Closed Bug 1210508 Opened 9 years ago Closed 9 years ago

crash in JSAutoCompartment::JSAutoCompartment(JSContext*, JSObject*) | nsILoadContext::GetOriginAttributes(mozilla::OriginAttributes&)

Categories

(Core :: Security: CAPS, defect)

Product:
Core
Component:
Security: CAPS
Platform:
Unspecified
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla44
Project Flags:
blocking-b2g 2.5+
Tracking Flags:
Tracking Status
firefox44 --- fixed
b2g-v2.2 --- unaffected
b2g-master --- affected

People

(Reporter: vbelonenko, Assigned: bholley)

References

(
URL
)

Details

(Keywords: crash, regression, reproducible, Whiteboard: [2.5-Daily-Testing][Spark])

Crash Data

Attachments

(2 files)

logcat_20150930_1225.txt
1003.76 KB, text/plain
Details
Handle null OriginAttributes from JS-implemented nsILoadContext. r=me
1.14 KB, patch
bholley
: review+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-0cdf161f-3899-4ce2-bbff-af2282151001. ============================================================= 0 libxul.so JSAutoCompartment::JSAutoCompartment(JSContext*, JSObject*) 1 libxul.so nsILoadContext::GetOriginAttributes(mozilla::OriginAttributes&) /home/worker/objdir-gecko/objdir/dist/include/nsILoadContext.h:112 2 libxul.so mozilla::OriginAttributes::CopyFromLoadContext(nsILoadContext*) caps/BasePrincipal.cpp 3 libxul.so nsScriptSecurityManager::GetLoadContextCodebasePrincipal(nsIURI*, nsILoadContext*, nsIPrincipal**) caps/nsScriptSecurityManager.cpp 4 libxul.so nsScriptSecurityManager::GetChannelURIPrincipal(nsIChannel*, nsIPrincipal**) caps/nsScriptSecurityManager.cpp 5 libxul.so mozilla::net::HttpBaseChannel::TimingAllowCheck(nsIPrincipal*, bool*) netwerk/protocol/http/HttpBaseChannel.cpp 6 libxul.so mozilla::net::HttpBaseChannel::SetupReplacementChannel(nsIURI*, nsIChannel*, bool) /home/worker/objdir-gecko/objdir/dist/include/nsITimedChannel.h:95 7 libxul.so mozilla::net::nsHttpChannel::SetupReplacementChannel(nsIURI*, nsIChannel*, bool) netwerk/protocol/http/nsHttpChannel.cpp 8 libxul.so mozilla::net::nsHttpChannel::ContinueProcessRedirectionAfterFallback(nsresult) netwerk/protocol/http/nsHttpChannel.cpp 9 libxul.so mozilla::net::nsHttpChannel::AsyncProcessRedirection(unsigned int) netwerk/protocol/http/nsHttpChannel.cpp 10 libxul.so mozilla::net::nsHttpChannel::ProcessResponse() netwerk/protocol/http/nsHttpChannel.cpp 11 libxul.so mozilla::net::nsHttpChannel::OnStartRequest(nsIRequest*, nsISupports*) netwerk/protocol/http/nsHttpChannel.cpp 12 libxul.so nsInputStreamPump::OnStateStart() netwerk/base/nsInputStreamPump.cpp 13 libxul.so nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) netwerk/base/nsInputStreamPump.cpp 14 libxul.so nsInputStreamReadyEvent::Run() xpcom/io/nsStreamUtils.cpp 15 libxul.so nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp 16 libxul.so NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp 17 libxul.so mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 18 libxul.so MessageLoop::RunInternal() ipc/chromium/src/base/message_loop.cc 19 libxul.so MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 20 libxul.so nsBaseAppShell::Run() widget/nsBaseAppShell.cpp 21 libxul.so nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp 22 libxul.so XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp 23 libxul.so XREMain::XRE_main(int, char**, nsXREAppData const*) toolkit/xre/nsAppRunner.cpp 24 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp 25 b2g do_main b2g/app/nsBrowserApp.cpp 26 b2g b2g_main(int, char const**) b2g/app/nsBrowserApp.cpp 27 b2g main b2g/app/B2GLoader.cpp 28 libc.so __libc_init /home/worker/workspace/B2G/bionic/libc/bionic/libc_init_dynamic.cpp:112 29 b2g b2g@0xc1da 30 linker set_soinfo_pool_protection /home/worker/workspace/B2G/bionic/linker/linker.cpp:291 31 @0xbefb6a6a Description: When user selects ESPN