Closed
Bug 991669
Opened 11 years ago
Closed 6 years ago
HTTP cache v2: Crash during memory report [@ CacheFileMetadata::SizeOfExcludingThis ], mWriteBuf freed outside the lock
Categories
(Core :: Networking: Cache, defect, P3)
Core
Networking: Cache
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: mayhemer, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [necko-backlog])
Crash Data
Cache2 I/O:
nss3.dll!PR_Lock(0x0be37840) Line 215 C
xul.dll!mozilla::net::CacheIndexAutoLock::CacheIndexAutoLock(0x0bee6048) Line 166 C++
xul.dll!mozilla::net::CacheFile::OnMetadataWritten(NS_OK) Line 596 C++
> xul.dll!mozilla::net::CacheFileMetadata::OnDataWritten(0x06d5ace0, 0x1df0e8b8, NS_OK) Line 565 C++
xul.dll!mozilla::net::WriteEvent::Run() Line 740 C++
Main thread:
> msvcr100.dll!__msize() Unknown
xul.dll!mozilla::net::CacheFileMetadata::SizeOfExcludingThis(0x0ffc0ff1) Line 872 C++
xul.dll!mozilla::net::CacheFileMetadata::SizeOfIncludingThis(0x0ffc0ff1) Line 881 C++
xul.dll!mozilla::net::CacheFile::SizeOfExcludingThis(0x00000180) Line 1654 C++
xul.dll!mozilla::net::CacheFile::SizeOfIncludingThis(0x0ffc0ff1) Line 1680 C++
xul.dll!mozilla::net::CacheEntry::SizeOfExcludingThis(0x0ffc0ff1) Line 1546 C++
xul.dll!mozilla::net::CacheEntry::SizeOfIncludingThis(0x0ffc0ff1) Line 1569 C++
IO thread just freed (and then nullified) its mWriteBuf while the file CacheFile lock is not held. Main thread in the meantime under the file's lock passes mWriteBuf to mallocSizeOf just before it's freed but the pointer examination happens after it has been freed. Tight but possible.
|
Reporter | |
Updated•11 years ago
|
Crash Signature: CacheFileMetadata::SizeOfExcludingThis
Summary: HTTP cache v2: Crash during memory report [@ CacheFileMetadata::mWriteBuf is freed outside the lock, memory reporter may crash → HTTP cache v2: Crash during memory report [@ CacheFileMetadata::SizeOfExcludingThis ], mWriteBuf freed outside the lock
|
|
Reporter | |
Updated•11 years ago
|
Blocks: cache2afterenable
|
||
Updated•9 years ago
|
Whiteboard: [necko-backlog]
|
||
Comment 1•7 years ago
|
||
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P1
|
|
||
Comment 2•7 years ago
|
||
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: P1 → P3
|
||
Comment 3•6 years ago
|
||
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
|
|
||
Comment 4•6 years ago
|
||
Closing because no crash reported since 12 weeks.
You need to log in
before you can comment on or make changes to this bug.
Description
•