Closed
Bug 1450164
Opened 7 years ago
Closed 6 years ago
Assertion failure: !mIsBeingDestroyed, at src/docshell/base/nsDocShell.cpp:1424
Categories
(Core :: DOM: Navigation, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla63
People
(Reporter: tsmith, Assigned: qdot)
References
(Blocks 2 open bugs)
Details
(Keywords: assertion, testcase)
Attachments
(3 files, 1 obsolete file)
BuildID=20180329220707
SourceStamp=dcd10220d55aea46db212314c46d25a96a7be243
Assertion failure: !mIsBeingDestroyed, at src/docshell/base/nsDocShell.cpp:1424
#0 nsDocShell::SetCurrentURI(nsIURI*, nsIRequest*, bool, unsigned int) src/docshell/base/nsDocShell.cpp:1424:3
#1 nsDocShell::AddState(JS::Handle<JS::Value>, nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, bool, JSContext*) src/docshell/base/nsDocShell.cpp:11999:5
#2 nsHistory::PushOrReplaceState(JSContext*, JS::Handle<JS::Value>, nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, mozilla::ErrorResult&, bool) src/dom/base/nsHistory.cpp:312:19
#3 nsHistory::ReplaceState(JSContext*, JS::Handle<JS::Value>, nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, mozilla::ErrorResult&) src/dom/base/nsHistory.cpp:278:3
#4 mozilla::dom::HistoryBinding::replaceState(JSContext*, JS::Handle<JSObject*>, nsHistory*, JSJitMethodCallArgs const&) src/obj-firefox/dom/bindings/HistoryBinding.cpp:382:9
#5 mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*) src/dom/bindings/BindingUtils.cpp:3032:13
#6 js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) src/js/src/vm/JSContext-inl.h:290:15
#7 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:467:16
#8 InternalCall(JSContext*, js::AnyInvokeArgs const&) src/js/src/vm/Interpreter.cpp:516:12
#9 Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3084:18
#10 js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:417:12
#11 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:489:15
#12 InternalCall(JSContext*, js::AnyInvokeArgs const&) src/js/src/vm/Interpreter.cpp:516:12
#13 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) src/js/src/vm/Interpreter.cpp:535:10
#14 JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) src/js/src/jsapi.cpp:3002:12
#15 mozilla::dom::EventHandlerNonNull::Call(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) src/obj-firefox/dom/bindings/EventHandlerBinding.cpp:260:37
#16 void mozilla::dom::EventHandlerNonNull::Call<nsISupports*>(nsISupports* const&, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JSCompartment*) src/obj-firefox/dist/include/mozilla/dom/EventHandlerBinding.h:363:12
#17 mozilla::JSEventHandler::HandleEvent(nsIDOMEvent*) src/dom/events/JSEventHandler.cpp:215:12
#18 mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, nsIDOMEvent*, mozilla::dom::EventTarget*) src/dom/events/EventListenerManager.cpp:1090:51
#19 mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent**, mozilla::dom::EventTarget*, nsEventStatus*) src/dom/events/EventListenerManager.cpp:1259:20
#20 mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:347:17
#21 mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:527:16
#22 mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) src/dom/events/EventDispatcher.cpp:917:9
#23 nsDocumentViewer::PageHide(bool) src/layout/base/nsDocumentViewer.cpp:1434:5
#24 nsDocShell::FirePageHideNotificationInternal(bool, bool) src/docshell/base/nsDocShell.cpp:1144:20
#25 nsDocShell::FirePageHideNotification(bool) src/docshell/base/nsDocShell.cpp:1126:3
#26 nsDocShell::Destroy() src/docshell/base/nsDocShell.cpp:5479:9
#27 nsFrameLoader::DestroyDocShell() src/dom/base/nsFrameLoader.cpp:1824:15
#28 nsFrameLoaderDestroyRunnable::Run() src/dom/base/nsFrameLoader.cpp:1762:19
#29 nsIDocument::MaybeInitializeFinalizeFrameLoaders() src/dom/base/nsDocument.cpp:6630:22
#30 nsDocument::EndUpdate(unsigned int) src/dom/base/nsDocument.cpp:5094:3
#31 mozilla::dom::XULDocument::EndUpdate(unsigned int) src/dom/xul/XULDocument.cpp:2932:18
#32 mozAutoDocUpdate::~mozAutoDocUpdate() src/dom/base/mozAutoDocUpdate.h:40:18
#33 nsINode::doRemoveChildAt(unsigned int, bool, nsIContent*, nsAttrAndChildArray&) src/dom/base/nsINode.cpp:1767:1
