Bug 1706132 Comment 0 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Original comment by
on 
Testcase found while fuzzing mozilla-central rev 8e850fd29a95 (built with --enable-debug --enable-fuzzing).

Testcase can be reproduced using the following command:
```
$ pip install grizzly-framework
$ python3 -m grizzly.replay --xvfb ~/builds/mc-debug/firefox ./testcase.zip

Assertion failure: !Failed(), at /builds/worker/workspace/obj-build/dist/include/mozilla/ErrorResult.h:582

```
    #0 0x7f891d6c7db0 in mozilla::binding_danger::TErrorResult<mozilla::binding_danger::AssertAndSuppressCleanupPolicy>::~TErrorResult() /builds/worker/workspace/obj-build/dist/include/mozilla/ErrorResult.h
    #1 0x7f8920a76a6b in mozilla::dom::EventCounts::EventCounts(nsISupports*) /builds/worker/checkouts/gecko/dom/performance/EventCounts.cpp:75:1
    #2 0x7f8920a7dab1 in mozilla::dom::PerformanceMainThread::PerformanceMainThread(nsPIDOMWindowInner*, nsDOMNavigationTiming*, nsITimedChannel*, bool) /builds/worker/checkouts/gecko/dom/performance/PerformanceMainThread.cpp:101:24
    #3 0x7f8920a77289 in mozilla::dom::Performance::CreateForMainThread(nsPIDOMWindowInner*, nsIPrincipal*, nsDOMNavigationTiming*, nsITimedChannel*) /builds/worker/checkouts/gecko/dom/performance/Performance.cpp:52:41
    #4 0x7f891e17356d in nsPIDOMWindowInner::CreatePerformanceObjectIfNeeded() /builds/worker/checkouts/gecko/dom/base/nsGlobalWindowInner.cpp:2406:20
    #5 0x7f891e168f80 in nsPIDOMWindowInner::GetPerformance() /builds/worker/checkouts/gecko/dom/base/nsGlobalWindowInner.cpp:2382:3
    #6 0x7f891c7c598f in mozilla::net::LoadInfo::GetPerformanceStorage() /builds/worker/checkouts/gecko/netwerk/base/LoadInfo.cpp:1818:57
    #7 0x7f891cc58fc3 in GetPerformanceStorage /builds/worker/checkouts/gecko/netwerk/protocol/http/HttpBaseChannel.cpp:5035:21
    #8 0x7f891cc58fc3 in mozilla::net::HttpBaseChannel::MaybeReportTimingData() /builds/worker/checkouts/gecko/netwerk/protocol/http/HttpBaseChannel.cpp:5044:7
    #9 0x7f891cc7ab03 in mozilla::net::HttpChannelChild::DoPreOnStopRequest(nsresult) /builds/worker/checkouts/gecko/netwerk/protocol/http/HttpChannelChild.cpp:984:3
    #10 0x7f891cc7a7e1 in mozilla::net::HttpChannelChild::OnStopRequest(nsresult const&, mozilla::net::ResourceTimingStructArgs const&, mozilla::net::nsHttpHeaderArray const&) /builds/worker/checkouts/gecko/netwerk/protocol/http/HttpChannelChild.cpp:929:3
    #11 0x7f891ccdb46d in operator() /builds/worker/checkouts/gecko/netwerk/protocol/http/HttpChannelChild.cpp:818:15
    #12 0x7f891ccdb46d in std::_Function_handler<void (), mozilla::net::HttpChannelChild::ProcessOnStopRequest(nsresult const&, mozilla::net::ResourceTimingStructArgs const&, mozilla::net::nsHttpHeaderArray const&, nsTArray<mozilla::net::ConsoleReportCollected>&&, bool)::$_9>::_M_invoke(std::_Any_data const&) /builds/worker/fetches/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/7.4.0/../../../../include/c++/7.4.0/bits/std_function.h:316:2
    #13 0x7f891ce4affb in mozilla::net::ChannelEventQueue::FlushQueue() /builds/worker/checkouts/gecko/netwerk/ipc/ChannelEventQueue.cpp:90:12
    #14 0x7f891ce827ec in MaybeFlushQueue /builds/worker/workspace/obj-build/dist/include/mozilla/net/ChannelEventQueue.h:330:5
    #15 0x7f891ce827ec in CompleteResume /builds/worker/workspace/obj-build/dist/include/mozilla/net/ChannelEventQueue.h:309:5
    #16 0x7f891ce827ec in mozilla::net::ChannelEventQueue::ResumeInternal()::CompleteResumeRunnable::Run() /builds/worker/checkouts/gecko/netwerk/ipc/ChannelEventQueue.cpp:148:17
    #17 0x7f891c67f032 in mozilla::SchedulerGroup::Runnable::Run() /builds/worker/checkouts/gecko/xpcom/threads/SchedulerGroup.cpp:143:20
