Closed Bug 1210508 Opened 9 years ago Closed 9 years ago

crash in JSAutoCompartment::JSAutoCompartment(JSContext*, JSObject*) | nsILoadContext::GetOriginAttributes(mozilla::OriginAttributes&)


(Core :: Security: CAPS, defect)

Not set



blocking-b2g 2.5+
Tracking Status
firefox44 --- fixed
b2g-v2.2 --- unaffected
b2g-master --- affected


(Reporter: vbelonenko, Assigned: bholley)




(Keywords: crash, regression, reproducible, Whiteboard: [2.5-Daily-Testing][Spark])

Crash Data


(2 files)

This bug was filed from the Socorro interface and is 
report bp-0cdf161f-3899-4ce2-bbff-af2282151001.

0	JSAutoCompartment::JSAutoCompartment(JSContext*, JSObject*)	
1	nsILoadContext::GetOriginAttributes(mozilla::OriginAttributes&)	/home/worker/objdir-gecko/objdir/dist/include/nsILoadContext.h:112
2	mozilla::OriginAttributes::CopyFromLoadContext(nsILoadContext*)	caps/BasePrincipal.cpp
3	nsScriptSecurityManager::GetLoadContextCodebasePrincipal(nsIURI*, nsILoadContext*, nsIPrincipal**)	caps/nsScriptSecurityManager.cpp
4	nsScriptSecurityManager::GetChannelURIPrincipal(nsIChannel*, nsIPrincipal**)	caps/nsScriptSecurityManager.cpp
5	mozilla::net::HttpBaseChannel::TimingAllowCheck(nsIPrincipal*, bool*)	netwerk/protocol/http/HttpBaseChannel.cpp
6	mozilla::net::HttpBaseChannel::SetupReplacementChannel(nsIURI*, nsIChannel*, bool)	/home/worker/objdir-gecko/objdir/dist/include/nsITimedChannel.h:95
7	mozilla::net::nsHttpChannel::SetupReplacementChannel(nsIURI*, nsIChannel*, bool)	netwerk/protocol/http/nsHttpChannel.cpp
8	mozilla::net::nsHttpChannel::ContinueProcessRedirectionAfterFallback(nsresult)	netwerk/protocol/http/nsHttpChannel.cpp
9	mozilla::net::nsHttpChannel::AsyncProcessRedirection(unsigned int)	netwerk/protocol/http/nsHttpChannel.cpp
10	mozilla::net::nsHttpChannel::ProcessResponse()	netwerk/protocol/http/nsHttpChannel.cpp
11	mozilla::net::nsHttpChannel::OnStartRequest(nsIRequest*, nsISupports*)	netwerk/protocol/http/nsHttpChannel.cpp
12	nsInputStreamPump::OnStateStart()	netwerk/base/nsInputStreamPump.cpp
13	nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*)	netwerk/base/nsInputStreamPump.cpp
14	nsInputStreamReadyEvent::Run()	xpcom/io/nsStreamUtils.cpp
15	nsThread::ProcessNextEvent(bool, bool*)	xpcom/threads/nsThread.cpp
16	NS_ProcessNextEvent(nsIThread*, bool)	xpcom/glue/nsThreadUtils.cpp
17	mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)	ipc/glue/MessagePump.cpp
18	MessageLoop::RunInternal()	ipc/chromium/src/base/
19	MessageLoop::Run()	ipc/chromium/src/base/
20	nsBaseAppShell::Run()	widget/nsBaseAppShell.cpp
21	nsAppStartup::Run()	toolkit/components/startup/nsAppStartup.cpp
22	XREMain::XRE_mainRun()	toolkit/xre/nsAppRunner.cpp
23	XREMain::XRE_main(int, char**, nsXREAppData const*)	toolkit/xre/nsAppRunner.cpp
24	XRE_main	toolkit/xre/nsAppRunner.cpp
25	b2g	do_main	b2g/app/nsBrowserApp.cpp
26	b2g	b2g_main(int, char const**)	b2g/app/nsBrowserApp.cpp
27	b2g	main	b2g/app/B2GLoader.cpp
28	__libc_init	/home/worker/workspace/B2G/bionic/libc/bionic/libc_init_dynamic.cpp:112
29	b2g	b2g@0xc1da	
30	linker	set_soinfo_pool_protection	/home/worker/workspace/B2G/bionic/linker/linker.cpp:291
31		@0xbefb6a6a	

When user selects ESPN Brasil app inside marketplace app and tries to install. The mobile device crashes and restarts.
Repro Steps:

1) Update a Aries to 20150930115400
2) Open Marketplace app
3) Install ESPN Brasil app
4) Observe that when you select install for free it crashes and restarts your phone.

