Creating new Response() in add-on crashes the tab
Categories
(Core :: DOM: Core & HTML, defect, P2)
Tracking
()
People
(Reporter: speed, Assigned: perry)
References
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(2 files)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 Steps to reproduce: In my browser extension (add-on) JavaScript code, I attempted to create a Response object by calling new Response(). Actual results: The tab crashed and showed me the page: "Gah. Your tab just crashed." Expected results: A Response object should have been created. Calling new Response() from the Dev Console does not crash the tab.
Comment 2•6 years ago
|
||
Looks like this is also crashing on android with a nullptr global. Probably what we want to do is: 1. Make Response::Constructor throw InvalidStateError if the global is nullptr. 2. Only call InitFromChromeGlobal if we don't have a window, but we do have a system principal 3. Otherwise, let the response get created but without any channel security info
Updated•6 years ago
|
Comment 3•6 years ago
|
||
This still crashes periodically in Fennec, but usually it is a single installation crash.
Updated•5 years ago
|
Comment 5•5 years ago
|
||
Based on the stack from https://crash-stats.mozilla.com/report/index/42565032-450b-4f76-ad82-cfd2b0190425 we're hitting this release assert: https://searchfox.org/mozilla-central/rev/d143f8ce30d1bcfee7a1227c27bf876a85f8cede/dom/fetch/ChannelInfo.cpp#50-51
Which seems to suggest this codepath should only be usable from browser/Firefox code, not from add-ons. See also https://searchfox.org/mozilla-central/rev/d143f8ce30d1bcfee7a1227c27bf876a85f8cede/dom/fetch/Response.cpp#200-214 and comment #2.
:hsinyi, based on the steps in the dupe (bug 1540109) this is blocking people from releasing Firefox add-on updates. Any chance it could be prioritized?
Workaround in the add-on might be invoking the Response constructor somewhere else and passing the response to where it's needed (e.g. as blob).
Comment 6•5 years ago
|
||
Hi Gijs, thanks for bringing this up. I think Service Worker team would have a better view on this, so NI Andrew. :)
Hi Andrew, please let me know if there's anything my team can help with.
Comment 7•5 years ago
|
||
Perry, let's try to get this fixed as soon as parent intercept lands (or before?).
Assignee | ||
Comment 8•5 years ago
|
||
Pushed by pjiang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/dac784d695b3 Don't crash on `Response` constructor in WebExtensions. r=baku
Comment 10•5 years ago
|
||
bugherder |
Updated•5 years ago
|
Description
•