Closed Bug 927878 Opened 11 years ago Closed 11 years ago

crash in nsDOMOfflineResourceList::ApplicationCacheAvailable(nsIApplicationCache*) when installing an app

Categories

(Core :: Networking: Cache, defect)

Product:
Core
Component:
Networking: Cache
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla28
Tracking Flags:
Tracking Status
firefox26 --- verified
firefox27 --- verified
firefox28 --- verified
b2g-v1.2 --- fixed

People

(Reporter: cwiiis, Assigned: mayhemer)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

Attachments

(2 files)

Demonstration of crashing bug
1.28 KB, application/x-zip
Details
v1
944 bytes, patch
jduell.mcbugs
: review+
lsblakk
: approval-mozilla-aurora+
lsblakk
: approval-mozilla-beta+
mayhemer
: checkin+
Details | Diff | Splinter Review 
This bug was filed from the Socorro interface and is 
report bp-26e7edb4-9178-401e-8560-c1bca2131017.
=============================================================


I'm getting this crash when I install an app I've written - it has a valid app cache and works otherwise. Let me know if the crash report is inadequate to investigate this bug. I can't publicly share the url right now.
Component: DOM: Apps → Networking: Cache
Can you attach a test case?
Flags: needinfo?(chrislord.net)
I will when I find time (soon) - one thing I can say, having the webapp use a different appcache path fixed the issue. So it seems if a page uses appcache and a webapp uses the same appcache, there's some kind of conflict?
Component: Networking: Cache → DOM: Apps
Flags: needinfo?(chrislord.net)
Sorry, didn't mean to change component... Bugzilla caching at its finest.
Component: DOM: Apps → Networking: Cache
Go to the attached URL and click 'install' to crash Firefox. Will attach an archive of the files (which have to be hosted on the root of an http or https server).
URL: http://teamgiraffe.co.uk/crash-firefo...
Blocks: 922689

    
    

    
  
It's probably bug 910422.
Can you try to:
1) Remove the appcache data from Firefox
2) Reinstall the app without letting Firefox download the appcache data
See Also:  → 910422

    
    

    
  
(In reply to Marco Castelluccio [:marco] from comment #6)
> It's probably bug 910422.
> Can you try to:
> 1) Remove the appcache data from Firefox
> 2) Reinstall the app without letting Firefox download the appcache data

That bug title indeed does show the same behaviour. It's worth noting that you don't need to install an app, if you just go to a different page with the same manifest, this will cause the same crash.

    
    

    
  
Honza, this is a null pointer crash. Could you take a look at this?
I don't see anything guaranteeing that AssociateDocuments(mPreviousApplicationCache);
passes non-null value to the method. We have null checks for mPreviousApplicationCache elsewhere, but
for some reason not there.
Flags: needinfo?(honzab.moz)

    
    

    
  
The best solution here (I've checked MXR) is to bypass nsOfflineCacheUpdate::AssociateDocuments when the cache is null.  ApplicationCacheAvailable should not be called when there is no cache available.
Flags: needinfo?(honzab.moz)

    
    

    
  

      
      
      
      

        Attached patch
          
          
        v1Splinter Review
      

    


  
- bypass calling observers when there is no cache to associate with
Assignee: nobody → honzab.moz
Status: NEW → ASSIGNED

        Attachment #826720 -
        Flags: review?(jduell.mcbugs)

    
  

        Attachment #826720 -
        Flags: review?(jduell.mcbugs) → review+

    
    

    
  
Once this land on central and is verified, can we uplift this to beta and aurora? I think this is a major hindrance to app development (and crashing bugs aren't great regardless)

    
    

    
  
(In reply to Chris Lord [:cwiiis] from comment #12)
> Once this land on central and is verified, can we uplift this to beta and
> aurora? I think this is a major hindrance to app development (and crashing
> bugs aren't great regardless)

Planning on it.  I'll land and request a? tomorrow.

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/da5f325e4f72
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28

    
    

    
  
Comment on attachment 826720 [details] [diff] [review]
v1

[Approval Request Comment]
Bug caused by (feature/regressing bug #): 892488

User impact if declined: null-deref-crash in some application cache download scenarios

Testing completed (on m-c, etc.): just landed on m-c

Risk to taking this patch (and alternatives if risky): very small, we only bypass a callback that does carry a null ptr (when it should not); according mxr, consumers are OK when this callback is bypassed for null values ; if considered not safe, we can have a branch patch that will just null check in the place of the actual crash. that would fix this bug (in a hacky way) as well and be safer according potential extension compatibility

String or IDL/UUID changes made by this patch: none

        Attachment #826720 -
        Flags: approval-mozilla-beta?

        Attachment #826720 -
        Flags: approval-mozilla-aurora?

        Attachment #826720 -
        Flags: approval-mozilla-beta?

        Attachment #826720 -
        Flags: approval-mozilla-beta+

        Attachment #826720 -
        Flags: approval-mozilla-aurora?

        Attachment #826720 -
        Flags: approval-mozilla-aurora+

    
    

    
  
Reproduced on nightly 2013-10-27 when installing the app from the test URL.
Verified fixed FF 28.0a1 (2013-11-14) Win 7 x64

          status-firefox28:
          fixedverified
Keywords: verifyme

    
    

    
  
Verified as fixed on Mac OS X 10.8.5, Ubuntu 13.04 x64 and Windows 8 x64 using Firefox 26 beta 6 build.

          status-firefox26:
          fixedverified

    
    

    
  
This looks to be verified.
Keywords: verifyme
Status: RESOLVED → VERIFIED

    
    

    
  
Verified as fixed on Mac OS X 10.7.5, Ubuntu 13.10 x64 and Windows 7 x64 using Firefox 27 beta 6 build.

          status-firefox27:
          fixedverified

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: