From 482d3cd4124ae47185b1f9663234d917683cdff7 Mon Sep 17 00:00:00 2001 From: Valentin Gosu Date: Mon, 17 Feb 2020 22:20:12 +0000 Subject: [PATCH] Bug 1543331 - Add a null check before calling mHostResolver->FlushCache() r=dragana frame #5 of report https://crash-stats.mozilla.org/report/index/4dca6cb1-8d45-4bf5-8836-216810200217 This crash was rather obvious in retrospect, but I missed it because I was looking at the wrong thing. We're not actually crashing in FlushCache, instead mHostResolver is null in nsDNSService::Observe What made it obvious is frame #5 of report https://crash-stats.mozilla.org/report/index/4dca6cb1-8d45-4bf5-8836-216810200217 Included here because crash reports expire: ``` 1 libxul.so nsHostResolver::FlushCache(bool) netwerk/dns/nsHostResolver.cpp:740 2 libxul.so nsDNSService::Observe(nsISupports*, char const*, char16_t const*) netwerk/dns/nsDNSService2.cpp:1132 3 libxul.so nsObserverList::NotifyObservers(nsISupports*, char const*, char16_t const*) xpcom/ds/nsObserverList.cpp:66 4 libxul.so nsObserverService::NotifyObservers(nsISupports*, char const*, char16_t const*) xpcom/ds/nsObserverService.cpp:295 5 libxul.so DecreasePrivateDocShellCount() docshell/base/nsDocShell.cpp:306 6 libxul.so nsDocShell::Destroy() docshell/base/nsDocShell.cpp:5076 ``` See the code points to this line: https://hg.mozilla.org/releases/mozilla-esr68/annotate/ef373efc995d9350a676c4c231b344d173423e8a/docshell/base/nsDocShell.cpp#l306 As we can see, it emits the "last-pb-context-exited" notification, and nsDNSService tries to call FlushCache. However, it appears this notification may be called after we get the shutdown notification and we null out the pointer. It's unclear why this crash was not noticed before bug 1450893 landed. Depends on D63107 Differential Revision: https://phabricator.services.mozilla.com/D63108 --HG-- extra : moz-landing-system : lando --- netwerk/dns/nsDNSService2.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/netwerk/dns/nsDNSService2.cpp b/netwerk/dns/nsDNSService2.cpp index 1bcf42562e86..a871437dae7d 100644 --- a/netwerk/dns/nsDNSService2.cpp +++ b/netwerk/dns/nsDNSService2.cpp @@ -1223,7 +1223,7 @@ nsDNSService::Observe(nsISupports* subject, const char* topic, Shutdown(); } - if (flushCache) { + if (flushCache && mResolver) { mResolver->FlushCache(false); return NS_OK; } @@ -1293,6 +1293,7 @@ nsDNSService::GetDNSCacheEntries( NS_IMETHODIMP nsDNSService::ClearCache(bool aTrrToo) { + NS_ENSURE_TRUE(mResolver, NS_ERROR_NOT_INITIALIZED); mResolver->FlushCache(aTrrToo); return NS_OK; }