#34 mozilla::dom::FragmentOrElement::RemoveChildAt_Deprecated(unsigned int, bool) src/dom/base/FragmentOrElement.cpp:1246:5
#35 nsXULElement::RemoveChildAt_Deprecated(unsigned int, bool) src/dom/xul/nsXULElement.cpp:878:22
#36 nsINode::RemoveChild(nsINode&, mozilla::ErrorResult&) src/dom/base/nsINode.cpp:549:3
#37 nsINode::Remove() src/dom/base/nsINode.cpp:1676:11
#38 mozilla::dom::ElementBinding::remove(JSContext*, JS::Handle<JSObject*>, mozilla::dom::Element*, JSJitMethodCallArgs const&) src/obj-firefox/dom/bindings/ElementBinding.cpp:4596:9
#39 mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*) src/dom/bindings/BindingUtils.cpp:3032:13
#40 js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) src/js/src/vm/JSContext-inl.h:290:15
#41 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:467:16
#42 InternalCall(JSContext*, js::AnyInvokeArgs const&) src/js/src/vm/Interpreter.cpp:516:12
#43 Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3084:18
#44 js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:417:12
#45 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:489:15
#46 InternalCall(JSContext*, js::AnyInvokeArgs const&) src/js/src/vm/Interpreter.cpp:516:12
#47 Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3084:18
#48 js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:417:12
#49 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:489:15
#50 InternalCall(JSContext*, js::AnyInvokeArgs const&) src/js/src/vm/Interpreter.cpp:516:12
#51 Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3084:18
#52 js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:417:12
#53 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:489:15
#54 InternalCall(JSContext*, js::AnyInvokeArgs const&) src/js/src/vm/Interpreter.cpp:516:12
#55 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) src/js/src/vm/Interpreter.cpp:535:10
#56 JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) src/js/src/jsapi.cpp:3002:12
#57 mozilla::dom::EventListener::HandleEvent(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, mozilla::ErrorResult&) src/obj-firefox/dom/bindings/EventListenerBinding.cpp:47:8
#58 void mozilla::dom::EventListener::HandleEvent<mozilla::dom::EventTarget*>(mozilla::dom::EventTarget* const&, mozilla::dom::Event&, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JSCompartment*) src/obj-firefox/dist/include/mozilla/dom/EventListenerBinding.h:66:12
#59 mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, nsIDOMEvent*, mozilla::dom::EventTarget*) src/dom/events/EventListenerManager.cpp:1087:9
#60 mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent**, mozilla::dom::EventTarget*, nsEventStatus*) src/dom/events/EventListenerManager.cpp:1259:20
#61 mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:347:17
#62 mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:481:12
#63 mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) src/dom/events/EventDispatcher.cpp:917:9
#64 mozilla::EventDispatcher::DispatchDOMEvent(nsISupports*, mozilla::WidgetEvent*, nsIDOMEvent*, nsPresContext*, nsEventStatus*) src/dom/events/EventDispatcher.cpp:996:12
#65 nsGlobalWindowInner::DispatchEvent(nsIDOMEvent*, bool*) src/dom/base/nsGlobalWindowInner.cpp:4581:17
#66 nsContentUtils::DispatchEvent(nsIDocument*, nsISupports*, nsTSubstring<char16_t> const&, bool, bool, bool, bool*, bool) src/dom/base/nsContentUtils.cpp:4480:18
#67 nsContentUtils::DispatchTrustedEvent(nsIDocument*, nsISupports*, nsTSubstring<char16_t> const&, bool, bool, bool*) src/dom/base/nsContentUtils.cpp:4448:10
#68 nsGlobalWindowOuter::DispatchCustomEvent(nsTSubstring<char16_t> const&) src/dom/base/nsGlobalWindowOuter.cpp:3846:3
#69 nsGlobalWindowOuter::CloseOuter(bool) src/dom/base/nsGlobalWindowOuter.cpp:5992:8
#70 mozilla::dom::WindowBinding::close(JSContext*, JS::Handle<JSObject*>, nsGlobalWindowInner*, JSJitMethodCallArgs const&) src/obj-firefox/dom/bindings/WindowBinding.cpp:1767:9
#71 mozilla::dom::WindowBinding::genericCrossOriginMethod(JSContext*, unsigned int, JS::Value*) src/obj-firefox/dom/bindings/WindowBinding.cpp:16208:13
