Closed
Bug 1419904
Opened 5 years ago
Closed 5 years ago
Assertion failure: mRawPtr != nullptr (You can't dereference a NULL nsCOMPtr with operator->().), at /builds/worker/workspace/build/src/obj-firefox/dist/include/nsCOMPtr.h:801
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1419902
People
(Reporter: jkratzer, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase)
Attachments
(1 file)
|
450 bytes,
text/html
|
Details |
Testcase found while fuzzing mozilla-central rev 5378dcb45044. OS|Linux|0.0.0 Linux 4.4.0-98-generic #121-Ubuntu SMP Tue Oct 10 14:24:03 UTC 2017 x86_64 CPU|amd64|family 6 model 78 stepping 3|1 GPU||| Crash|SIGSEGV|0x0|0 0|0|libxul.so|nsCOMPtr<nsIDocument>::operator->|hg:hg.mozilla.org/mozilla-central:xpcom/base/nsCOMPtr.h:5378dcb45044|800|0x5 0|1|libxul.so|nsGlobalWindowOuter::CloseOuter|hg:hg.mozilla.org/mozilla-central:dom/base/nsGlobalWindowOuter.cpp:5378dcb45044|6087|0x9 0|2|libxul.so|nsGlobalWindowOuter::Close|hg:hg.mozilla.org/mozilla-central:dom/base/nsGlobalWindowOuter.cpp:5378dcb45044|6135|0x5 0|3|libxul.so|MaybeCloseWindowHelper::Notify|hg:hg.mozilla.org/mozilla-central:docshell/base/nsDSURIContentListener.cpp:5378dcb45044|78|0x18 0|4|libxul.so|nsTimerImpl::Fire|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsTimerImpl.cpp:5378dcb45044|704|0x11 0|5|libxul.so|nsTimerEvent::Run|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TimerThread.cpp:5378dcb45044|286|0x18 0|6|libxul.so|nsThread::ProcessNextEvent|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:5378dcb45044|1037|0x15 0|7|libxul.so|NS_ProcessNextEvent|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:5378dcb45044|513|0x11 0|8|libxul.so|mozilla::dom::ContentChild::ProvideWindowCommon|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.h:5378dcb45044|323|0xd 0|9|libxul.so|mozilla::dom::TabChild::ProvideWindow|hg:hg.mozilla.org/mozilla-central:dom/ipc/TabChild.cpp:5378dcb45044|1073|0x10 0|10|libxul.so|nsWindowWatcher::OpenWindowInternal|hg:hg.mozilla.org/mozilla-central:toolkit/components/windowwatcher/nsWindowWatcher.cpp:5378dcb45044|856|0x29 0|11|libxul.so|nsWindowWatcher::OpenWindow2|hg:hg.mozilla.org/mozilla-central:toolkit/components/windowwatcher/nsWindowWatcher.cpp:5378dcb45044|447|0x18 0|12|libxul.so|nsGlobalWindowOuter::OpenInternal|hg:hg.mozilla.org/mozilla-central:dom/base/nsGlobalWindowOuter.cpp:5378dcb45044|7332|0x2b 0|13|libxul.so|nsGlobalWindowOuter::OpenJS|hg:hg.mozilla.org/mozilla-central:dom/base/nsGlobalWindowOuter.cpp:5378dcb45044|5712|0x1b 0|14|libxul.so|nsGlobalWindowOuter::OpenOuter|hg:hg.mozilla.org/mozilla-central:dom/base/nsGlobalWindowOuter.cpp:5378dcb45044|5677|0x15 0|15|libxul.so|nsGlobalWindowInner::Open|hg:hg.mozilla.org/mozilla-central:dom/base/nsGlobalWindowInner.cpp:5378dcb45044|3631|0x17 0|16|libxul.so|mozilla::dom::WindowBinding::open|s3:gecko-generated-sources:fa9d3b5a62bbb7c8516d40865ce3e1a7ded042ef80ad94bc7ff84af35ae3e8742e079b705c675143183d72b61bf28473ebc30a485281408e38d9c5e51dd51741/dom/bindings/WindowBinding.cpp:|2190|0x2d 0|17|libxul.so|mozilla::dom::WindowBinding::genericMethod|s3:gecko-generated-sources:fa9d3b5a62bbb7c8516d40865ce3e1a7ded042ef80ad94bc7ff84af35ae3e8742e079b705c675143183d72b61bf28473ebc30a485281408e38d9c5e51dd51741/dom/bindings/WindowBinding.cpp:|15333|0x9 0|18|||||0x1862d6a174b1 0|19|||||0x7fe2548c9470 0|20|||||0x1862d695dadd 0|21|libxul.so|EnterJit|hg:hg.mozilla.org/mozilla-central:js/src/jit/Jit.cpp:5378dcb45044|101|0x22 0|22|libxul.so|js::RunScript|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|408|0xb 0|23|libxul.so|js::InternalCallOrConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|495|0xf 0|24|libxul.so|InternalConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|570|0x11 0|25|libxul.so|js::Construct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|619|0xb 0|26|libxul.so|JS::Construct|hg:hg.mozilla.org/mozilla-central:js/src/jsapi.cpp:5378dcb45044|3080|0x18 0|27|libxul.so|mozilla::dom::CustomElementConstructor::Construct|hg:hg.mozilla.org/mozilla-central:dom/base/CustomElementRegistry.cpp:5378dcb45044|79|0x28 