    #18 0x7f891c6aa463 in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:473:16
    #19 0x7f891c687d09 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:757:26
    #20 0x7f891c686c74 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:612:15
    #21 0x7f891c686e03 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:396:36
    #22 0x7f891c6add86 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:135:37
    #23 0x7f891c6add86 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_0>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:534:5
    #24 0x7f891c699b10 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1159:16
    #25 0x7f891c6a07ba in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:548:10
    #26 0x7f891cfda676 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:87:21
    #27 0x7f891cf45553 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:335:10
    #28 0x7f891cf4546d in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328:3
    #29 0x7f891cf4546d in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310:3
    #30 0x7f8920ce75f8 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27
    #31 0x7f8922560ea3 in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:906:20
    #32 0x7f891cfdb55c in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:237:9
    #33 0x7f891cf45553 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:335:10
    #34 0x7f891cf4546d in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328:3
    #35 0x7f891cf4546d in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310:3
    #36 0x7f8922560a7f in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:738:34
    #37 0x55bb02e870d6 in content_process_main /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
    #38 0x55bb02e870d6 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:309:18
    #39 0x7f893161e0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
```
Revision 1 by
on 
Testcase found while fuzzing mozilla-central rev 8e850fd29a95 (built with --enable-debug --enable-fuzzing).

Testcase can be reproduced using the following command:
```
$ pip install grizzly-framework
$ python3 -m grizzly.replay --xvfb ~/builds/mc-debug/firefox ./testcase.zip
```
```
Assertion failure: !Failed(), at /builds/worker/workspace/obj-build/dist/include/mozilla/ErrorResult.h:582
```
    #0 0x7f891d6c7db0 in mozilla::binding_danger::TErrorResult<mozilla::binding_danger::AssertAndSuppressCleanupPolicy>::~TErrorResult() /builds/worker/workspace/obj-build/dist/include/mozilla/ErrorResult.h
    #1 0x7f8920a76a6b in mozilla::dom::EventCounts::EventCounts(nsISupports*) /builds/worker/checkouts/gecko/dom/performance/EventCounts.cpp:75:1
    #2 0x7f8920a7dab1 in mozilla::dom::PerformanceMainThread::PerformanceMainThread(nsPIDOMWindowInner*, nsDOMNavigationTiming*, nsITimedChannel*, bool) /builds/worker/checkouts/gecko/dom/performance/PerformanceMainThread.cpp:101:24
    #3 0x7f8920a77289 in mozilla::dom::Performance::CreateForMainThread(nsPIDOMWindowInner*, nsIPrincipal*, nsDOMNavigationTiming*, nsITimedChannel*) /builds/worker/checkouts/gecko/dom/performance/Performance.cpp:52:41
    #4 0x7f891e17356d in nsPIDOMWindowInner::CreatePerformanceObjectIfNeeded() /builds/worker/checkouts/gecko/dom/base/nsGlobalWindowInner.cpp:2406:20
    #5 0x7f891e168f80 in nsPIDOMWindowInner::GetPerformance() /builds/worker/checkouts/gecko/dom/base/nsGlobalWindowInner.cpp:2382:3
    #6 0x7f891c7c598f in mozilla::net::LoadInfo::GetPerformanceStorage() /builds/worker/checkouts/gecko/netwerk/base/LoadInfo.cpp:1818:57
    #7 0x7f891cc58fc3 in GetPerformanceStorage /builds/worker/checkouts/gecko/netwerk/protocol/http/HttpBaseChannel.cpp:5035:21
    #8 0x7f891cc58fc3 in mozilla::net::HttpBaseChannel::MaybeReportTimingData() /builds/worker/checkouts/gecko/netwerk/protocol/http/HttpBaseChannel.cpp:5044:7
    #9 0x7f891cc7ab03 in mozilla::net::HttpChannelChild::DoPreOnStopRequest(nsresult) /builds/worker/checkouts/gecko/netwerk/protocol/http/HttpChannelChild.cpp:984:3
    #10 0x7f891cc7a7e1 in mozilla::net::HttpChannelChild::OnStopRequest(nsresult const&, mozilla::net::ResourceTimingStructArgs const&, mozilla::net::nsHttpHeaderArray const&) /builds/worker/checkouts/gecko/netwerk/protocol/http/HttpChannelChild.cpp:929:3
    #11 0x7f891ccdb46d in operator() /builds/worker/checkouts/gecko/netwerk/protocol/http/HttpChannelChild.cpp:818:15
    #12 0x7f891ccdb46d in std::_Function_handler<void (), mozilla::net::HttpChannelChild::ProcessOnStopRequest(nsresult const&, mozilla::net::ResourceTimingStructArgs const&, mozilla::net::nsHttpHeaderArray const&, nsTArray<mozilla::net::ConsoleReportCollected>&&, bool)::$_9>::_M_invoke(std::_Any_data const&) /builds/worker/fetches/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/7.4.0/../../../../include/c++/7.4.0/bits/std_function.h:316:2
    #13 0x7f891ce4affb in mozilla::net::ChannelEventQueue::FlushQueue() /builds/worker/checkouts/gecko/netwerk/ipc/ChannelEventQueue.cpp:90:12
    #14 0x7f891ce827ec in MaybeFlushQueue /builds/worker/workspace/obj-build/dist/include/mozilla/net/ChannelEventQueue.h:330:5
    #15 0x7f891ce827ec in CompleteResume /builds/worker/workspace/obj-build/dist/include/mozilla/net/ChannelEventQueue.h:309:5
    #16 0x7f891ce827ec in mozilla::net::ChannelEventQueue::ResumeInternal()::CompleteResumeRunnable::Run() /builds/worker/checkouts/gecko/netwerk/ipc/ChannelEventQueue.cpp:148:17
    #17 0x7f891c67f032 in mozilla::SchedulerGroup::Runnable::Run() /builds/worker/checkouts/gecko/xpcom/threads/SchedulerGroup.cpp:143:20
    #18 0x7f891c6aa463 in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:473:16
    #19 0x7f891c687d09 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:757:26
    #20 0x7f891c686c74 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:612:15
    #21 0x7f891c686e03 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:396:36
    #22 0x7f891c6add86 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:135:37
    #23 0x7f891c6add86 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_0>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:534:5
    #24 0x7f891c699b10 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1159:16
    #25 0x7f891c6a07ba in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:548:10
    #26 0x7f891cfda676 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:87:21
    #27 0x7f891cf45553 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:335:10
    #28 0x7f891cf4546d in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328:3
    #29 0x7f891cf4546d in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310:3
    #30 0x7f8920ce75f8 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27
    #31 0x7f8922560ea3 in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:906:20
    #32 0x7f891cfdb55c in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:237:9
    #33 0x7f891cf45553 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:335:10
    #34 0x7f891cf4546d in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328:3
    #35 0x7f891cf4546d in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310:3
    #36 0x7f8922560a7f in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:738:34
    #37 0x55bb02e870d6 in content_process_main /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
    #38 0x55bb02e870d6 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:309:18
    #39 0x7f893161e0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
```

Back to Bug 1706132 Comment 0