PostMessageEvent::Run should not be working with gray window objects

RESOLVED FIXED in Firefox 50

Status

()

defect
RESOLVED FIXED
3 years ago
4 months ago

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Tracking

Trunk
mozilla51
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox50 fixed, firefox51 fixed)

Details

Attachments

(1 attachment)

This got hit in dom/media/test/test_access_control.html
Attachment #8777071 - Flags: review?(bugs) → review+
Pushed by bzbarsky@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/73a57814a495
Don't enter the compartment of a possibly-gray window object in PostMessageEvent::Run.  r=smaug
Pushed by bzbarsky@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/d362c6cc036a
followup.  Add some comments explaining why we're initializing the AutoJSAPI in PostMessageEvent::Run the way we do.  DONTBUILD
https://hg.mozilla.org/mozilla-central/rev/73a57814a495
https://hg.mozilla.org/mozilla-central/rev/d362c6cc036a
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
Comment on attachment 8777071 [details] [diff] [review]
Don't enter the compartment of a possibly-gray window object in PostMessageEvent::Run

Approval Request Comment
[Feature/regressing bug #]: None
[User impact if declined]: Possible GC crashes and other such badness
[Describe test coverage new/current, TreeHerder]: This codepath is tested in
   general, yes.
[Risks and why]: This is extremely low risk.
[String/UUID change made/needed]: None.
Attachment #8777071 - Flags: approval-mozilla-aurora?
Comment on attachment 8777071 [details] [diff] [review]
Don't enter the compartment of a possibly-gray window object in PostMessageEvent::Run

Crash fix, has stabilized on Nightly for a few weeks, Aurora50+
Attachment #8777071 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.