0|28|libxul.so|NS_NewHTMLElement|hg:hg.mozilla.org/mozilla-central:dom/html/nsHTMLContentSink.cpp:5378dcb45044|232|0x2b 0|29|libxul.so|NS_NewElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsNameSpaceManager.cpp:5378dcb45044|182|0x5 0|30|libxul.so|nsDocument::CreateElem|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|8938|0x18 0|31|libxul.so|nsDocument::CreateElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|6105|0x2b 0|32|libxul.so|mozilla::dom::DocumentBinding::createElement|s3:gecko-generated-sources:a5664d63bd63cbec66bc9f9537f00b7f65d807bf8661c3ad42fde176c4c8f0488b86c7a491d512ea856ac4c102fa576fd17424948bb73d3869541008b137b3dd/dom/bindings/DocumentBinding.cpp:|1224|0x2e 0|33|libxul.so|mozilla::dom::GenericBindingMethod|hg:hg.mozilla.org/mozilla-central:dom/bindings/BindingUtils.cpp:5378dcb45044|3040|0x9 0|34|||||0x1862d6a174b1 0|35|||||0x7fe2548c9350 0|36|||||0x1862d695dadd 0|37|libxul.so|EnterJit|hg:hg.mozilla.org/mozilla-central:js/src/jit/Jit.cpp:5378dcb45044|101|0x22 0|38|libxul.so|js::RunScript|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|408|0xb 0|39|libxul.so|js::InternalCallOrConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|495|0xf 0|40|libxul.so|InternalConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|570|0x11 0|41|libxul.so|js::Construct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|619|0xb 0|42|libxul.so|JS::Construct|hg:hg.mozilla.org/mozilla-central:js/src/jsapi.cpp:5378dcb45044|3080|0x18 0|43|libxul.so|mozilla::dom::CustomElementConstructor::Construct|hg:hg.mozilla.org/mozilla-central:dom/base/CustomElementRegistry.cpp:5378dcb45044|79|0x28 0|44|libxul.so|NS_NewHTMLElement|hg:hg.mozilla.org/mozilla-central:dom/html/nsHTMLContentSink.cpp:5378dcb45044|232|0x2b 0|45|libxul.so|NS_NewElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsNameSpaceManager.cpp:5378dcb45044|182|0x5 0|46|libxul.so|nsDocument::CreateElem|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|8938|0x18 0|47|libxul.so|nsDocument::CreateElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|6105|0x2b 0|48|libxul.so|mozilla::dom::DocumentBinding::createElement|s3:gecko-generated-sources:a5664d63bd63cbec66bc9f9537f00b7f65d807bf8661c3ad42fde176c4c8f0488b86c7a491d512ea856ac4c102fa576fd17424948bb73d3869541008b137b3dd/dom/bindings/DocumentBinding.cpp:|1224|0x2e 0|49|libxul.so|mozilla::dom::GenericBindingMethod|hg:hg.mozilla.org/mozilla-central:dom/bindings/BindingUtils.cpp:5378dcb45044|3040|0x9 0|50|||||0x1862d6a174b1 0|51|||||0x7fe2548c9350 0|52|||||0x1862d695dadd 0|53|libxul.so|EnterJit|hg:hg.mozilla.org/mozilla-central:js/src/jit/Jit.cpp:5378dcb45044|101|0x22 0|54|libxul.so|js::RunScript|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|408|0xb 0|55|libxul.so|js::InternalCallOrConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|495|0xf 0|56|libxul.so|InternalConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|570|0x11 0|57|libxul.so|js::Construct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|619|0xb 0|58|libxul.so|JS::Construct|hg:hg.mozilla.org/mozilla-central:js/src/jsapi.cpp:5378dcb45044|3080|0x18 0|59|libxul.so|mozilla::dom::CustomElementConstructor::Construct|hg:hg.mozilla.org/mozilla-central:dom/base/CustomElementRegistry.cpp:5378dcb45044|79|0x28 0|60|libxul.so|NS_NewHTMLElement|hg:hg.mozilla.org/mozilla-central:dom/html/nsHTMLContentSink.cpp:5378dcb45044|232|0x2b 0|61|libxul.so|NS_NewElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsNameSpaceManager.cpp:5378dcb45044|182|0x5 0|62|libxul.so|nsDocument::CreateElem|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|8938|0x18 0|63|libxul.so|nsDocument::CreateElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|6105|0x2b 0|64|libxul.so|mozilla::dom::DocumentBinding::createElement|s3:gecko-generated-sources:a5664d63bd63cbec66bc9f9537f00b7f65d807bf8661c3ad42fde176c4c8f0488b86c7a491d512ea856ac4c102fa576fd17424948bb73d3869541008b137b3dd/dom/bindings/DocumentBinding.cpp:|1224|0x2e 0|65|libxul.so|mozilla::dom::GenericBindingMethod|hg:hg.mozilla.org/mozilla-central:dom/bindings/BindingUtils.cpp:5378dcb45044|3040|0x9 0|66|||||0x1862d6a174b1 0|67|||||0x7fe2548c9350 