#72 js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) src/js/src/vm/JSContext-inl.h:290:15
#73 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:467:16
#74 InternalCall(JSContext*, js::AnyInvokeArgs const&) src/js/src/vm/Interpreter.cpp:516:12
#75 Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3084:18
#76 js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:417:12
#77 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:489:15
#78 InternalCall(JSContext*, js::AnyInvokeArgs const&) src/js/src/vm/Interpreter.cpp:516:12
#79 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) src/js/src/vm/Interpreter.cpp:535:10
#80 JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) src/js/src/jsapi.cpp:3002:12
#81 mozilla::dom::EventHandlerNonNull::Call(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) src/obj-firefox/dom/bindings/EventHandlerBinding.cpp:260:37
#82 void mozilla::dom::EventHandlerNonNull::Call<nsISupports*>(nsISupports* const&, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JSCompartment*) src/obj-firefox/dist/include/mozilla/dom/EventHandlerBinding.h:363:12
#83 mozilla::JSEventHandler::HandleEvent(nsIDOMEvent*) src/dom/events/JSEventHandler.cpp:215:12
#84 mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, nsIDOMEvent*, mozilla::dom::EventTarget*) src/dom/events/EventListenerManager.cpp:1090:51
#85 mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent**, mozilla::dom::EventTarget*, nsEventStatus*) src/dom/events/EventListenerManager.cpp:1259:20
#86 mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:347:17
#87 mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:527:16
#88 mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) src/dom/events/EventDispatcher.cpp:917:9
#89 nsDocumentViewer::LoadComplete(nsresult) src/layout/base/nsDocumentViewer.cpp:1066:7
#90 nsDocShell::EndPageLoad(nsIWebProgress*, nsIChannel*, nsresult) src/docshell/base/nsDocShell.cpp:7292:21
#91 nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) src/docshell/base/nsDocShell.cpp:7085:7
#92 non-virtual thunk to nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) src/docshell/base/nsDocShell.cpp
#93 nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, nsresult) src/uriloader/base/nsDocLoader.cpp:1315:3
#94 nsDocLoader::doStopDocumentLoad(nsIRequest*, nsresult) src/uriloader/base/nsDocLoader.cpp:858:14
#95 nsDocLoader::DocLoaderIsEmpty(bool) src/uriloader/base/nsDocLoader.cpp:747:9
#96 nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) src/uriloader/base/nsDocLoader.cpp:632:5
#97 non-virtual thunk to nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) src/uriloader/base/nsDocLoader.cpp
#98 mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult) src/netwerk/base/nsLoadGroup.cpp:629:28
#99 nsIDocument::DoUnblockOnload() src/dom/base/nsDocument.cpp:8323:18
#100 nsDocument::UnblockOnload(bool) src/dom/base/nsDocument.cpp:8245:9
#101 nsIDocument::DispatchContentLoadedEvents() src/dom/base/nsDocument.cpp:5311:3
#102 mozilla::detail::RunnableMethodImpl<nsIDocument*, void (nsIDocument::*)(), true, (mozilla::RunnableKind)0>::Run() src/obj-firefox/dist/include/nsThreadUtils.h:1215:13
#103 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1096:14
#104 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:519:10
#105 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:97:21
#106 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:326:10
#107 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:299:3
#108 nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:157:27
#109 nsAppStartup::Run() src/toolkit/components/startup/nsAppStartup.cpp:290:30
#110 XREMain::XRE_mainRun() src/toolkit/xre/nsAppRunner.cpp:4766:22
#111 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:4911:8
#112 XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:5003:21
#113 do_main(int, char**, char**) src/browser/app/nsBrowserApp.cpp:231:22
#114 main src/browser/app/nsBrowserApp.cpp:304:16
#115 __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#116 _start (firefox+0x423444)
Flags: in-testsuite?
