Closed Bug 1426977 Opened 8 years ago Closed 8 years ago

Crash in mozilla::dom::ClientSource::WindowExecutionReady

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86_64
Windows 10
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla59
Tracking Flags:
Tracking Status
firefox-esr52 --- unaffected
firefox57 --- unaffected
firefox58 --- unaffected
firefox59 --- fixed

People

(Reporter: baffclan, Assigned: bkelly)

References

Details

(Keywords: crash)

Crash Data

Attachments

(5 files, 2 obsolete files)

P1 Preload the cookie permission to properly block client-side service worker interception. r=mystor
1.08 KB, patch
nika
: review+
Details | Diff | Splinter Review
P2 Add StorageAllowedForNewWindow() to support docshell service worker checks. r=mystor
7.43 KB, patch
nika
: review+
Details | Diff | Splinter Review
P3 Use StorageAllowedForNewWindow() in nsDocShell::ServiceWorkerAllowedToControlWindow(). r=mystor
6.30 KB, patch
nika
: review+
Details | Diff | Splinter Review
P5 Remove unnused cookie pref getters from nsContentUtils. r=mystor
1.15 KB, patch
nika
: review+
Details | Diff | Splinter Review
P4 Add mochitest verifying service workers respect per-site cookie permissions. r=mystor
5.33 KB, patch
bkelly
: review+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-c273d470-a599-4a3b-b508-812eb0171224. ============================================================= Top 10 frames of crashing thread: 0 xul.dll mozilla::dom::ClientSource::WindowExecutionReady dom/clients/manager/ClientSource.cpp:252 1 xul.dll nsGlobalWindowInner::ExecutionReady dom/base/nsGlobalWindowInner.cpp:1888 2 xul.dll nsGlobalWindowOuter::SetNewDocument dom/base/nsGlobalWindowOuter.cpp:2013 3 xul.dll nsDocumentViewer::InitInternal layout/base/nsDocumentViewer.cpp:934 4 xul.dll nsDocumentViewer::Init layout/base/nsDocumentViewer.cpp:665 5 xul.dll nsDocShell::SetupNewViewer docshell/base/nsDocShell.cpp:9720 6 xul.dll nsDocShell::Embed docshell/base/nsDocShell.cpp:7537 7 xul.dll nsDocShell::CreateContentViewer docshell/base/nsDocShell.cpp:9524 8 xul.dll nsDSURIContentListener::DoContent docshell/base/nsDSURIContentListener.cpp:196 9 xul.dll nsDocumentOpenInfo::TryContentListener uriloader/base/nsURILoader.cpp:739 =============================================================
The change that caused this was backed out.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
(In reply to Ben Kelly [:bkelly] from comment #1) > The change that caused this was backed out. regression by bug 1425975?
WFM with Newest Nightly. User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0 Build ID: 20171224100317
Status: RESOLVED → VERIFIED
Assignee: nobody → bkelly
Blocks: 1425975
status-firefox57: --- → unaffected
status-firefox58: --- → unaffected
status-firefox59: affectedfixed
status-firefox-esr52: --- → unaffected
Target Milestone: --- → mozilla59
It's baaaaack! https://crash-stats.mozilla.com/report/index/86f407d5-de58-4cab-8dbf-1442d0180107 Worse, it seems to be an assertion causing the problem. :( MOZ_RELEASE_ASSERT(nsContentUtils::StorageAllowedForWindow(aInnerWindow) == nsContentUtils::StorageAccess::eAllow) This has made theoldreader.com pretty useless.
If you have reliable steps to reproduce, that would be great. Thanks.
Flags: needinfo?(bkelly)
Bryan, what add-ons and cookie settings are you using?
Flags: needinfo?(bytehead)
Or have you denied storage permission explicitly for the site that is crashing?
It is "Cookies setting". e.g., https://twitter.com/ : Allow for Session Accept third-party cookies : Never STR: Set a cookies setting. Open https://twitter.com/ Crash.
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
Ok, its per-site session cookie settings. I can reproduce. Unfortunately we cannot support blocking the first service worker fetch event based on those settings until we move to parent-side interception and fix bug 1428130. For now I will at least make it not crash.
Flags: needinfo?(bytehead)
Flags: needinfo?(bkelly)
The test in P4 triggers the crash. Patches P1, P2, and P3 allow us to pass the test while correctly blocking service workers. There is some debate about this approach, though. I'm not sure if I've convinced Nika if its ok or not yet, but lets see if we can go this way. I would prefer to correctly respect the permission even if the preload is not ideal. I'm going to wait for try to be green and then flag for review.
Comment on attachment 8940752 [details] [diff] [review] P2 Add StorageAllowedForNewWindow() to support docshell service worker checks. r=mystor Review of attachment 8940752 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/base/nsContentUtils.h @@ +2984,5 @@ > + * Checks if storage should be allowed for a new window with the given > + * principal, load URI, and parent. > + */ > + static StorageAccess StorageAllowedForNewWindow(nsIPrincipal* aPrincipal, > + nsIURI* aURI, I'm not sure why you need to have this as a separate parameter here rather than extracting it from the aPrincipal. It looks like in the one caller you add in p3 you always pass a codebase principal built from aURI to this function. If its just a performance thing can you debug assert that the URI in the principal and aURI match?
Comment on attachment 8940751 [details] [diff] [review] P1 Preload the cookie permission to properly block client-side service worker interception. r=mystor Nika, this preloads the cookie permission as we discussed. I have bug 1428130 filed to remove the preload once service worker begins checking storage in the parent process.
Attachment #8940751 - Flags: review?(nika)
