Closed Bug 1104193 Opened 7 years ago Closed 7 years ago

crash in nsContentUtils::GetUTFOrigin(nsIURI*, nsString&)

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
All
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla36

People

(Reporter: nhirata, Assigned: baku)

References

Details

(Keywords: crash, regression, Whiteboard: [b2g-crash])

Crash Data

Attachments

(2 files)

crash.patch
1.27 KB, patch
smaug
: review+
Details | Diff | Splinter Review
crash.patch
1.26 KB, patch
Details | Diff | Splinter Review 
This bug was filed from the Socorro interface and is 
report bp-8641f819-213d-4a3f-86e0-8183a2141122.
=============================================================
Frame 	Module 	Signature 	Source
0 	libxul.so 	nsContentUtils::GetUTFOrigin(nsIURI*, nsString&) 	/home/geeksphone/FOS/peak/gecko/dom/base/nsContentUtils.cpp:5834
1 	libxul.so 	mozilla::dom::Link::GetOrigin(nsAString_internal&, mozilla::ErrorResult&) 	/home/geeksphone/FOS/peak/gecko/dom/base/Link.cpp:285
2 	libxul.so 	mozilla::dom::HTMLAnchorElementBinding::get_origin 	/home/geeksphone/FOS/peak/objdir-gecko/dom/bindings/HTMLAnchorElementBinding.cpp:850
3 	libxul.so 	mozilla::dom::GenericBindingGetter(JSContext*, unsigned int, JS::Value*) 	/home/geeksphone/FOS/peak/gecko/dom/bindings/BindingUtils.cpp:2362
4 	libxul.so 	js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) 	/home/geeksphone/FOS/peak/gecko/js/src/jscntxtinlines.h:231
5 	libxul.so 	js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) 	/home/geeksphone/FOS/peak/gecko/js/src/vm/Interpreter.cpp:538
6 	libxul.so 	js::InvokeGetterOrSetter 	/home/geeksphone/FOS/peak/gecko/js/src/vm/Interpreter.cpp:611
7 	libxul.so 	js::baseops::GetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::MutableHandle<JS::Value>) 	/home/geeksphone/FOS/peak/gecko/js/src/vm/Shape-inl.h:44
8 	libxul.so 	JSObject::getGeneric(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::MutableHandle<JS::Value>) 	/home/geeksphone/FOS/peak/gecko/js/src/vm/NativeObject.h:1405
9 	libxul.so 	Interpret 	/home/geeksphone/FOS/peak/gecko/js/src/vm/Interpreter.cpp:253
10 	libxul.so 	js::RunScript(JSContext*, js::RunState&) 	/home/geeksphone/FOS/peak/gecko/js/src/vm/Interpreter.cpp:432
11 	libxul.so 	js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) 	/home/geeksphone/FOS/peak/gecko/js/src/vm/Interpreter.cpp:501
12 	libxul.so 	js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) 	/home/geeksphone/FOS/peak/gecko/js/src/vm/Interpreter.cpp:538
13 	libxul.so 	js::jit::DoCallFallback 	/home/geeksphone/FOS/peak/gecko/js/src/jit/BaselineIC.cpp:8986
14 		@0x4325aab6

More Reports : 
https://crash-stats.mozilla.com/report/list?product=B2G&signature=nsContentUtils%3A%3AGetUTFOrigin%28nsIURI*%2C+nsString%26%29#tab-reports

Build 20141122021409 only so far.
Whiteboard: [b2g-crash]
There used to be a null-check on 'principal', but it was removed in bug 1101584.
Was that intentional?
Blocks: 1101584
Flags: needinfo?(amarchesini)
Keywords: regression
Attached patch crash.patchSplinter Review
Flags: needinfo?(amarchesini)
Attachment #8527862 - Flags: review?(bugs)
Attachment #8527862 - Flags: review?(bugs) → review+
Assignee: nobody → amarchesini
What about nsContentUtils::GetASCIIOrigin, does that need a null-check too?
https://bugzilla.mozilla.org/attachment.cgi?id=8525515&action=diff
Attached patch crash.patchSplinter Review 
Sorry for this. I forgot that other method. I assume a r+ from smaug here too.

https://hg.mozilla.org/integration/mozilla-inbound/rev/0a6d23163848
https://hg.mozilla.org/mozilla-central/rev/b66c71e822ca
https://hg.mozilla.org/mozilla-central/rev/0a6d23163848
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.