|
Reporter | |
Comment 1•7 years ago
|
||
|
|
Reporter | |
Comment 2•7 years ago
|
||
Attachment #8963836 -
Attachment is obsolete: true
|
||
Comment 3•6 years ago
|
||
Maybe qDot can take a look while he's doing some nsDocShell refactoring?
Flags: needinfo?(kyle)
Priority: -- → P2
|
Assignee | |
Comment 4•6 years ago
|
||
Can't repro using attached test. Without user pref setup, test script won't run because dom.allow_scripts_to_close_windows is false. Using a window opener parent test to get around that, history access returns a security error during the unload event handler. Similarly, testing with the prefs file and test attached to bug, still get a security error. Have not bisected to find difference, but something could've changed in the 4 months since this was filed.
The HTML spec specifies that accesses to history on a non-fully-active doc (https://html.spec.whatwg.org/multipage/browsers.html#fully-active) should return security errors (https://html.spec.whatwg.org/multipage/history.html#history). We don't support checking for Fully Active docs quite yet (see bug 1414423 for implementing that), but this point in unload the status of the document is active though it may not have a browsing context. I'm fine leaving this as a security error since it's a weird time to access anyways.
Assignee: nobody → kyle
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(kyle)
Resolution: --- → INVALID
|
|
Assignee | |
Comment 5•6 years ago
|
||
Welp. I closed this because I was getting security errors, but it was from my own patch that I didn't realize was in the branch I was testing on, so this is actually still a problem. Explanation in Comment 4 still applies.
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
|
|
Assignee | |
Comment 6•6 years ago
|
||
If we add to history on a docshell that is being shut down, add
history entry but skip trying to load the new URI.
MozReview-Commit-ID: JCF9muhxbFd
|
|
Assignee | |
Comment 7•6 years ago
|
||
Depending on whether this patch is accepted, it may be worth writing a wpt around this if we decide on a standardizable way to deal with history in unload.
|
||
Comment 8•6 years ago
|
||
Comment on attachment 8994381 [details]
Bug 1450164 - Don't update URIs on history adds on docshells that are being shut down; r=bz
Boris Zbarsky [:bz] (no decent commit message means r-) has approved the revision.
https://phabricator.services.mozilla.com/D2311
Attachment #8994381 -
Flags: review+
|
|
Assignee | |
Comment 9•6 years ago
|
||
Followup for WPT filed in bug 1479634. For now, adding test to patch on this bug to make sure we don't assert on pushstate during unload.
|
|
Assignee | |
Comment 10•6 years ago
|
||
Also, request for clarification in HTML spec filed at https://github.com/whatwg/html/issues/3865
|
||
Comment 11•6 years ago
|
||
Pushed by kmachulis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3317065f14c6
Don't update URIs on history adds on docshells that are being shut down; r=bzbarsky
|
|
Assignee | |
Comment 12•6 years ago
|
||
Try run with tests derived from above example (which landed in patch): https://treeherder.mozilla.org/#/jobs?repo=try&revision=5a745dbee3e56a9fcf3948543dfcabdbef7c15f7&selectedJob=191479079
|
||
Comment 13•6 years ago
|
||
| bugherder | ||
Status: REOPENED → RESOLVED
Closed: 6 years ago → 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
|
||
Updated•6 years ago
|
status-firefox62:
--- → wontfix
status-firefox-esr52:
--- → wontfix
status-firefox-esr60:
--- → wontfix
Flags: in-testsuite? → in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•