Closed
Bug 1421782
Opened 7 years ago
Closed 7 years ago
Assertion failure: value, at /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/BindingUtils.h:1122
Categories
(Core :: DOM: Core & HTML, defect, P2)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
DUPLICATE
of bug 1341693
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | affected |
| firefox57 | --- | unaffected |
| firefox58 | --- | unaffected |
| firefox59 | --- | unaffected |
People
(Reporter: jkratzer, Assigned: edgar)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase)
Attachments
(1 file)
|
442 bytes,
text/html
|
Details |
Testcase found while fuzzing esr-52 rev f6216ea8b8fc. OS|Linux|0.0.0 Linux 4.4.0-101-generic #124-Ubuntu SMP Fri Nov 10 18:29:59 UTC 2017 x86_64 CPU|amd64|family 6 model 69 stepping 1|1 GPU||| Crash|SIGSEGV|0x0|0 0|0|libxul.so|mozilla::dom::binding_detail::DoGetOrCreateDOMReflector<mozilla::dom::CustomElementRegistry, (mozilla::dom::binding_detail::GetOrCreateReflectorWrapBehavior)0u>|hg:hg.mozilla.org/releases/mozilla-esr52:dom/bindings/BindingUtils.h:f6216ea8b8fc|1122|0x0 0|1|libxul.so|mozilla::dom::WindowBinding::get_customElements|hg:hg.mozilla.org/releases/mozilla-esr52:dom/bindings/BindingUtils.h:f6216ea8b8fc|1210|0x12 0|2|libxul.so|mozilla::dom::WindowBinding::genericGetter|hg:hg.mozilla.org/releases/mozilla-esr52:obj-firefox/dom/bindings/WindowBinding.cpp:f6216ea8b8fc|15266|0x2 0|3|libxul.so|js::CallJSNative|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/jscntxtinlines.h:f6216ea8b8fc|239|0x9 0|4|libxul.so|js::InternalCallOrConstruct|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/vm/Interpreter.cpp:f6216ea8b8fc|459|0xf 0|5|libxul.so|js::Call|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/vm/Interpreter.cpp:f6216ea8b8fc|523|0x5 0|6|libxul.so|js::CallGetter|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/vm/Interpreter.cpp:f6216ea8b8fc|637|0x5 0|7|libxul.so|GetExistingProperty<(js::AllowGC)1u>|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/vm/NativeObject.cpp:f6216ea8b8fc|1806|0x8 0|8|libxul.so|NativeGetPropertyInline<(js::AllowGC)1u>|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/vm/NativeObject.cpp:f6216ea8b8fc|2081|0x20 0|9|libxul.so|js::Wrapper::get|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/vm/NativeObject.h:f6216ea8b8fc|1523|0xe 0|10|libxul.so|nsOuterWindowProxy::get|hg:hg.mozilla.org/releases/mozilla-esr52:dom/base/nsGlobalWindow.cpp:f6216ea8b8fc|1064|0x18 0|11|libxul.so|js::Proxy::get|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/proxy/Proxy.cpp:f6216ea8b8fc|309|0xa 0|12|libxul.so|js::Wrapper::get|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/vm/NativeObject.h:f6216ea8b8fc|1522|0xb 0|13|libxul.so|js::CrossCompartmentWrapper::get|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/proxy/CrossCompartmentWrapper.cpp:f6216ea8b8fc|209|0x16 0|14|libxul.so|js::Proxy::get|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/proxy/Proxy.cpp:f6216ea8b8fc|309|0xa 0|15|libxul.so|js::GetProperty|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/jsobj.h:f6216ea8b8fc|846|0x5 0|16|libxul.so|Interpret|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/vm/Interpreter.cpp:f6216ea8b8fc|192|0x5 0|17|libxul.so|js::RunScript|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/vm/Interpreter.cpp:f6216ea8b8fc|405|0xb 0|18|libxul.so|js::ExecuteKernel|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/vm/Interpreter.cpp:f6216ea8b8fc|686|0x5 0|19|libxul.so|js::Execute|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/vm/Interpreter.cpp:f6216ea8b8fc|719|0x28 0|20|libxul.so|Evaluate|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/jsapi.cpp:f6216ea8b8fc|4440|0xf 