Closed
Bug 1306300
Opened 8 years ago
Closed 8 years ago
Crash in nsILoadContext::GetOriginAttributes
Categories
(Core :: DOM: Navigation, defect)
Tracking
()
RESOLVED
FIXED
mozilla52
People
(Reporter: mayhemer, Assigned: smaug)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file, 1 obsolete file)
790 bytes,
patch
|
baku
:
review+
ritu
:
approval-mozilla-aurora+
ritu
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-fdf5e255-a415-4186-8cdd-aa4042160929. ============================================================= STR, not reliable: - running Nightly (old heavy profile) as a default browser to open web links - click an https (not sure about http may reproduce too) link in an external app (for me happens with Thunderbird, clicking a (trustworthy) emailed link) => instant crash STR2, even less reliable: - DXR page - click an identifier - right e.g. the "find callers" link => instant crash nsILoadContext::GetOriginAttributes(mozilla::DocShellOriginAttributes&) nsScriptSecurityManager::GetLoadContextCodebasePrincipal(nsIURI*, nsILoadContext*, nsIPrincipal**) NS_InvokeByIndex Not sure about addon influence, I didn't try safe more (and would like to avoid it unless really necessary.)
Assignee | ||
Comment 1•8 years ago
|
||
Isn't the issue that someone in JS is passing null nsILoadContext to GetLoadContextCodebasePrincipal. http://searchfox.org/mozilla-central/rev/572e74ee991bbfd812766b4524237eb77577a4b1/docshell/base/nsILoadContext.idl#146 is non-virtual. So we end up crashing in https://hg.mozilla.org/mozilla-central/annotate/66a77b9bfe5d/docshell/base/LoadContext.cpp#l22
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → bugs
Assignee | ||
Comment 2•8 years ago
|
||
This will hopefully fix the crash, and then propagate the exception to JS side so that we can find who is passing the null context.
Attachment #8796226 -
Flags: review?(amarchesini)
Assignee | ||
Comment 3•8 years ago
|
||
Attachment #8796226 -
Attachment is obsolete: true
Attachment #8796226 -
Flags: review?(amarchesini)
Attachment #8796227 -
Flags: review?(amarchesini)
Updated•8 years ago
|
Attachment #8796227 -
Flags: review?(amarchesini) → review+
Reporter | ||
Comment 4•8 years ago
|
||
Thanks Olli!
Pushed by opettay@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/14d41b959f3a null check nsILoadContext in GetLoadContextCodebasePrincipal, r=baku
Comment 6•8 years ago
|
||
Not sure if the frequency is high enough to warrant ESR45 consideration (though AFAICT, the issue goes back at least that far), but I'm thinking we could probably stand to at least take this on Aurora/Beta.
status-firefox49:
--- → wontfix
status-firefox50:
--- → affected
status-firefox51:
--- → affected
status-firefox52:
--- → affected
status-firefox-esr45:
--- → affected
Comment 7•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/14d41b959f3a
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
Hi Olli, given the one-line fix, should we uplift to Aurora51/Beta50? I see one instance of this signature on 50.0b1 and 50.0b5.
Flags: needinfo?(bugs)
Assignee | ||
Comment 9•8 years ago
|
||
Comment on attachment 8796227 [details] [diff] [review] better looking Approval Request Comment [Feature/regressing bug #]: I think bug 1011024 [User impact if declined]: Crashes if some addon or browser chrome js passes null loadcontext [Describe test coverage new/current, TreeHerder]: NA [Risks and why]: Just a null check [String/UUID change made/needed]: NA
Flags: needinfo?(bugs)
Attachment #8796227 -
Flags: approval-mozilla-beta?
Attachment #8796227 -
Flags: approval-mozilla-aurora?
Comment on attachment 8796227 [details] [diff] [review] better looking Crash fix, Aurora51+, Beta50+
Attachment #8796227 -
Flags: approval-mozilla-beta?
Attachment #8796227 -
Flags: approval-mozilla-beta+
Attachment #8796227 -
Flags: approval-mozilla-aurora?
Attachment #8796227 -
Flags: approval-mozilla-aurora+
Comment 11•8 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-aurora/rev/fc553ef41ab8
Comment 12•8 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/3162dbd8214f
You need to log in
before you can comment on or make changes to this bug.
Description
•