Closed Bug 1104193 Opened 11 years ago Closed 11 years ago

crash in nsContentUtils::GetUTFOrigin(nsIURI*, nsString&)

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
All
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla36

People

(Reporter: nhirata, Assigned: baku)

References

Details

(Keywords: crash, regression, Whiteboard: [b2g-crash])

Crash Data

Attachments

(2 files)

crash.patch
1.27 KB, patch
smaug
: review+
Details | Diff | Splinter Review
crash.patch
1.26 KB, patch
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-8641f819-213d-4a3f-86e0-8183a2141122. ============================================================= Frame Module Signature Source 0 libxul.so nsContentUtils::GetUTFOrigin(nsIURI*, nsString&) /home/geeksphone/FOS/peak/gecko/dom/base/nsContentUtils.cpp:5834 1 libxul.so mozilla::dom::Link::GetOrigin(nsAString_internal&, mozilla::ErrorResult&) /home/geeksphone/FOS/peak/gecko/dom/base/Link.cpp:285 2 libxul.so mozilla::dom::HTMLAnchorElementBinding::get_origin /home/geeksphone/FOS/peak/objdir-gecko/dom/bindings/HTMLAnchorElementBinding.cpp:850 3 libxul.so mozilla::dom::GenericBindingGetter(JSContext*, unsigned int, JS::Value*) /home/geeksphone/FOS/peak/gecko/dom/bindings/BindingUtils.cpp:2362 4 libxul.so js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) /home/geeksphone/FOS/peak/gecko/js/src/jscntxtinlines.h:231 5 libxul.so js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) /home/geeksphone/FOS/peak/gecko/js/src/vm/Interpreter.cpp:538 6 libxul.so js::InvokeGetterOrSetter /home/geeksphone/FOS/peak/gecko/js/src/vm/Interpreter.cpp:611 7 libxul.so js::baseops::GetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::MutableHandle<JS::Value>) /home/geeksphone/FOS/peak/gecko/js/src/vm/Shape-inl.h:44 8 libxul.so JSObject::getGeneric(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::MutableHandle<JS::Value>) /home/geeksphone/FOS/peak/gecko/js/src/vm/NativeObject.h:1405 9 libxul.so Interpret /home/geeksphone/FOS/peak/gecko/js/src/vm/Interpreter.cpp:253 10 libxul.so js::RunScript(JSContext*, js::RunState&) /home/geeksphone/FOS/peak/gecko/js/src/vm/Interpreter.cpp:432 11 libxul.so js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) /home/geeksphone/FOS/peak/gecko/js/src/vm/Interpreter.cpp:501 12 libxul.so js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) /home/geeksphone/FOS/peak/gecko/js/src/vm/Interpreter.cpp:538 13 libxul.so js::jit::DoCallFallback /home/geeksphone/FOS/peak/gecko/js/src/jit/BaselineIC.cpp:8986 14 @0x4325aab6 More Reports : https://crash-stats.mozilla.com/report/list?product=B2G&signature=nsContentUtils%3A%3AGetUTFOrigin%28nsIURI*%2C+nsString%26%29#tab-reports Build 20141122021409 only so far.
Whiteboard: [b2g-crash]
There used to be a null-check on 'principal', but it was removed in bug 1101584. Was that intentional?
Blocks: 1101584
Flags: needinfo?(amarchesini)
Keywords: regression
Attached patch crash.patchSplinter Review
Flags: needinfo?(amarchesini)
Attachment #8527862 - Flags: review?(bugs)
Attachment #8527862 - Flags: review?(bugs) → review+
Assignee: nobody → amarchesini
What about nsContentUtils::GetASCIIOrigin, does that need a null-check too? https://bugzilla.mozilla.org/attachment.cgi?id=8525515&action=diff
Attached patch crash.patchSplinter Review
Sorry for this. I forgot that other method. I assume a r+ from smaug here too. https://hg.mozilla.org/integration/mozilla-inbound/rev/0a6d23163848
https://hg.mozilla.org/mozilla-central/rev/b66c71e822ca https://hg.mozilla.org/mozilla-central/rev/0a6d23163848
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: