Closed Bug 1342438 Opened 8 years ago Closed 8 years ago

Assertion failure: pos.isValid(), at /home/worker/workspace/build/src/netwerk/base/nsStandardURL.cpp:1224

Categories

(Core :: Networking, defect)

defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla55
Tracking Status
firefox52 --- disabled
firefox-esr52 --- disabled
firefox53 --- disabled
firefox54 --- disabled
firefox55 --- fixed

People

(Reporter: jkratzer, Assigned: valentin)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, crash, testcase, Whiteboard: [necko-active])

Attachments

(2 files)

Attached file Testcase
Testcase found by fuzzing debug build of mozilla-central 20170222-7abeac2f2d66. Assertion failure: pos.isValid(), at /home/worker/workspace/build/src/netwerk/base/nsStandardURL.cpp:1224 ASAN:DEADLYSIGNAL ================================================================= ==24879==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f72984ee4e1 bp 0x7fffb8043d50 sp 0x7fffb8043ca0 T0) #0 0x7f72984ee4e0 in mozilla::net::nsStandardURL::ShiftFromRef(int) /home/worker/workspace/build/src/netwerk/base/nsStandardURL.cpp:1224:1 #1 0x7f72984ff165 in mozilla::net::nsStandardURL::SetQuery(nsACString_internal const&) /home/worker/workspace/build/src/netwerk/base/nsStandardURL.cpp:2916:9 #2 0x7f729a29d77d in mozilla::dom::Link::SetSearch(nsAString_internal const&) /home/worker/workspace/build/src/dom/base/Link.cpp:337:9 #3 0x7f729bf5e66f in mozilla::dom::HTMLAnchorElement::SetSearch(nsAString_internal const&) /home/worker/workspace/build/src/dom/html/HTMLAnchorElement.cpp:323:1 #4 0x7f729b799a36 in mozilla::dom::HTMLAnchorElementBinding::set_search(JSContext*, JS::Handle<JSObject*>, mozilla::dom::HTMLAnchorElement*, JSJitSetterCallArgs) /home/worker/workspace/build/src/obj-firefox/dom/bindings/HTMLAnchorElementBinding.cpp:1490:3 #5 0x7f729ba7f6cb in mozilla::dom::GenericBindingSetter(JSContext*, unsigned int, JS::Value*) /home/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:2919:8 #6 0x7f72a001821a in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) /home/worker/workspace/build/src/js/src/jscntxtinlines.h:281:15 #7 0x7f72a0017c20 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:463:16 #8 0x7f72a0018bae in InternalCall(JSContext*, js::AnyInvokeArgs const&) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:508:12 #9 0x7f72a0018dd1 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:527:10 #10 0x7f72a001a310 in js::CallSetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<JS::Value>) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:654:12 #11 0x7f72a0ca4bd2 in SetExistingProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<js::NativeObject*>, JS::Handle<JS::PropertyResult>, JS::ObjectOpResult&) /home/worker/workspace/build/src/js/src/vm/NativeObject.cpp:2436:10 #12 0x7f72a0ca4267 in js::NativeSetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::QualifiedBool, JS::ObjectOpResult&) /home/worker/workspace/build/src/js/src/vm/NativeObject.cpp:2471:20 #13 0x7f729ffa7f6f in js::SetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) /home/worker/workspace/build/src/js/src/vm/NativeObject.h:1452:12 #14 0x7f72a0038598 in SetPropertyOperation(JSContext*, JSOp, JS::Handle<JS::Value>, JS::Handle<jsid>, JS::Handle<JS::Value>) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:259:12 #15 0x7f72a000d098 in Interpret(JSContext*, js::RunState&) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:2753:10
Flags: in-testsuite?
Requires user_pref("dom.url.encode_decode_hash", false);
Assignee: nobody → valentin.gosu
Whiteboard: [necko-active]
Comment on attachment 8845115 [details] Bug 1342438 - Remove url .hash encoding/decoding prefs https://reviewboard.mozilla.org/r/118330/#review120398 Good riddance!
Attachment #8845115 - Flags: review?(daniel) → review+
Pushed by valentin.gosu@gmail.com: https://hg.mozilla.org/integration/autoland/rev/5bd635e6e535 Remove url .hash encoding/decoding prefs r=bagder
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
Flags: in-testsuite? → in-testsuite-
Blocks: domino
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: