Closed
Bug 1419904
Opened 7 years ago
Closed 7 years ago
Assertion failure: mRawPtr != nullptr (You can't dereference a NULL nsCOMPtr with operator->().), at /builds/worker/workspace/build/src/obj-firefox/dist/include/nsCOMPtr.h:801
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1419902
People
(Reporter: jkratzer, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase)
Attachments
(1 file)
|
450 bytes,
text/html
|
Details |
Testcase found while fuzzing mozilla-central rev 5378dcb45044.
OS|Linux|0.0.0 Linux 4.4.0-98-generic #121-Ubuntu SMP Tue Oct 10 14:24:03 UTC 2017 x86_64
CPU|amd64|family 6 model 78 stepping 3|1
GPU|||
Crash|SIGSEGV|0x0|0
0|0|libxul.so|nsCOMPtr<nsIDocument>::operator->|hg:hg.mozilla.org/mozilla-central:xpcom/base/nsCOMPtr.h:5378dcb45044|800|0x5
0|1|libxul.so|nsGlobalWindowOuter::CloseOuter|hg:hg.mozilla.org/mozilla-central:dom/base/nsGlobalWindowOuter.cpp:5378dcb45044|6087|0x9
0|2|libxul.so|nsGlobalWindowOuter::Close|hg:hg.mozilla.org/mozilla-central:dom/base/nsGlobalWindowOuter.cpp:5378dcb45044|6135|0x5
0|3|libxul.so|MaybeCloseWindowHelper::Notify|hg:hg.mozilla.org/mozilla-central:docshell/base/nsDSURIContentListener.cpp:5378dcb45044|78|0x18
0|4|libxul.so|nsTimerImpl::Fire|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsTimerImpl.cpp:5378dcb45044|704|0x11
0|5|libxul.so|nsTimerEvent::Run|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TimerThread.cpp:5378dcb45044|286|0x18
0|6|libxul.so|nsThread::ProcessNextEvent|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:5378dcb45044|1037|0x15
0|7|libxul.so|NS_ProcessNextEvent|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:5378dcb45044|513|0x11
0|8|libxul.so|mozilla::dom::ContentChild::ProvideWindowCommon|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.h:5378dcb45044|323|0xd
0|9|libxul.so|mozilla::dom::TabChild::ProvideWindow|hg:hg.mozilla.org/mozilla-central:dom/ipc/TabChild.cpp:5378dcb45044|1073|0x10
0|10|libxul.so|nsWindowWatcher::OpenWindowInternal|hg:hg.mozilla.org/mozilla-central:toolkit/components/windowwatcher/nsWindowWatcher.cpp:5378dcb45044|856|0x29
0|11|libxul.so|nsWindowWatcher::OpenWindow2|hg:hg.mozilla.org/mozilla-central:toolkit/components/windowwatcher/nsWindowWatcher.cpp:5378dcb45044|447|0x18
0|12|libxul.so|nsGlobalWindowOuter::OpenInternal|hg:hg.mozilla.org/mozilla-central:dom/base/nsGlobalWindowOuter.cpp:5378dcb45044|7332|0x2b
0|13|libxul.so|nsGlobalWindowOuter::OpenJS|hg:hg.mozilla.org/mozilla-central:dom/base/nsGlobalWindowOuter.cpp:5378dcb45044|5712|0x1b
0|14|libxul.so|nsGlobalWindowOuter::OpenOuter|hg:hg.mozilla.org/mozilla-central:dom/base/nsGlobalWindowOuter.cpp:5378dcb45044|5677|0x15
0|15|libxul.so|nsGlobalWindowInner::Open|hg:hg.mozilla.org/mozilla-central:dom/base/nsGlobalWindowInner.cpp:5378dcb45044|3631|0x17
0|16|libxul.so|mozilla::dom::WindowBinding::open|s3:gecko-generated-sources:fa9d3b5a62bbb7c8516d40865ce3e1a7ded042ef80ad94bc7ff84af35ae3e8742e079b705c675143183d72b61bf28473ebc30a485281408e38d9c5e51dd51741/dom/bindings/WindowBinding.cpp:|2190|0x2d
0|17|libxul.so|mozilla::dom::WindowBinding::genericMethod|s3:gecko-generated-sources:fa9d3b5a62bbb7c8516d40865ce3e1a7ded042ef80ad94bc7ff84af35ae3e8742e079b705c675143183d72b61bf28473ebc30a485281408e38d9c5e51dd51741/dom/bindings/WindowBinding.cpp:|15333|0x9
0|18|||||0x1862d6a174b1
0|19|||||0x7fe2548c9470
0|20|||||0x1862d695dadd
0|21|libxul.so|EnterJit|hg:hg.mozilla.org/mozilla-central:js/src/jit/Jit.cpp:5378dcb45044|101|0x22
0|22|libxul.so|js::RunScript|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|408|0xb
0|23|libxul.so|js::InternalCallOrConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|495|0xf
0|24|libxul.so|InternalConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|570|0x11
0|25|libxul.so|js::Construct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|619|0xb
0|26|libxul.so|JS::Construct|hg:hg.mozilla.org/mozilla-central:js/src/jsapi.cpp:5378dcb45044|3080|0x18
0|27|libxul.so|mozilla::dom::CustomElementConstructor::Construct|hg:hg.mozilla.org/mozilla-central:dom/base/CustomElementRegistry.cpp:5378dcb45044|79|0x28
0|28|libxul.so|NS_NewHTMLElement|hg:hg.mozilla.org/mozilla-central:dom/html/nsHTMLContentSink.cpp:5378dcb45044|232|0x2b
0|29|libxul.so|NS_NewElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsNameSpaceManager.cpp:5378dcb45044|182|0x5
0|30|libxul.so|nsDocument::CreateElem|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|8938|0x18
0|31|libxul.so|nsDocument::CreateElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|6105|0x2b
0|32|libxul.so|mozilla::dom::DocumentBinding::createElement|s3:gecko-generated-sources:a5664d63bd63cbec66bc9f9537f00b7f65d807bf8661c3ad42fde176c4c8f0488b86c7a491d512ea856ac4c102fa576fd17424948bb73d3869541008b137b3dd/dom/bindings/DocumentBinding.cpp:|1224|0x2e
0|33|libxul.so|mozilla::dom::GenericBindingMethod|hg:hg.mozilla.org/mozilla-central:dom/bindings/BindingUtils.cpp:5378dcb45044|3040|0x9
0|34|||||0x1862d6a174b1
0|35|||||0x7fe2548c9350
0|36|||||0x1862d695dadd
0|37|libxul.so|EnterJit|hg:hg.mozilla.org/mozilla-central:js/src/jit/Jit.cpp:5378dcb45044|101|0x22
0|38|libxul.so|js::RunScript|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|408|0xb
0|39|libxul.so|js::InternalCallOrConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|495|0xf
0|40|libxul.so|InternalConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|570|0x11
0|41|libxul.so|js::Construct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|619|0xb
0|42|libxul.so|JS::Construct|hg:hg.mozilla.org/mozilla-central:js/src/jsapi.cpp:5378dcb45044|3080|0x18
0|43|libxul.so|mozilla::dom::CustomElementConstructor::Construct|hg:hg.mozilla.org/mozilla-central:dom/base/CustomElementRegistry.cpp:5378dcb45044|79|0x28
0|44|libxul.so|NS_NewHTMLElement|hg:hg.mozilla.org/mozilla-central:dom/html/nsHTMLContentSink.cpp:5378dcb45044|232|0x2b
0|45|libxul.so|NS_NewElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsNameSpaceManager.cpp:5378dcb45044|182|0x5
0|46|libxul.so|nsDocument::CreateElem|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|8938|0x18
0|47|libxul.so|nsDocument::CreateElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|6105|0x2b
0|48|libxul.so|mozilla::dom::DocumentBinding::createElement|s3:gecko-generated-sources:a5664d63bd63cbec66bc9f9537f00b7f65d807bf8661c3ad42fde176c4c8f0488b86c7a491d512ea856ac4c102fa576fd17424948bb73d3869541008b137b3dd/dom/bindings/DocumentBinding.cpp:|1224|0x2e
0|49|libxul.so|mozilla::dom::GenericBindingMethod|hg:hg.mozilla.org/mozilla-central:dom/bindings/BindingUtils.cpp:5378dcb45044|3040|0x9
0|50|||||0x1862d6a174b1
0|51|||||0x7fe2548c9350
0|52|||||0x1862d695dadd
0|53|libxul.so|EnterJit|hg:hg.mozilla.org/mozilla-central:js/src/jit/Jit.cpp:5378dcb45044|101|0x22
0|54|libxul.so|js::RunScript|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|408|0xb
0|55|libxul.so|js::InternalCallOrConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|495|0xf
0|56|libxul.so|InternalConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|570|0x11
0|57|libxul.so|js::Construct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|619|0xb
0|58|libxul.so|JS::Construct|hg:hg.mozilla.org/mozilla-central:js/src/jsapi.cpp:5378dcb45044|3080|0x18
0|59|libxul.so|mozilla::dom::CustomElementConstructor::Construct|hg:hg.mozilla.org/mozilla-central:dom/base/CustomElementRegistry.cpp:5378dcb45044|79|0x28
0|60|libxul.so|NS_NewHTMLElement|hg:hg.mozilla.org/mozilla-central:dom/html/nsHTMLContentSink.cpp:5378dcb45044|232|0x2b
0|61|libxul.so|NS_NewElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsNameSpaceManager.cpp:5378dcb45044|182|0x5
0|62|libxul.so|nsDocument::CreateElem|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|8938|0x18
0|63|libxul.so|nsDocument::CreateElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|6105|0x2b
0|64|libxul.so|mozilla::dom::DocumentBinding::createElement|s3:gecko-generated-sources:a5664d63bd63cbec66bc9f9537f00b7f65d807bf8661c3ad42fde176c4c8f0488b86c7a491d512ea856ac4c102fa576fd17424948bb73d3869541008b137b3dd/dom/bindings/DocumentBinding.cpp:|1224|0x2e
0|65|libxul.so|mozilla::dom::GenericBindingMethod|hg:hg.mozilla.org/mozilla-central:dom/bindings/BindingUtils.cpp:5378dcb45044|3040|0x9
0|66|||||0x1862d6a174b1
0|67|||||0x7fe2548c9350
0|68|||||0x1862d695dadd
0|69|libxul.so|EnterJit|hg:hg.mozilla.org/mozilla-central:js/src/jit/Jit.cpp:5378dcb45044|101|0x22
0|70|libxul.so|js::RunScript|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|408|0xb
0|71|libxul.so|js::InternalCallOrConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|495|0xf
0|72|libxul.so|InternalConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|570|0x11
0|73|libxul.so|js::Construct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|619|0xb
0|74|libxul.so|JS::Construct|hg:hg.mozilla.org/mozilla-central:js/src/jsapi.cpp:5378dcb45044|3080|0x18
0|75|libxul.so|mozilla::dom::CustomElementConstructor::Construct|hg:hg.mozilla.org/mozilla-central:dom/base/CustomElementRegistry.cpp:5378dcb45044|79|0x28
0|76|libxul.so|NS_NewHTMLElement|hg:hg.mozilla.org/mozilla-central:dom/html/nsHTMLContentSink.cpp:5378dcb45044|232|0x2b
0|77|libxul.so|NS_NewElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsNameSpaceManager.cpp:5378dcb45044|182|0x5
0|78|libxul.so|nsDocument::CreateElem|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|8938|0x18
0|79|libxul.so|nsDocument::CreateElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|6105|0x2b
0|80|libxul.so|mozilla::dom::DocumentBinding::createElement|s3:gecko-generated-sources:a5664d63bd63cbec66bc9f9537f00b7f65d807bf8661c3ad42fde176c4c8f0488b86c7a491d512ea856ac4c102fa576fd17424948bb73d3869541008b137b3dd/dom/bindings/DocumentBinding.cpp:|1224|0x2e
0|81|libxul.so|mozilla::dom::GenericBindingMethod|hg:hg.mozilla.org/mozilla-central:dom/bindings/BindingUtils.cpp:5378dcb45044|3040|0x9
0|82|||||0x1862d6a174b1
0|83|||||0x7fe2548c9350
0|84|||||0x1862d695dadd
0|85|libxul.so|EnterJit|hg:hg.mozilla.org/mozilla-central:js/src/jit/Jit.cpp:5378dcb45044|101|0x22
0|86|libxul.so|js::RunScript|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|408|0xb
0|87|libxul.so|js::InternalCallOrConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|495|0xf
0|88|libxul.so|InternalConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|570|0x11
0|89|libxul.so|js::Construct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|619|0xb
0|90|libxul.so|JS::Construct|hg:hg.mozilla.org/mozilla-central:js/src/jsapi.cpp:5378dcb45044|3080|0x18
0|91|libxul.so|mozilla::dom::CustomElementConstructor::Construct|hg:hg.mozilla.org/mozilla-central:dom/base/CustomElementRegistry.cpp:5378dcb45044|79|0x28
0|92|libxul.so|NS_NewHTMLElement|hg:hg.mozilla.org/mozilla-central:dom/html/nsHTMLContentSink.cpp:5378dcb45044|232|0x2b
0|93|libxul.so|NS_NewElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsNameSpaceManager.cpp:5378dcb45044|182|0x5
0|94|libxul.so|nsDocument::CreateElem|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|8938|0x18
0|95|libxul.so|nsDocument::CreateElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|6105|0x2b
0|96|libxul.so|mozilla::dom::DocumentBinding::createElement|s3:gecko-generated-sources:a5664d63bd63cbec66bc9f9537f00b7f65d807bf8661c3ad42fde176c4c8f0488b86c7a491d512ea856ac4c102fa576fd17424948bb73d3869541008b137b3dd/dom/bindings/DocumentBinding.cpp:|1224|0x2e
0|97|libxul.so|mozilla::dom::GenericBindingMethod|hg:hg.mozilla.org/mozilla-central:dom/bindings/BindingUtils.cpp:5378dcb45044|3040|0x9
0|98|||||0x1862d6a174b1
0|99|||||0x7fe2548c9350
0|100|||||0x1862d695dadd
0|101|libxul.so|EnterJit|hg:hg.mozilla.org/mozilla-central:js/src/jit/Jit.cpp:5378dcb45044|101|0x22
0|102|libxul.so|js::RunScript|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|408|0xb
0|103|libxul.so|js::InternalCallOrConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|495|0xf
0|104|libxul.so|InternalConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|570|0x11
0|105|libxul.so|js::Construct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|619|0xb
Flags: in-testsuite?
|
Reporter | |
Comment 1•7 years ago
|
||
|
||
Comment 2•7 years ago
|
||
Isn't this a duplicate of bug 1419902?
|
||
Comment 3•7 years ago
|
||
We can un-dupe if we're wrong :)
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
|
Assignee | |
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•