Brasil app inside marketplace app and tries to install. The mobile device crashes and restarts. Repro Steps: 1) Update a Aries to 20150930115400 2) Open Marketplace app 3) Install ESPN Brasil app 4) Observe that when you select install for free it crashes and restarts your phone. Actual: User tries to install ESPN Brasil app, it crashes when he selects install for free. Expected: ESPN Brasil app should not crash while installing. Notes: Only happens to ESPN Brasil app Environmental Variables: Device: Aries Master 2.5 kk full flash (319 mb) Build ID: 20150930115400 Gaia: 14a64f1ebd353bccc3f1c0399e1a01a03327749e Gecko: 97e537f85183ef31481602ab9e5587a6e7d16b4d Gonk: 2916e2368074b5383c80bf5a0fba3fc83ba310bd Version: 44.0a1 (Master) Firmware Version: D5803_23.1.A.1.28_NCB.ftf User Agent: Mozilla/5.0 (Mobile; rv:44.0) Gecko/44.0 Firefox/44.0 Repro frequency: 3/3 See attached: video clip and logcat
This issue occurs on 2.5 flame Result: User tries to install ESPN Brasil app, it crashes when he selects install for free. Environmental Variables: Device: Flame Master 2.5 kk full flash (319 mb) Build ID: 20150929030205 Gaia: f345f6a015709beeb2ca3955cab077fcaa959d3b Gecko: acdb22976ff86539dc10413c5f366e1fb429a680 Gonk: c4779d6da0f85894b1f78f0351b43f2949e8decd Version: 44.0a1 (Master) Firmware Version: v18D User Agent: Mozilla/5.0 (Mobile; rv:44.0) Gecko/44.0 Firefox/44.0 This issue does not occur on 2.2 flame Result: ESPN Brasil app did not crash while installing. Environmental Variables: Device: Flame 2.2 kk full flash (319 mb) Build ID: 20150930032502 Gaia: 5dd95cfb9f1d6501ce0e34414596ef3dd9c2f583 Gecko: 65ddad73ad6b Gonk: bd9cb3af2a0354577a6903917bc826489050b40d Version: 37.0 (2.2) Firmware Version: v18D User Agent: Mozilla/5.0 (Mobile; rv:37.0) Gecko/37.0 Firefox/37.0
QA Whiteboard: [QAnalyst-Triage+]
status-b2g-v2.2: --- → unaffected
status-b2g-master: --- → affected
Flags: needinfo?(ktucker)
blocking-b2g: --- → 2.5?
QA Whiteboard: [QAnalyst-Triage+]
QA Contact: pcheng
b2g-inbound regression window: Last Working Device: Flame 2.5 BuildID: 20150926164034 Gaia: 566ca621e80c40d71b818d3aa8d39e2e96ff85d5 Gecko: fb6f36ba8eb1909f23e1ba5b6c1c8f3e3200bbfc Version: 44.0a1 (2.5) Firmware Version: v18Dv4 User Agent: Mozilla/5.0 (Mobile; rv:44.0) Gecko/44.0 Firefox/44.0 First Broken Device: Flame 2.5 BuildID: 20150926230934 Gaia: 566ca621e80c40d71b818d3aa8d39e2e96ff85d5 Gecko: 86a7be21dfc8ef0a3c3080d58ef508732ce2d154 Version: 44.0a1 (2.5) Firmware Version: v18Dv4 User Agent: Mozilla/5.0 (Mobile; rv:44.0) Gecko/44.0 Firefox/44.0 Gaia is the same so it's a Gecko issue. Gecko pushlog: http://hg.mozilla.org/integration/b2g-inbound/pushloghtml?fromchange=fb6f36ba8eb1909f23e1ba5b6c1c8f3e3200bbfc&tochange=86a7be21dfc8ef0a3c3080d58ef508732ce2d154 This issue appears to be caused by changes made in Bug 1165466.
Blocks: 1165466
QA Whiteboard: [QAnalyst-Triage?]
Flags: needinfo?(jmercado)
Keywords: regressionwindow-wanted
Yoshi this issue seems to have been caused by the changes for bug 1165466. Can you please take a look?
QA Whiteboard: [QAnalyst-Triage?] → [QAnalyst-Triage+]
Flags: needinfo?(allstars.chh)
Flags: needinfo?(jmercado)
I'll land a patch for this real quick.
Can somebody push this patch to b2g-inbound? I don't have a local checkout of it.
Thanks Bobby for the help, push the patch with updating UUID.
Flags: needinfo?(allstars.chh)
Thanks a lot Bobby!
blocking-b2g: 2.5? → 2.5+
Assignee: nobody → bobbyholley
Component: Gaia::System::Download → Security: CAPS
Product: Firefox OS → Core
Whiteboard: [2.5-Daily-Testing][Systemsfe][Spark] → [2.5-Daily-Testing][Spark]
https://hg.mozilla.org/mozilla-central/rev/0b9b618c20f2
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox44: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla44
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: