Closed
Bug 1329669
Opened 8 years ago
Closed 8 years ago
Crash in mozilla::dom::cache::CacheOpChild::Recv__delete__
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla53
People
(Reporter: bkelly, Assigned: bkelly)
References
Details
(Keywords: crash)
Crash Data
Attachments
(1 file, 1 obsolete file)
(deleted),
patch
|
bkelly
:
review+
gchang
:
approval-mozilla-aurora+
gchang
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-e4251650-8df6-472e-8ec3-7c7492170106.
=============================================================
When the parent side fails to open the storage we return a nullptr actor back to the child. The child, however, tries to use the actor without checking for nullptr. I think that is causing this low frequency crash.
Assignee | ||
Comment 1•8 years ago
|
||
Well, in theory we should be sending an error code in this case, but it seems we sometimes still have a nullptr actor.
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → bkelly
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•8 years ago
|
||
This patch tries to verify the actor pointer provided in the OpenStorageResult is valid before using it. In theory this should not happen when we have a successful result code, so the patch also does a MOZ_DIAGNOSTIC_ASSERT(). For release builds, though, we reject with a generic TypeError message.
Attachment #8825079 -
Flags: review?(bugmail)
Assignee | ||
Updated•8 years ago
|
status-firefox50:
--- → wontfix
status-firefox51:
--- → affected
status-firefox52:
--- → affected
status-firefox53:
--- → affected
status-firefox-esr45:
--- → wontfix
Comment 3•8 years ago
|
||
Comment on attachment 8825079 [details] [diff] [review]
Gracefully handle nullptr Cache actor in CacheStorage::Open() result. r=asuth
Review of attachment 8825079 [details] [diff] [review]:
-----------------------------------------------------------------
Wow, this is a weird error! Anyways, I think it probably also makes sense to add:
- MOZ_DIAGNOSTIC_ASSERT(mCacheId != INVALID_CACHE_ID) just before both of the success "return rv" paths in Manager::StorageOpenAction::RunSyncWithDBOnTarget to ensure nothing insane is happening in those methods. These seem unlikely to screw up, but make the next assertion more useful...
- Add MOZ_DIAGNOSTIC_ASSERT(aRv.Failed() || mCacheId != INVALID_CACHE_ID) before the aListener->OnOpComplete call. This should ideally help verify that no code screwed up and invoked Resolve(NS_OK) somehow, somewhere. (And because this is literally the only call-site to construct a StorageOpenResult() and CacheOpChild is switching on the discriminated union type, it should guarantee this assertion gets a chance to do its thing and cause an early explosion closer to the point of failure than the diagnostic in the child.)
Attachment #8825079 -
Flags: review?(bugmail) → review+
Assignee | ||
Comment 4•8 years ago
|
||
Attachment #8825079 -
Attachment is obsolete: true
Attachment #8825423 -
Flags: review+
Pushed by bkelly@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/ba05b37f1dd9
Gracefully handle nullptr Cache actor in CacheStorage::Open() result. r=asuth
Assignee | ||
Comment 6•8 years ago
|
||
Comment on attachment 8825423 [details] [diff] [review]
bug1329669_openfailed.patch
Approval Request Comment
[Feature/Bug causing the regression]: Service workers
[User impact if declined]: About 10 crashes per week in release and beta channels.
[Is this code covered by automated tests?]: Yes, but it did not catch this rare corner case.
[Has the fix been verified in Nightly?]: We don't have exact steps to reproduce so it cannot be manually verified.
[Needs manual test from QE? If yes, steps to reproduce]: None
[List of other uplifts needed for the feature/fix]: None
[Is the change risky?]: No
[Why is the change risky/not risky?]: The patch only adds a nullptr check and some diagnostic assertions.
[String changes made/needed]: None
Attachment #8825423 -
Flags: approval-mozilla-beta?
Attachment #8825423 -
Flags: approval-mozilla-aurora?
Comment 7•8 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
Comment 8•8 years ago
|
||
Comment on attachment 8825423 [details] [diff] [review]
bug1329669_openfailed.patch
Fix a crash. Beta51+ & Aurora52+. Should be in 51 beta 14.
Attachment #8825423 -
Flags: approval-mozilla-beta?
Attachment #8825423 -
Flags: approval-mozilla-beta+
Attachment #8825423 -
Flags: approval-mozilla-aurora?
Attachment #8825423 -
Flags: approval-mozilla-aurora+
Assignee | ||
Comment 9•8 years ago
|
||
Assignee | ||
Comment 10•8 years ago
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•