Closed
Bug 755323
Opened 12 years ago
Closed 7 years ago
Attempts to upload a large file with DOM File or FileReader will now kill the browser
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
INCOMPLETE
mozilla15
| Tracking | Status | |
|---|---|---|
| firefox15 | - | --- |
People
(Reporter: bzbarsky, Unassigned)
References
Details
(Keywords: crash, Whiteboard: [leave open])
Crash Data
Attachments
(1 file, 1 obsolete file)
|
1.96 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
At least if I read bug 737164 right. See the code touched in bug 604561 and various similar code in nsDOMFileReader (e.g. in nsDOMFileReader::DoOnDataAvailable). Requesting tracking for the regression.
|
||
Updated•12 years ago
|
|
||
Updated•12 years ago
|
Severity: normal → critical
Crash Signature: [@ mozalloc_abort(char const* const) | NS_DebugBreak_P | nsAString_internal::GetMutableData(wchar_t**, unsigned int)]
Keywords: crash
|
||
Comment 2•12 years ago
|
||
I have a patch for the non-dataURI flavors. The data: URI flavor uses NS_AppendASCIItoUTF16 which is infallible, but the existing code doesn't deal with allocation failure correctly, returning an incomplete data URI (which seems worse than failing completely, I think). I'm not sure what to do about that case yet.
|
|
||
Updated•12 years ago
|
Assignee: nobody → benjamin
Status: NEW → ASSIGNED
|
Reporter | |
Comment 3•12 years ago
|
||
The right thing to do on OOM there is probably to throw.
|
|
||
Comment 4•12 years ago
|
||
Attachment #624726 -
Flags: review?(bzbarsky)
Comment on attachment 624726 [details] [diff] [review] Part 1, the easy bits of domfilereader, rev. 1 Review of attachment 624726 [details] [diff] [review]: ----------------------------------------------------------------- ::: content/base/src/nsDOMFileReader.cpp @@ +564,5 @@ > NS_ENSURE_SUCCESS(rv, rv); > > + bool ok = aResult.SetLength(destLength); > + if (!ok) > + return NS_ERROR_OUT_OF_MEMORY; Don't you need to pass fallible_t here too? Also, shouldn't we really be using SetCapacity? Finally, can we just write this as if (!aResult.SetCapacity(destLength, fallible_t()) { return NS_ERROR_OUT_OF_MEMORY; }
|
|
||
Comment 6•12 years ago
|
||
Attachment #624726 -
Attachment is obsolete: true
Attachment #624726 -
Flags: review?(bzbarsky)
Attachment #624779 -
Flags: review?(bzbarsky)
|
|
Reporter | |
Comment 7•12 years ago
|
||
Comment on attachment 624779 [details] [diff] [review] Part 1, rev. 1.1 r=me, but we should fix nsDOMFile too.
Attachment #624779 -
Flags: review?(bzbarsky) → review+
|
||
Comment 8•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/f9e1db25530b
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Flags: in-testsuite-
Resolution: --- → FIXED
Target Milestone: --- → mozilla15
|
|
||
Updated•12 years ago
|
Whiteboard: [leave open]
|
||
Comment 10•11 years ago
|
||
In email Benjamin suggested this bug remains open for edge case crashes, but shouldn't be a critical issue for release. Untracking given that.
|
|
||
Updated•11 years ago
|
Assignee: benjamin → nobody
|
||
Comment 11•10 years ago
|
||
(In reply to Alex Keybl [:akeybl] from comment #10) > In email Benjamin suggested this bug remains open for edge case crashes, but > shouldn't be a critical issue for release. Untracking given that. do we have any such crashes? Firefox 21 has some sigs, all startup crashes, but I can't tell if they are a match to the bug because I don't know the stack to compare against. bp-a1ed5981-493a-4765-97dc-7aadf2130629 3 stacks similar bp-d6f3cd1e-0515-4ebd-b0d7-16d622130710 bp-0a199c63-9a07-408c-af56-3f8d32130710 bp-e32c8b35-6063-4d07-99f9-c23022130709
Flags: needinfo?(kairo)
Flags: needinfo?(akeybl)
|
|
||
Comment 12•10 years ago
|
||
I'm not sure what info you want from me here, so I can't provide it.
Flags: needinfo?(kairo)
|
||
Updated•8 years ago
|
Crash Signature: [@ mozalloc_abort(char const* const) | NS_DebugBreak_P | nsAString_internal::GetMutableData(wchar_t**, unsigned int)] → [@ mozalloc_abort(char const* const) | NS_DebugBreak_P | nsAString_internal::GetMutableData(wchar_t**, unsigned int)]
[@ mozalloc_abort | NS_DebugBreak_P | nsAString_internal::GetMutableData]
|
|
||
Comment 13•7 years ago
|
||
I suspect you could close this . Only one crash in two weeks and it's version 12. https://crash-stats.mozilla.com/search/?signature=~GetMutableData&product=Firefox&date=%3E%3D2016-11-30T11%3A49%3A44.000Z&date=%3C2016-12-14T11%3A49%3A44.000Z&_sort=-date&_facets=signature&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports
Flags: needinfo?(akeybl) → needinfo?(overholt)
|
||
Comment 14•7 years ago
|
||
(In reply to Wayne Mery (:wsmwk, NI for questions) from comment #13) > I suspect you could close this Thanks!
Status: REOPENED → RESOLVED
Closed: 12 years ago → 7 years ago
Flags: needinfo?(overholt)
Resolution: --- → INCOMPLETE
|
Assignee | |
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•