Closed Bug 1031074 Opened 11 years ago Closed 11 years ago

Assertion on mBlockingScripts via CSP failure in ImportLoader

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla33
Project Flags:
tracking-b2g backlog

People

(Reporter: qdot, Assigned: mrbkap)

References

Details

Attachments

(1 file)

Proposed fix
3.26 KB, patch
gkrizsanits
: review+
Details | Diff | Splinter Review
Assertion on mBlockingScripts when we fail CSP check for imports. Stack: #0 0x00007f99e145b8ed in nanosleep () at ../sysdeps/unix/syscall-template.S:81 #1 0x00007f99e145b784 in __sleep (seconds=0) at ../sysdeps/unix/sysv/linux/sleep.c:137 #2 0x00007f99dee00de1 in ah_crap_handler (signum=11) at /home/qdot/code/mozbuild/gecko-dev/toolkit/xre/nsSigHandlers.cpp:88 #3 0x00007f99dee0ae49 in nsProfileLock::FatalSignalHandler (signo=11, info=0x7fff44133230, context=0x7fff44133100) at /home/qdot/code/mozbuild/gecko-dev/profile/dirserviceprovider/src/nsProfileLock.cpp:185 #4 0x00007f99df400fff in AsmJSFaultHandler (signum=11, info=0x7fff44133230, context=0x7fff44133100) at /home/qdot/code/mozbuild/gecko-dev/js/src/jit/AsmJSSignalHandlers.cpp:976 #5 <signal handler called> #6 0x00007f99de55eb6d in mozilla::dom::ImportLoader::UnblockScripts (this=0x604e130) at /home/qdot/code/mozbuild/gecko-dev/content/base/src/ImportManager.cpp:81 #7 0x00007f99de565e07 in mozilla::dom::ImportLoader::Error (this=0x604e130) at /home/qdot/code/mozbuild/gecko-dev/content/base/src/ImportManager.cpp:175 #8 0x00007f99de56c24e in mozilla::dom::ImportLoader::Open (this=0x604e130) at /home/qdot/code/mozbuild/gecko-dev/content/base/src/ImportManager.cpp:208 #9 0x00007f99de56c3f2 in mozilla::dom::ImportManager::Get (this=0x405afe0, aURI=aURI@entry=0x405aee0, aNode=aNode@entry=0x48093a0, aOrigDocument=aOrigDocument@entry=0x65a1dc0) at /home/qdot/code/mozbuild/gecko-dev/content/base/src/ImportManager.cpp:367 #10 0x00007f99de6799cc in mozilla::dom::HTMLLinkElement::UpdateImport (this=0x48093a0) at /home/qdot/code/mozbuild/gecko-dev/content/html/content/src/HTMLLinkElement.cpp:304 #11 0x00007f99de67e137 in nsRunnableMethodImpl<void (mozilla::dom::HTMLLinkElement::*)(), void, true>::Run (this=<optimized out>) at ../../../../dist/include/nsThreadUtils.h:387 #12 0x00007f99de52d66a in nsContentUtils::RemoveScriptBlocker () at /home/qdot/code/mozbuild/gecko-dev/content/base/src/nsContentUtils.cpp:5011 #13 0x00007f99de51888d in nsDocument::EndUpdate (this=this@entry=0x65a1dc0, aUpdateType=1) at /home/qdot/code/mozbuild/gecko-dev/content/base/src/nsDocument.cpp:4624 #14 0x00007f99de6ce29d in nsHTMLDocument::EndUpdate (this=0x65a1dc0, aUpdateType=<optimized out>) at /home/qdot/code/mozbuild/gecko-dev/content/html/document/src/nsHTMLDocument.cpp:2490 #15 0x00007f99de22952d in nsHtml5DocumentBuilder::UpdateStyleSheet (this=0x3634260, aElement=0x48093a0) at /home/qdot/code/mozbuild/gecko-dev/parser/html/nsHtml5DocumentBuilder.cpp:62 #16 0x00007f99de23e653 in nsHtml5TreeBuilder::startTag (this=0x3634440, elementName=0x20bbb40, attributes=0x29b9f70, selfClosing=selfClosing@entry=false) at /home/qdot/code/mozbuild/gecko-dev/parser/html/nsHtml5TreeBuilder.cpp:1683 #17 0x00007f99de23ef56 in nsHtml5Tokenizer::emitCurrentTagToken (this=this@entry=0x29a58a0, selfClosing=selfClosing@entry=false, pos=pos@entry=2393) at /home/qdot/code/mozbuild/gecko-dev/parser/html/nsHtml5Tokenizer.cpp:315 #18 0x00007f99de2497c6 in nsHtml5Tokenizer::stateLoop<nsHtml5SilentPolicy> (this=this@entry=0x29a58a0, state=16, state@entry=0, c=<optimized out>, c@entry=0 u'\000', pos=2393, pos@entry=-1, buf=0x38ce168 u"<!DOCTYPE html>\n<html>\n <head>\n <meta name=\"viewport\" content=\"width=device-width, user-scalable=no, initial-scale=1\">\n <meta charset=\"utf-8\">\n <title data-l10n-id=\"usage\">\n Usage\n <"..., reconsume=<optimized out>, reconsume@entry=false, returnState=2, endPos=5481) at /home/qdot/code/mozbuild/gecko-dev/parser/html/nsHtml5Tokenizer.cpp:838 #19 0x00007f99de23f0cb in nsHtml5Tokenizer::tokenizeBuffer (this=0x29a58a0, buffer=buffer@entry=0x7fff44133c40) at /home/qdot/code/mozbuild/gecko-dev/parser/html/nsHtml5Tokenizer.cpp:413 #20 0x00007f99de23f251 in nsHtml5StringParser::Tokenize (this=0x29b9000, aSourceBuffer=..., aDocument=aDocument@entry=0x65a1dc0, aScriptingEnabledForNoscriptParsing=<optimized