Closed
Bug 1342438
Opened 8 years ago
Closed 8 years ago
Assertion failure: pos.isValid(), at /home/worker/workspace/build/src/netwerk/base/nsStandardURL.cpp:1224
Categories
(Core :: Networking, defect)
Core
Networking
Tracking
()
RESOLVED
FIXED
mozilla55
People
(Reporter: jkratzer, Assigned: valentin)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, crash, testcase, Whiteboard: [necko-active])
Attachments
(2 files)
Testcase found by fuzzing debug build of mozilla-central 20170222-7abeac2f2d66.
Assertion failure: pos.isValid(), at /home/worker/workspace/build/src/netwerk/base/nsStandardURL.cpp:1224
ASAN:DEADLYSIGNAL
=================================================================
==24879==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f72984ee4e1 bp 0x7fffb8043d50 sp 0x7fffb8043ca0 T0)
#0 0x7f72984ee4e0 in mozilla::net::nsStandardURL::ShiftFromRef(int) /home/worker/workspace/build/src/netwerk/base/nsStandardURL.cpp:1224:1
#1 0x7f72984ff165 in mozilla::net::nsStandardURL::SetQuery(nsACString_internal const&) /home/worker/workspace/build/src/netwerk/base/nsStandardURL.cpp:2916:9
#2 0x7f729a29d77d in mozilla::dom::Link::SetSearch(nsAString_internal const&) /home/worker/workspace/build/src/dom/base/Link.cpp:337:9
#3 0x7f729bf5e66f in mozilla::dom::HTMLAnchorElement::SetSearch(nsAString_internal const&) /home/worker/workspace/build/src/dom/html/HTMLAnchorElement.cpp:323:1
#4 0x7f729b799a36 in mozilla::dom::HTMLAnchorElementBinding::set_search(JSContext*, JS::Handle<JSObject*>, mozilla::dom::HTMLAnchorElement*, JSJitSetterCallArgs) /home/worker/workspace/build/src/obj-firefox/dom/bindings/HTMLAnchorElementBinding.cpp:1490:3
#5 0x7f729ba7f6cb in mozilla::dom::GenericBindingSetter(JSContext*, unsigned int, JS::Value*) /home/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:2919:8
#6 0x7f72a001821a in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) /home/worker/workspace/build/src/js/src/jscntxtinlines.h:281:15
#7 0x7f72a0017c20 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:463:16
#8 0x7f72a0018bae in InternalCall(JSContext*, js::AnyInvokeArgs const&) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:508:12
#9 0x7f72a0018dd1 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:527:10
#10 0x7f72a001a310 in js::CallSetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<JS::Value>) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:654:12
#11 0x7f72a0ca4bd2 in SetExistingProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<js::NativeObject*>, JS::Handle<JS::PropertyResult>, JS::ObjectOpResult&) /home/worker/workspace/build/src/js/src/vm/NativeObject.cpp:2436:10
#12 0x7f72a0ca4267 in js::NativeSetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::QualifiedBool, JS::ObjectOpResult&) /home/worker/workspace/build/src/js/src/vm/NativeObject.cpp:2471:20
#13 0x7f729ffa7f6f in js::SetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) /home/worker/workspace/build/src/js/src/vm/NativeObject.h:1452:12
#14 0x7f72a0038598 in SetPropertyOperation(JSContext*, JSOp, JS::Handle<JS::Value>, JS::Handle<jsid>, JS::Handle<JS::Value>) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:259:12
#15 0x7f72a000d098 in Interpret(JSContext*, js::RunState&) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:2753:10
Flags: in-testsuite?
Reporter | ||
Comment 1•8 years ago
|
||
Requires user_pref("dom.url.encode_decode_hash", false);
Updated•8 years ago
|
Assignee: nobody → valentin.gosu
Whiteboard: [necko-active]
Assignee | ||
Comment 2•8 years ago
|
||
Comment hidden (mozreview-request) |
Comment 4•8 years ago
|
||
mozreview-review |
Comment on attachment 8845115 [details]
Bug 1342438 - Remove url .hash encoding/decoding prefs
https://reviewboard.mozilla.org/r/118330/#review120398
Good riddance!
Attachment #8845115 -
Flags: review?(daniel) → review+
Pushed by valentin.gosu@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/5bd635e6e535
Remove url .hash encoding/decoding prefs r=bagder
Comment 6•8 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox55:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
Updated•8 years ago
|
status-firefox52:
--- → disabled
status-firefox53:
--- → disabled
status-firefox54:
--- → disabled
status-firefox-esr52:
--- → disabled
Flags: in-testsuite? → in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•