0|68|||||0x1862d695dadd 0|69|libxul.so|EnterJit|hg:hg.mozilla.org/mozilla-central:js/src/jit/Jit.cpp:5378dcb45044|101|0x22 0|70|libxul.so|js::RunScript|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|408|0xb 0|71|libxul.so|js::InternalCallOrConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|495|0xf 0|72|libxul.so|InternalConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|570|0x11 0|73|libxul.so|js::Construct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|619|0xb 0|74|libxul.so|JS::Construct|hg:hg.mozilla.org/mozilla-central:js/src/jsapi.cpp:5378dcb45044|3080|0x18 0|75|libxul.so|mozilla::dom::CustomElementConstructor::Construct|hg:hg.mozilla.org/mozilla-central:dom/base/CustomElementRegistry.cpp:5378dcb45044|79|0x28 0|76|libxul.so|NS_NewHTMLElement|hg:hg.mozilla.org/mozilla-central:dom/html/nsHTMLContentSink.cpp:5378dcb45044|232|0x2b 0|77|libxul.so|NS_NewElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsNameSpaceManager.cpp:5378dcb45044|182|0x5 0|78|libxul.so|nsDocument::CreateElem|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|8938|0x18 0|79|libxul.so|nsDocument::CreateElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|6105|0x2b 0|80|libxul.so|mozilla::dom::DocumentBinding::createElement|s3:gecko-generated-sources:a5664d63bd63cbec66bc9f9537f00b7f65d807bf8661c3ad42fde176c4c8f0488b86c7a491d512ea856ac4c102fa576fd17424948bb73d3869541008b137b3dd/dom/bindings/DocumentBinding.cpp:|1224|0x2e 0|81|libxul.so|mozilla::dom::GenericBindingMethod|hg:hg.mozilla.org/mozilla-central:dom/bindings/BindingUtils.cpp:5378dcb45044|3040|0x9 0|82|||||0x1862d6a174b1 0|83|||||0x7fe2548c9350 0|84|||||0x1862d695dadd 0|85|libxul.so|EnterJit|hg:hg.mozilla.org/mozilla-central:js/src/jit/Jit.cpp:5378dcb45044|101|0x22 0|86|libxul.so|js::RunScript|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|408|0xb 0|87|libxul.so|js::InternalCallOrConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|495|0xf 0|88|libxul.so|InternalConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|570|0x11 0|89|libxul.so|js::Construct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|619|0xb 0|90|libxul.so|JS::Construct|hg:hg.mozilla.org/mozilla-central:js/src/jsapi.cpp:5378dcb45044|3080|0x18 0|91|libxul.so|mozilla::dom::CustomElementConstructor::Construct|hg:hg.mozilla.org/mozilla-central:dom/base/CustomElementRegistry.cpp:5378dcb45044|79|0x28 0|92|libxul.so|NS_NewHTMLElement|hg:hg.mozilla.org/mozilla-central:dom/html/nsHTMLContentSink.cpp:5378dcb45044|232|0x2b 0|93|libxul.so|NS_NewElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsNameSpaceManager.cpp:5378dcb45044|182|0x5 0|94|libxul.so|nsDocument::CreateElem|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|8938|0x18 0|95|libxul.so|nsDocument::CreateElement|hg:hg.mozilla.org/mozilla-central:dom/base/nsDocument.cpp:5378dcb45044|6105|0x2b 0|96|libxul.so|mozilla::dom::DocumentBinding::createElement|s3:gecko-generated-sources:a5664d63bd63cbec66bc9f9537f00b7f65d807bf8661c3ad42fde176c4c8f0488b86c7a491d512ea856ac4c102fa576fd17424948bb73d3869541008b137b3dd/dom/bindings/DocumentBinding.cpp:|1224|0x2e 0|97|libxul.so|mozilla::dom::GenericBindingMethod|hg:hg.mozilla.org/mozilla-central:dom/bindings/BindingUtils.cpp:5378dcb45044|3040|0x9 0|98|||||0x1862d6a174b1 0|99|||||0x7fe2548c9350 0|100|||||0x1862d695dadd 0|101|libxul.so|EnterJit|hg:hg.mozilla.org/mozilla-central:js/src/jit/Jit.cpp:5378dcb45044|101|0x22 0|102|libxul.so|js::RunScript|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|408|0xb 0|103|libxul.so|js::InternalCallOrConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|495|0xf 0|104|libxul.so|InternalConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|570|0x11 0|105|libxul.so|js::Construct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:5378dcb45044|619|0xb
Flags: in-testsuite?
|
Reporter | |
Comment 1•5 years ago
|
||
|
||
Comment 2•5 years ago
|
||
Isn't this a duplicate of bug 1419902?
|
||
Comment 3•5 years ago
|
||
We can un-dupe if we're wrong :)
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
|
Assignee | |
Updated•4 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•