out>) at /home/qdot/code/mozbuild/gecko-dev/parser/html/nsHtml5StringParser.cpp:112 #21 0x00007f99de23f599 in nsHtml5StringParser::ParseDocument (this=<optimized out>, aSourceBuffer=..., aTargetDoc=aTargetDoc@entry=0x65a1dc0, aScriptingEnabledForNoscriptParsing=aScriptingEnabledForNoscriptParsing@entry=false) at /home/qdot/code/mozbuild/gecko-dev/parser/html/nsHtml5StringParser.cpp:83 #22 0x00007f99de526fb2 in nsContentUtils::ParseDocumentHTML (aSourceBuffer=..., aTargetDocument=0x65a1dc0, aScriptingEnabledForNoscriptParsing=aScriptingEnabledForNoscriptParsing@entry=false) at /home/qdot/code/mozbuild/gecko-dev/content/base/src/nsContentUtils.cpp:4259 #23 0x00007f99de550058 in mozilla::dom::DOMParser::ParseFromString (this=this@entry=0x3d393f0, str=..., contentType=0x7f99df902804 "text/html", aResult=0x7fff44133db0) at /home/qdot/code/mozbuild/gecko-dev/content/base/src/DOMParser.cpp:102 #24 0x00007f99de55021e in mozilla::dom::DOMParser::ParseFromString (this=this@entry=0x3d393f0, aStr=..., aType=mozilla::dom::Text_html, rv=...) at /home/qdot/code/mozbuild/gecko-dev/content/base/src/DOMParser.cpp:57 #25 0x00007f99ddd1a32b in mozilla::dom::DOMParserBinding::parseFromString (cx=0x587ff10, obj=..., self=0x3d393f0, args=...) at /home/qdot/code/mozbuild/gecko-dev/obj-debug/dom/bindings/DOMParserBinding.cpp:62 #26 0x00007f99de0801f5 in mozilla::dom::GenericBindingMethod (cx=0x587ff10, argc=<optimized out>, vp=<optimized out>) at /home/qdot/code/mozbuild/gecko-dev/dom/bindings/BindingUtils.cpp:2348 #27 0x00007f99df7ca392 in js::CallJSNative (cx=0x587ff10, native=0x7f99de08009a <mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*)>, args=...) at /home/qdot/code/mozbuild/gecko-dev/js/src/jscntxtinlines.h:230 #28 0x00007f99df7b8663 in js::Invoke (cx=cx@entry=0x587ff10, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /home/qdot/code/mozbuild/gecko-dev/js/src/vm/Interpreter.cpp:455 #29 0x00007f99df7b23fa in Interpret (cx=cx@entry=0x587ff10, state=...) at /home/qdot/code/mozbuild/gecko-dev/js/src/vm/Interpreter.cpp:2551 #30 0x00007f99df7b83fb in js::RunScript (cx=cx@entry=0x587ff10, state=...) at /home/qdot/code/mozbuild/gecko-dev/js/src/vm/Interpreter.cpp:402 #31 0x00007f99df7b882b in js::Invoke (cx=cx@entry=0x587ff10, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /home/qdot/code/mozbuild/gecko-dev/js/src/vm/Interpreter.cpp:474 #32 0x00007f99df67db05 in js_fun_call (cx=0x587ff10, argc=<optimized out>, vp=0x6774b28) at /home/qdot/code/mozbuild/gecko-dev/js/src/jsfun.cpp:1076 #33 0x00007f99df7ca392 in js::CallJSNative (cx=0x587ff10, native=0x7f99df67d970 <js_fun_call(JSContext*, unsigned int, JS::Value*)>, args=...) at /home/qdot/code/mozbuild/gecko-dev/js/src/jscntxtinlines.h:230 #34 0x00007f99df7b8663 in js::Invoke (cx=cx@entry=0x587ff10, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /home/qdot/code/mozbuild/gecko-dev/js/src/vm/Interpreter.cpp:455 #35 0x00007f99df7b23fa in Interpret (cx=cx@entry=0x587ff10, state=...) at /home/qdot/code/mozbuild/gecko-dev/js/src/vm/Interpreter.cpp:2551 #36 0x00007f99df7b83fb in js::RunScript (cx=cx@entry=0x587ff10, state=...) at /home/qdot/code/mozbuild/gecko-dev/js/src/vm/Interpreter.cpp:402
Attached patch Proposed fixSplinter Review
I don't really have time to write a test for this right now, it should be possible by setting up CSP and doing something similar to bug 1027461 if anybody wants to take a stab at it. I should have caught this bug in review, we're unconditionally unblocking scripts in AutoError, but it's possible for us to fail before we block scripts.
Attachment #8447325 - Flags: review?(gkrizsanits)
Requesting blocking-2.0 because this will affect testing and is a regression.
blocking-b2g: --- → 2.0?
Whiteboard: [systemsfe]
Attachment #8447325 - Flags: review?(gkrizsanits) → review+
This is a debug only issue with no proof of user impact & does not cause an existing test suite already stood up in CI to go down, so this isn't a blocker.
blocking-b2g: 2.0? → backlog
Whiteboard: [systemsfe]
https://hg.mozilla.org/mozilla-central/rev/f00ebb996486
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla33
Depends on: 1033443
blocking-b2g: backlog → ---
tracking-b2g: --- → backlog
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: