Closed
Bug 1335524
Opened 7 years ago
Closed 7 years ago
Calling URL.createObjectURL on a file from webkitGetAsEntry crashes
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
DUPLICATE
of bug 1332003
People
(Reporter: nika, Unassigned)
Details
Attachments
(1 file)
620 bytes,
text/html
|
Details |
In a debug build, the assertion is hit here: http://searchfox.org/mozilla-central/rev/4e0c5c460318fb9ef7d92b129ac095ce04bc4795/dom/file/ipc/Blob.cpp#824-827 In a release build, an error is produced which kills the parent process. STR: Open the attached repro.html document Drag a folder containing at least one file onto the red drop area Expected Result: Nothing happens Actual Result: The browser crashes
Reporter | ||
Comment 1•7 years ago
|
||
Olli, IIRC you implemented the webkitGetAsEntry API, do you know what might be going on here?
Flags: needinfo?(bugs)
Comment 2•7 years ago
|
||
baku has been looking into IPC blob handling recently. But let me build a debug build to get stack trace.
Flags: needinfo?(bugs) → needinfo?(amarchesini)
Reporter | ||
Comment 4•7 years ago
|
||
I should also mention that this is an e10s-only failure.
Comment 5•7 years ago
|
||
part 1 in bug 1332003 seems to fix this locally. Or at least the crash. Worth to test createObjectURL handling some more though.
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(amarchesini)
Resolution: --- → DUPLICATE
Comment 7•7 years ago
|
||
Yes, the bug is fixed by moving the blob creation on the parent side. I tested how the blobURL is created and it's fine. Maybe we can add this test as mochitest.
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
Updated•5 years ago
|
Group: dom-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•