User tries to install ESPN Brasil app, it crashes when he selects install for free.

ESPN Brasil app should not crash while installing.

Notes: Only happens to ESPN Brasil app

Environmental Variables:
Device: Aries Master 2.5 kk full flash (319 mb)
Build ID: 20150930115400
Gaia: 14a64f1ebd353bccc3f1c0399e1a01a03327749e
Gecko: 97e537f85183ef31481602ab9e5587a6e7d16b4d
Gonk: 2916e2368074b5383c80bf5a0fba3fc83ba310bd
Version: 44.0a1 (Master)
Firmware Version: D5803_23.1.A.1.28_NCB.ftf
User Agent: Mozilla/5.0 (Mobile; rv:44.0) Gecko/44.0 Firefox/44.0

Repro frequency: 3/3
See attached: video clip and logcat
This issue occurs on 2.5 flame
Result: User tries to install ESPN Brasil app, it crashes when he selects install for free.

Environmental Variables:
Device: Flame Master 2.5 kk full flash (319 mb)
Build ID: 20150929030205
Gaia: f345f6a015709beeb2ca3955cab077fcaa959d3b
Gecko: acdb22976ff86539dc10413c5f366e1fb429a680
Gonk: c4779d6da0f85894b1f78f0351b43f2949e8decd
Version: 44.0a1 (Master)
Firmware Version: v18D
User Agent: Mozilla/5.0 (Mobile; rv:44.0) Gecko/44.0 Firefox/44.0

This issue does not occur on 2.2 flame
Result: ESPN Brasil app did not crash while installing.

Environmental Variables:
Device: Flame 2.2 kk full flash (319 mb)
Build ID: 20150930032502
Gaia: 5dd95cfb9f1d6501ce0e34414596ef3dd9c2f583
Gecko: 65ddad73ad6b
Gonk: bd9cb3af2a0354577a6903917bc826489050b40d
Version: 37.0 (2.2)
Firmware Version: v18D
User Agent: Mozilla/5.0 (Mobile; rv:37.0) Gecko/37.0 Firefox/37.0
QA Whiteboard: [QAnalyst-Triage+]
Flags: needinfo?(ktucker)
blocking-b2g: --- → 2.5?
QA Whiteboard: [QAnalyst-Triage+]
QA Contact: pcheng
b2g-inbound regression window:

Last Working
Device: Flame 2.5
BuildID: 20150926164034
Gaia: 566ca621e80c40d71b818d3aa8d39e2e96ff85d5
Gecko: fb6f36ba8eb1909f23e1ba5b6c1c8f3e3200bbfc
Version: 44.0a1 (2.5) 
Firmware Version: v18Dv4
User Agent: Mozilla/5.0 (Mobile; rv:44.0) Gecko/44.0 Firefox/44.0

First Broken
Device: Flame 2.5
BuildID: 20150926230934
Gaia: 566ca621e80c40d71b818d3aa8d39e2e96ff85d5
Gecko: 86a7be21dfc8ef0a3c3080d58ef508732ce2d154
Version: 44.0a1 (2.5) 
Firmware Version: v18Dv4
User Agent: Mozilla/5.0 (Mobile; rv:44.0) Gecko/44.0 Firefox/44.0

Gaia is the same so it's a Gecko issue.

Gecko pushlog:

This issue appears to be caused by changes made in Bug 1165466.
Blocks: 1165466
QA Whiteboard: [QAnalyst-Triage?]
Flags: needinfo?(jmercado)
Yoshi this issue seems to have been caused by the changes for bug 1165466.  Can you please take a look?
QA Whiteboard: [QAnalyst-Triage?] → [QAnalyst-Triage+]
Flags: needinfo?(allstars.chh)
Flags: needinfo?(jmercado)
I'll land a patch for this real quick.
Can somebody push this patch to b2g-inbound? I don't have a local checkout of it.
Thanks Bobby for the help, push the patch with updating UUID.
Flags: needinfo?(allstars.chh)
Thanks a lot Bobby!
blocking-b2g: 2.5? → 2.5+
Assignee: nobody → bobbyholley
Component: Gaia::System::Download → Security: CAPS
Product: Firefox OS → Core
Whiteboard: [2.5-Daily-Testing][Systemsfe][Spark] → [2.5-Daily-Testing][Spark]
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla44
You need to log in before you can comment on or make changes to this bug.