Closed Bug 1101756 Opened 11 years ago Closed 11 years ago

crash in mozilla::ipc::PrincipalToPrincipalInfo(nsIPrincipal*, mozilla::ipc::PrincipalInfo*)

Categories

(Core :: IPC, defect)

Product:
Core
Component:
IPC
Version:
36 Branch
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla37
Tracking Flags:
Tracking Status
firefox36 --- affected

People

(Reporter: jbecerra, Assigned: bent.mozilla)

Details

(Keywords: crash, Whiteboard: dupeme)

Crash Data

Attachments

(1 file)

Null-check, v1
594 bytes, patch
khuey
: review+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-5261a7c4-aa32-498f-a5a5-2e2792141107. ============================================================= This is a recent crash on nightly with a steady number of reports in the past month. Over half of all crashers are on Windows 7, but all operating system are affected. There are no comments in the reports so far. More reports at: https://crash-stats.mozilla.com/report/list?product=Firefox&signature=mozilla%3A%3Aipc%3A%3APrincipalToPrincipalInfo%28nsIPrincipal%2A%2C+mozilla%3A%3Aipc%3A%3APrincipalInfo%2A%29 0 xul.dll mozilla::ipc::PrincipalToPrincipalInfo(nsIPrincipal*, mozilla::ipc::PrincipalInfo*) ipc/glue/BackgroundUtils.cpp 1 xul.dll mozilla::net::propagateLoadInfo(nsILoadInfo*, mozilla::net::HttpChannelOpenArgs&) netwerk/protocol/http/HttpChannelChild.cpp 2 xul.dll mozilla::net::HttpChannelChild::ContinueAsyncOpen() netwerk/protocol/http/HttpChannelChild.cpp 3 xul.dll mozilla::net::HttpChannelChild::AsyncOpen(nsIStreamListener*, nsISupports*) netwerk/protocol/http/HttpChannelChild.cpp 4 xul.dll nsXMLHttpRequest::Send(nsIVariant*, mozilla::dom::Nullable<nsXMLHttpRequest::RequestBody> const&) dom/base/nsXMLHttpRequest.cpp 5 xul.dll nsXMLHttpRequest::Send(mozilla::ErrorResult&) dom/base/nsXMLHttpRequest.h 6 xul.dll mozilla::dom::XMLHttpRequestBinding::send obj-firefox/dom/bindings/XMLHttpRequestBinding.cpp 7 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 8 xul.dll Interpret js/src/vm/Interpreter.cpp 9 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp 10 xul.dll js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value const&, js::ExecuteType, js::AbstractFramePtr, JS::Value*) js/src/vm/Interpreter.cpp 11 xul.dll js::Execute(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value*) js/src/vm/Interpreter.cpp 12 xul.dll ExecuteScript js/src/jsapi.cpp 13 xul.dll mozJSSubScriptLoader::DoLoadSubScriptWithOptions(nsAString_internal const&, LoadSubScriptOptions&, JSContext*, JS::MutableHandle<JS::Value>) js/xpconnect/loader/mozJSSubScriptLoader.cpp 14 xul.dll mozJSSubScriptLoader::LoadSubScript(nsAString_internal const&, JS::Handle<JS::Value>, nsAString_internal const&, JSContext*, JS::MutableHandle<JS::Value>) js/xpconnect/loader/mozJSSubScriptLoader.cpp 15 xul.dll NS_InvokeByIndex xpcom/reflect/xptcall/md/win32/xptcinvoke.cpp 16 xul.dll XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) js/xpconnect/src/XPCWrappedNative.cpp 17 xul.dll XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) js/xpconnect/src/XPCWrappedNativeJSOps.cpp 18 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 19 xul.dll Interpret js/src/vm/Interpreter.cpp 20 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 21 xul.dll js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) js/src/proxy/CrossCompartmentWrapper.cpp 22 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 23 xul.dll Interpret js/src/vm/Interpreter.cpp 24 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 25 xul.dll js_fun_apply(JSContext*, unsigned int, JS::Value*) js/src/jsfun.cpp 26 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 27 xul.dll Interpret js/src/vm/Interpreter.cpp 28 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 29 xul.dll js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) js/src/proxy/CrossCompartmentWrapper.cpp 30 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 31 xul.dll js_fun_apply(JSContext*, unsigned int, JS::Value*) js/src/jsfun.cpp 32 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 33 xul.dll js_fun_call(JSContext*, unsigned int, JS::Value*) js/src/jsfun.cpp 34 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 35 xul.dll js::CallOrConstructBoundFunction(JSContext*, unsigned int, JS::Value*) js/src/jsfun.cpp 36 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 37 xul.dll Interpret js/src/vm/Interpreter.cpp 38 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 39 xul.dll js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) js/src/proxy/CrossCompartmentWrapper.cpp 40 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 41 xul.dll Interpret js/src/vm/Interpreter.cpp 42 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 43 xul.dll js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) js/src/proxy/CrossCompartmentWrapper.cpp 44 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 45 xul.dll js_fun_apply(JSContext*, unsigned int, JS::Value*) js/src/jsfun.cpp 46 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 47 xul.dll js_fun_call(JSContext*, unsigned int, JS::Value*) js/src/jsfun.cpp 