Firefox 14
| Tracking | Status | |
|---|---|---|
| blocking-fennec1.0 | --- | beta+ |
People
(Reporter: tracy, Assigned: wesj)
References
Details
(Keywords: crash, Whiteboard: [native-crash][has reviewed patch])
Attachments
(3 files, 1 obsolete file)
Seen with latest inbound build with password Sync http://ftp.mozilla.org/pub/mozilla.org/mobile/tinderbox-builds/mozilla-inbound-android/1334228548/
STR's:
0) clean install the given build
1) Setup sync to existing desktop client via jpake
2) attempt to add a password to fennec at say bugzilla.mozilla.org
tested results:
fennec crashes and sync fails
expected results:
no crash, password is added to db and sync succeeds.
|
||
Updated•13 years ago
|
|
||
Comment 1•13 years ago
|
||
Related to Bug 730495, Bug 741836?
|
||
Comment 2•13 years ago
|
||
The causes for those (by our current understanding) require it to be simultaneous with Gecko launching. That is not the case here?
|
|
||
Comment 3•13 years ago
|
||
Looks like an invalid free in GeckoJNI code. I blame wesj.
|
|
||
Comment 4•13 years ago
|
||
(In reply to Gian-Carlo Pascutto (:gcp) from comment #3)
> Looks like an invalid free in GeckoJNI code. I blame wesj.
Quick sleuthing! Poor wesj.
|
Assignee | |
Updated•13 years ago
|
Assignee: nobody → wjohnston
|
||
Updated•13 years ago
|
blocking-fennec1.0: ? → beta+
|
|
Assignee | |
Comment 5•13 years ago
|
||
Weird. I rewrote encrypt and decrypt to both do nothing but
char* result = (char*)malloc(2048);
free(result);
return jenv->NewStringUTF("");
And I still crash.
|
|
||
Comment 6•13 years ago
|
||
(In reply to Wesley Johnston (:wesj) from comment #5)
> And I still crash.
As far as I know, this implies that the problem is more general heap corruption that is simply being detected during free.
Time to audit all of the C++ that runs up until that point…
|
|
||
Comment 7•13 years ago
|
||
I have temporarily disabled the password sync stage until this bug is resolved.
https://hg.mozilla.org/integration/mozilla-inbound/rev/bbfe59782089
Status: NEW → ASSIGNED
Priority: -- → P1
|
|
Assignee | |
Comment 8•13 years ago
|
||
I don't like this much, but wanted to have this up as a bandaid patch while I try to figure this out. Basically, just holds a buffer forever.
I can trigger this bug without having to have two threads with concurrent access to the db. It seems related to the length of the string I try to encode (although that also seems unlikely and probably is unrelated).
Attachment #615000 -
Flags: feedback?(rnewman)
|
|
Assignee | |
Comment 9•13 years ago
|
||
I knew this was something stupid staring me in the face.
Attachment #615000 -
Attachment is obsolete: true
Attachment #615000 -
Flags: feedback?(rnewman)
Attachment #615004 -
Flags: review?(rnewman)
|
|
||
Comment 10•13 years ago
|
||
Comment on attachment 615004 [details] [diff] [review]
Fix
Review of attachment 615004 [details] [diff] [review]:
-----------------------------------------------------------------
Heh. Good spot.
Can you write a trivial test that fails when linked with eFence[0] or equivalent? Or file a bug to run cppcheck[1] against this source?
This kind of overrun should be easy to catch automatically, and who knows… there might be more.
[0] <http://en.wikipedia.org/wiki/Electric_Fence>
[1] <http://sourceforge.net/apps/mediawiki/cppcheck/index.php?title=Main_Page>
Attachment #615004 -
Flags: review?(rnewman) → review+
|
||
Updated•13 years ago
|
Whiteboard: [native-crash] → [native-crash][has reviewed patch]
|
|
Assignee | |
Comment 11•13 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/ef563bc49ec2
I'm looking into using efence (i don't see it used anywhere else in our source, but it seems like it would be a useful thing...). There's also some work using cppcheck (bug 679417), but no bug to automagically run it. I did run it here though. Filing bugs for things it shows...
|
|
||
Comment 12•13 years ago
|
||
https://gist.github.com/2401574
might be relevant to this, too.
|
|
||
Comment 13•13 years ago
|
||
Running into a somewhat if not exact same crash -- see attached log
--
Nightly (04/16), Galaxy Nexus (Android 4.0.4)
|
|
||
Comment 15•13 years ago
|
||
(In reply to Richard Newman [:rnewman] from comment #7)
> I have temporarily disabled the password sync stage until this bug is
> resolved.
>
> https://hg.mozilla.org/integration/mozilla-inbound/rev/bbfe59782089
This was re-enabled by:
changeset: 91647:190a237b1456
user: Nick Alexander <nalexander@mozilla.com>
date: Fri Apr 13 19:41:40 2012 -0700
summary: Bug 739629 - Expose safe account creation API for profile migration. r=rnewman
|
||
Comment 17•13 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
Reporter | |
Comment 18•13 years ago
|
||
verified with m-c nightly build of 20120418
Status: RESOLVED → VERIFIED
|
||
Updated•5 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•