0|21|libxul.so|Evaluate|hg:hg.mozilla.org/releases/mozilla-esr52:js/src/jsapi.cpp:f6216ea8b8fc|4466|0x1d 0|22|libxul.so|nsJSUtils::EvaluateString|hg:hg.mozilla.org/releases/mozilla-esr52:dom/base/nsJSUtils.cpp:f6216ea8b8fc|207|0x1c 0|23|libxul.so|nsJSUtils::EvaluateString|hg:hg.mozilla.org/releases/mozilla-esr52:dom/base/nsJSUtils.cpp:f6216ea8b8fc|275|0x2a 0|24|libxul.so|nsScriptLoader::EvaluateScript|hg:hg.mozilla.org/releases/mozilla-esr52:dom/base/nsScriptLoader.cpp:f6216ea8b8fc|2194|0x21 0|25|libxul.so|nsScriptLoader::ProcessRequest|hg:hg.mozilla.org/releases/mozilla-esr52:dom/base/nsScriptLoader.cpp:f6216ea8b8fc|1979|0xb 0|26|libxul.so|nsScriptLoader::ProcessScriptElement|hg:hg.mozilla.org/releases/mozilla-esr52:dom/base/nsScriptLoader.cpp:f6216ea8b8fc|1712|0xf 0|27|libxul.so|nsScriptElement::MaybeProcessScript|hg:hg.mozilla.org/releases/mozilla-esr52:dom/base/nsScriptElement.cpp:f6216ea8b8fc|149|0x13 0|28|libxul.so|nsIScriptElement::AttemptToExecute|hg:hg.mozilla.org/releases/mozilla-esr52:dom/base/nsIScriptElement.h:f6216ea8b8fc|222|0x3 0|29|libxul.so|nsHtml5TreeOpExecutor::RunScript|hg:hg.mozilla.org/releases/mozilla-esr52:parser/html/nsHtml5TreeOpExecutor.cpp:f6216ea8b8fc|666|0x10 0|30|libxul.so|nsHtml5TreeOpExecutor::RunFlushLoop|hg:hg.mozilla.org/releases/mozilla-esr52:parser/html/nsHtml5TreeOpExecutor.cpp:f6216ea8b8fc|489|0x8 0|31|libxul.so|nsHtml5ExecutorReflusher::Run|hg:hg.mozilla.org/releases/mozilla-esr52:parser/html/nsHtml5TreeOpExecutor.cpp:f6216ea8b8fc|58|0xd 0|32|libxul.so|nsThread::ProcessNextEvent|hg:hg.mozilla.org/releases/mozilla-esr52:xpcom/threads/nsThread.cpp:f6216ea8b8fc|1216|0x11 0|33|libxul.so|NS_ProcessNextEvent|hg:hg.mozilla.org/releases/mozilla-esr52:xpcom/glue/nsThreadUtils.cpp:f6216ea8b8fc|361|0xd 0|34|libxul.so|mozilla::ipc::MessagePump::Run|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/glue/MessagePump.cpp:f6216ea8b8fc|96|0xa 0|35|libxul.so|MessageLoop::RunInternal|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/chromium/src/base/message_loop.cc:f6216ea8b8fc|232|0x17 0|36|libxul.so|MessageLoop::Run|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/chromium/src/base/message_loop.cc:f6216ea8b8fc|225|0x8 0|37|libxul.so|nsBaseAppShell::Run|hg:hg.mozilla.org/releases/mozilla-esr52:widget/nsBaseAppShell.cpp:f6216ea8b8fc|156|0xd 0|38|libxul.so|XRE_RunAppShell|hg:hg.mozilla.org/releases/mozilla-esr52:toolkit/xre/nsEmbedFunctions.cpp:f6216ea8b8fc|866|0x6 0|39|libxul.so|mozilla::ipc::MessagePumpForChildProcess::Run|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/glue/MessagePump.cpp:f6216ea8b8fc|269|0x5 0|40|libxul.so|MessageLoop::RunInternal|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/chromium/src/base/message_loop.cc:f6216ea8b8fc|232|0x17 0|41|libxul.so|MessageLoop::Run|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/chromium/src/base/message_loop.cc:f6216ea8b8fc|225|0x8 0|42|libxul.so|XRE_InitChildProcess|hg:hg.mozilla.org/releases/mozilla-esr52:toolkit/xre/nsEmbedFunctions.cpp:f6216ea8b8fc|698|0xf 0|43|plugin-container|content_process_main|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/contentproc/plugin-container.cpp:f6216ea8b8fc|197|0xe 0|44|libc-2.23.so||||0x20830 0|45|plugin-container|MOZ_ReportAssertionFailure|hg:hg.mozilla.org/releases/mozilla-esr52:mfbt/Assertions.h:f6216ea8b8fc|170|0x5
Flags: in-testsuite?
|
Assignee | |
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
|
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → echen
status-firefox57:
--- → unaffected
status-firefox58:
--- → unaffected
status-firefox59:
--- → unaffected
status-firefox-esr52:
--- → affected
Priority: -- → P2
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•