48 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 49 xul.dll js::CallOrConstructBoundFunction(JSContext*, unsigned int, JS::Value*) js/src/jsfun.cpp 50 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 51 xul.dll Interpret js/src/vm/Interpreter.cpp 52 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 53 xul.dll js::InvokeConstructor(JSContext*, JS::CallArgs) js/src/vm/Interpreter.cpp 54 xul.dll js::InvokeConstructor(JSContext*, JS::Value, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp 55 xul.dll js::DirectProxyHandler::construct(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) js/src/proxy/DirectProxyHandler.cpp 56 xul.dll js::CrossCompartmentWrapper::construct(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) js/src/proxy/CrossCompartmentWrapper.cpp 57 xul.dll js::Proxy::construct(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) js/src/proxy/Proxy.cpp 58 xul.dll js::proxy_Construct(JSContext*, unsigned int, JS::Value*) js/src/proxy/Proxy.cpp 59 xul.dll js::InvokeConstructor(JSContext*, JS::CallArgs) js/src/vm/Interpreter.cpp 60 xul.dll Interpret js/src/vm/Interpreter.cpp 61 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 62 xul.dll js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp 63 xul.dll JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) js/src/jsapi.cpp 64 xul.dll nsFrameMessageManager::ReceiveMessage(nsISupports*, nsAString_internal const&, bool, mozilla::dom::StructuredCloneData const*, CpowHolder*, nsIPrincipal*, nsTArray<nsString>*) dom/base/nsFrameMessageManager.cpp 65 xul.dll mozilla::dom::TabChild::RecvAsyncMessage(nsString const&, mozilla::dom::ClonedMessageData const&, nsTArray<mozilla::jsipc::CpowEntry> const&, IPC::Principal const&) dom/ipc/TabChild.cpp 66 xul.dll mozilla::dom::PBrowserChild::OnMessageReceived(IPC::Message const&) obj-firefox/ipc/ipdl/PBrowserChild.cpp 67 xul.dll mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) obj-firefox/ipc/ipdl/PContentChild.cpp 68 xul.dll mozilla::ipc::MessageChannel::OnMaybeDequeueOne() ipc/glue/MessageChannel.cpp 69 xul.dll MessageLoop::DoWork() ipc/chromium/src/base/message_loop.cc 70 xul.dll mozilla::ipc::DoWorkRunnable::Run() ipc/glue/MessagePump.cpp 71 xul.dll nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp 72 xul.dll mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 73 xul.dll mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 74 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc 75 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 76 xul.dll nsBaseAppShell::Run() widget/nsBaseAppShell.cpp 77 xul.dll nsAppShell::Run() widget/windows/nsAppShell.cpp 78 xul.dll XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp 79 xul.dll mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 80 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc 81 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 82 xul.dll XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp 83 plugin-container.exe content_process_main(int, char** const) ipc/contentproc/plugin-container.cpp 84 plugin-container.exe wmain toolkit/xre/nsWindowsWMain.cpp 85 plugin-container.exe __tmainCRTStartup f:/dd/vctools/crt/crtw32/startup/crt0.c:255 86 kernel32.dll BaseThreadInitThunk Ø 87 ntdll.dll ntdll.dll@0x50bba Ø 88 ntdll.dll ntdll.dll@0x50b90
Null |uri| in PrincipalToPrincipalInfo. Ben are you the right person to look at this? Blame points to you but the regression range doesn't: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=2114ef80f6ae&tochange=17e190839086
Flags: needinfo?(bent.mozilla)
Im getting this crash with e10s constantly on steam forums. https://crash-stats.mozilla.com/report/index/04b2a9fa-44b6-4bd7-ae6c-909fe2141124 If i disable e10s im still crashing on steam forums but the signature changes to https://crash-stats.mozilla.com/report/index/684715ed-1885-431c-89a4-f2d022141124
(In reply to kalviskajaks from comment #2) > Im getting this crash with e10s constantly on steam forums. > https://crash-stats.mozilla.com/report/index/04b2a9fa-44b6-4bd7-ae6c- > 909fe2141124 > > If i disable e10s im still crashing on steam forums but the signature > changes to > https://crash-stats.mozilla.com/report/index/684715ed-1885-431c-89a4- > f2d022141124 The same happens to me as well but it's only when the Enhanced Steam extension is installed and enabled (version 7.1.1 from http://firefox.enhancedsteam.com/). If I have it disabled the Steam website and forums work fine.
Oh i too have that extension! No im not sure if i tried the safe mode...
So the crash reports clearly show us having a principal that returns NS_OK for GetURI, but then the URI it returns is null. Looking at nsPrincipal this is apparently by design, so we just need an additional null check.
Flags: needinfo?(bent.mozilla)
Attached patch Null-check, v1Splinter Review
Assignee: nobody → bent.mozilla
Status: NEW → ASSIGNED
Attachment #8529095 - Flags: review?(khuey)
https://hg.mozilla.org/mozilla-central/rev/a3d07868d185
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla37
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: