1. Create a profile with the prefs: user_pref("dom.min_background_timeout_value", 4); user_pref("dom.disable_open_during_load", false); and the extension: https://www.squarefree.com/extensions/domFuzzLite3.xpi 2. Run with the testcase filename on the command line (You might have to repeat step 2 a few times.) ###!!! ASSERTION: Inner window supports nsWrapperCache, fix WrapObject!: 'IsOuterWindow()', file dom/base/nsGlobalWindow.h, line 354 (This assertion was added in bug 693301.) ###!!! ASSERTION: EnsureInnerWindow called on inner window: 'IsOuterWindow()', file dom/base/nsPIDOMWindow.h, line 331
We're firing the DOMContentLoaded event for "missing-1" (actually for the error page for that) but we've already collected the inner window for it.
The exact same thing happens with XPConnect reflectors for Window, but SetParentToWindow returns an error if the nsGlobalWindow doesn't have a wrapper anymore.
Assignee: nobody → peterv
Status: NEW → ASSIGNED
Please adjust the rating as appropriate. I assume this is a regression from Window WebIDL.
Comment on attachment 8435783 [details] [diff] [review] v1 r=me
Attachment #8435783 - Flags: review?(bzbarsky) → review+
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla33
Comment on attachment 8435783 [details] [diff] [review] v1 Ugh, this missed the branching. [Approval Request Comment] Bug caused by (feature/regressing bug #): bug 789261 User impact if declined: probably crashes/security issues Testing completed (on m-c, etc.): landed on m-c Risk to taking this patch (and alternatives if risky): low-risk, just makes us deal with a situation that we thought couldn't happen String or IDL/UUID changes made by this patch: none
Attachment #8435783 - Flags: approval-mozilla-aurora?
Comment on attachment 8435783 [details] [diff] [review] v1 Aurora approval granted.
Attachment #8435783 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Confirmed assert/crash on Fx32, 2014-05-30. Verified fixed on Fx32, 2014-07-14. Verified fixed on Fx33, 2014-07-07.
You need to log in before you can comment on or make changes to this bug.