If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Assertion failure in nsUnicharStreamLoader::WriteSegmentFun with ISO-2022-JP (#2)

RESOLVED FIXED in Firefox 24

Status

()

Core
Networking
--
critical
RESOLVED FIXED
5 years ago
3 years ago

People

(Reporter: Jesse Ruderman, Assigned: emk)

Tracking

({assertion, sec-moderate, testcase})

Trunk
mozilla24
x86_64
Mac OS X
assertion, sec-moderate, testcase
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(firefox23 wontfix, firefox24 fixed, firefox-esr17 unaffected, b2g18 unaffected, b2g-v1.1hd unaffected, b2g-v1.2 unaffected)

Details

(Whiteboard: [adv-main24+])

Attachments

(3 attachments)

(Reporter)

Description

5 years ago
Created attachment 725954 [details]
testcase

Assertion failure: ((bool)(__builtin_expect(!!(!NS_FAILED_impl(rv)), 1))), at netwerk/base/src/nsUnicharStreamLoader.cpp:218

Same assertion as bug 843434, which Josh fixed last week.

Updated

5 years ago
Assignee: nobody → VYV03354
(Assignee)

Comment 1

5 years ago
mErrBehavior check is needed here, too.
https://mxr.mozilla.org/mozilla-central/source/intl/uconv/ucvja/nsJapaneseToUnicode.cpp#506
And we should audit the all occurrence of |goto error2;|.
Keywords: sec-moderate
(Assignee)

Updated

4 years ago
Duplicate of this bug: 883083
also this is happing on realworld sites see my bug 883083
:emk or josh, can you supply a patch here?
(Assignee)

Comment 5

4 years ago
Created attachment 765062 [details] [diff] [review]
Make ISO-2022-JP decoder reliable
Attachment #765062 - Flags: review?(smontagu)
(Assignee)

Comment 6

4 years ago
Created attachment 765064 [details] [diff] [review]
Regression test
Attachment #765064 - Flags: review?(smontagu)
(Assignee)

Comment 7

4 years ago
Although the assertions are debug only, this change is web-visible because of TextDecoder. The test should catch all possible cases.

I commented out |SimpleTest.expectAssertions(0, 2);| line because testharness doesn't define SimpleTest.
(Assignee)

Comment 8

4 years ago
https://tbpl.mozilla.org/?tree=Try&rev=11e9dbc16257
Attachment #765062 - Flags: review?(smontagu) → review+
Attachment #765064 - Flags: review?(smontagu) → review+
(Assignee)

Comment 9

4 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/84855cdd91da
https://hg.mozilla.org/integration/mozilla-inbound/rev/d1d09117491f
Status: NEW → ASSIGNED
Flags: in-testsuite+
https://hg.mozilla.org/mozilla-central/rev/84855cdd91da
https://hg.mozilla.org/mozilla-central/rev/d1d09117491f
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
status-firefox24: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
(Reporter)

Comment 11

4 years ago
> I commented out |SimpleTest.expectAssertions(0, 2);| line because testharness 
> doesn't define SimpleTest.

Which test harness does this test run in?
(Assignee)

Comment 12

4 years ago
dom/encoding/test/test_TextDecoder.html.
Was this bug present in Firefox 23 or earlier?
status-b2g18: --- → ?
status-firefox23: --- → ?
status-firefox-esr17: --- → ?
Flags: needinfo?(VYV03354)
(Assignee)

Comment 14

4 years ago
Probably Firefox 20 or later. This is a regression from bug 638379.
Flags: needinfo?(VYV03354)
status-firefox23: ? → affected
status-firefox23: affected → wontfix
status-firefox-esr17: ? → unaffected
Whiteboard: [adv-main24+]
status-b2g18: ? → unaffected
status-b2g-v1.1hd: --- → unaffected
status-b2g-v1.2: --- → unaffected
Group: core-security
You need to log in before you can comment on or make changes to this bug.