Comment on attachment 8940752 [details] [diff] [review] P2 Add StorageAllowedForNewWindow() to support docshell service worker checks. r=mystor This patch adds another StorageAllowed*() helper routine for docshell. Bsaically this just means treating the passed window as a parent window and providing an explicit URI for the window to be loaded. Note, we require a separate URI to be passed since the URL can be things like about:blank and about:srcdoc which does not directly match the URI in the principal.
Attachment #8940752 - Flags: review?(nika)
Comment on attachment 8940753 [details] [diff] [review] P3 Use StorageAllowedForNewWindow() in nsDocShell::ServiceWorkerAllowedToControlWindow(). r=mystor This patch uses the new StorageAllowedForNewWindow() helper in docshell.
Attachment #8940753 - Flags: review?(nika)
Comment on attachment 8940800 [details] [diff] [review] P4 Add mochitest verifying service workers respect per-site cookie permissions. r=mystor Nika, this patch contains a test which verifies service worker is blocked when a per-site cookie permission is set. Without any other patches this triggers the crash from comment 0. With patches P1 to P3 the test passes. Note, try did show some --verify failures, but I have not been able to reproduce them locally. I did fix up a few more service worker related things in the test, but can't test in automation yet since taskcluster is down. I think the test should be pretty solid now.
Attachment #8940800 - Flags: review?(nika)
And we can now nuke these cookie pref getters from nsContentUtils since docshell doesn't need them any more.
Attachment #8940802 - Flags: review?(nika)
Comment on attachment 8940751 [details] [diff] [review] P1 Preload the cookie permission to properly block client-side service worker interception. r=mystor Review of attachment 8940751 [details] [diff] [review]: ----------------------------------------------------------------- Unfortunate but OK as a temporary solution. Thanks for filing the follow-up.
Attachment #8940751 - Flags: review?(nika) → review+
Attachment #8940752 - Flags: review?(nika) → review+
Attachment #8940753 - Flags: review?(nika) → review+
Comment on attachment 8940800 [details] [diff] [review] P4 Add mochitest verifying service workers respect per-site cookie permissions. r=mystor Review of attachment 8940800 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/workers/test/serviceworkers/browser_storage_permission.js @@ +42,5 @@ > +}); > + > +add_task(async function test_allow_permission() { > + Services.perms.add(Services.io.newURI(PAGE_URI), "cookie", > + Ci.nsICookiePermission.ACCESS_ALLOW); nit: indentation, here and in the other tests. @@ +44,5 @@ > +add_task(async function test_allow_permission() { > + Services.perms.add(Services.io.newURI(PAGE_URI), "cookie", > + Ci.nsICookiePermission.ACCESS_ALLOW); > + > + let tab = BrowserTestUtils.addTab(gBrowser, SCOPE); It might be nice to factor these bits out into a helper, but it's not really a big deal so *shrug*.
Attachment #8940800 - Flags: review?(nika) → review+
Attachment #8940802 - Flags: review?(nika) → review+
The TV failures are still there, but they are tier 2 so won't block landing. I can't reproduce locally.
After looking at the debug I think the TV failure is a service worker cross-process propagation race. I could change the test to use single process, but I'm not going to worry about it here because this problem does not manifest in the when normally run and our refactoring work will fix it in the long run.
Pushed by bkelly@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/11a02afca6fe P1 Preload the cookie permission to properly block client-side service worker interception. r=mystor https://hg.mozilla.org/integration/mozilla-inbound/rev/47a65c7932c7 P2 Add StorageAllowedForNewWindow() to support docshell service worker checks. r=mystor https://hg.mozilla.org/integration/mozilla-inbound/rev/5b5c58cb8123 P3 Use StorageAllowedForNewWindow() in nsDocShell::ServiceWorkerAllowedToControlWindow(). r=mystor https://hg.mozilla.org/integration/mozilla-inbound/rev/ab49425989fe P4 Add mochitest verifying service workers respect per-site cookie permissions. r=mystor https://hg.mozilla.org/integration/mozilla-inbound/rev/62603fdd915b P5 Remove unnused cookie pref getters from nsContentUtils. r=mystor
Cannot reproduce with newest Nightly. User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0 Build ID: 20180109100117 Thanks for fixing this!
Status: RESOLVED → VERIFIED
Reproduce with newest nightly. User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0 Build ID: 20180126035135 This bug was filed from the Socorro interface and is report bp-88f3c70a-9470-47fc-aef8-19b660180126. ============================================================= Top 10 frames of crashing thread: 0 xul.dll mozilla::dom::ClientSource::WindowExecutionReady dom/clients/manager/ClientSource.cpp:252 1 xul.dll nsGlobalWindowInner::ExecutionReady dom/base/nsGlobalWindowInner.cpp:1922 2 xul.dll nsGlobalWindowOuter::SetNewDocument dom/base/nsGlobalWindowOuter.cpp:2013 3 xul.dll nsDocumentViewer::InitInternal layout/base/nsDocumentViewer.cpp:935 4 xul.dll nsDocumentViewer::Init layout/base/nsDocumentViewer.cpp:666 5 xul.dll nsDocShell::SetupNewViewer docshell/base/nsDocShell.cpp:9054 6 xul.dll nsDocShell::Embed docshell/base/nsDocShell.cpp:6876 7 xul.dll nsDocShell::CreateContentViewer docshell/base/nsDocShell.cpp:8856 8 xul.dll nsDSURIContentListener::DoContent docshell/base/nsDSURIContentListener.cpp:196 9 xul.dll nsDocumentOpenInfo::TryContentListener uriloader/base/nsURILoader.cpp:739 =============================================================
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
Please file a new bug.
Status: REOPENED → RESOLVED
Closed: 8 years ago8 years ago
Resolution: --- → FIXED
(In reply to Ben Kelly [:bkelly] from comment #34) > Please file a new bug. Thanks for comment. file a bug 1433454.
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: