Closed Bug 1451108 Opened 8 years ago Closed 7 years ago

Make it fatal anytime we dispatch events when it's not a good time to run script

Categories

(Core :: DOM: Events, defect, P2)

Product:
Core
Component:
DOM: Events
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla64
Tracking Flags:
Tracking Status
firefox-esr60 --- wontfix
firefox62 --- wontfix
firefox63 --- wontfix
firefox64 --- fixed

People

(Reporter: mconley, Assigned: mconley)

References

Details

(Keywords: sec-audit, Whiteboard: [post-critsmash-triage][adv-main64-])

Attachments

(1 file)

Bug 1451108 - Make it fatal anytime we dispatch events when it's not a good time to run script. r?smaug
46 bytes, text/x-phabricator-request
smaug
: review+
Details | Review
Actually, I think we just need to swap NS_ERROR with MOZ_CRASH.
Assignee: nobody → mconley
Group: dom-core-security
Keywords: sec-audit
My try push is here: https://treeherder.mozilla.org/#/jobs?repo=try&revision=976d689a6507bbae379a39c5a9b1499ead73b3b2 Looks like we've got one crash in automation, and that's in: dom/html/test/browser_submission_flush.js Which I think is bug 1450989. Getting that fixed should allow us to land this, I think.
Depends on: 1450989
The crash there is basically a regression from bug 1402025
(In reply to Olli Pettay [:smaug] (only webcomponents and event handling reviews, please) from comment #3) > The crash there is basically a regression from bug 1402025 Is it unrelated to bug 1450989 then?
Flags: needinfo?(bugs)
It is related definitely, but as such, regression from bug 1365092, since the relevant code used to run outside scriptblocker before that.
Flags: needinfo?(bugs)
I wonder whether we can/should run Before/AfterSetAttr outside the scriptblocker....
Priority: -- → P2
ni?ing myself to try the MOZ_CRASH patch again on try now that bug 1450989 is fixed.
Flags: needinfo?(mconley)
This is still exploding on try, but for different reasons: https://treeherder.mozilla.org/#/jobs?repo=try&revision=78d39108dabd7fbdcfece821f4d91487b10a5734&selectedJob=192624704 From this test: [task 2018-08-07T20:14:11.602Z] 20:14:11 INFO - TEST-START | browser/components/extensions/test/browser/browser_ext_devtools_inspectedWindow.js ... task 2018-08-07T20:14:37.355Z] 20:14:37 INFO - GECKO(1022) | [Parent 1022, Main Thread] ###!!! ASSERTION: Want to fire DOMNodeRemoved event, but it's not safe: 'Error', file /builds/worker/workspace/build/src/dom/base/nsContentUtils.cpp, line 4723 [task 2018-08-07T20:15:11.220Z] 20:15:11 INFO - GECKO(1022) | #01: nsINode::RemoveChild(nsINode&, mozilla::ErrorResult&) [dom/base/nsINode.cpp:570] [task 2018-08-07T20:15:11.221Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.223Z] 20:15:11 INFO - GECKO(1022) | #02: mozilla::dom::Node_Binding::removeChild [s3:gecko-generated-sources-l1:72bd3965e964a71c440849dcd3303c9f825eb385983f34de7a1dc67cd0e8ce22e9afdd2187d706a2c12b2044e8ea8d3dc1e443f0910643596376dae47ffccda7/dom/bindings/NodeBinding.cpp::1076] [task 2018-08-07T20:15:11.226Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.228Z] 20:15:11 INFO - GECKO(1022) | #03: bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) [dom/bindings/BindingUtils.cpp:3313] [task 2018-08-07T20:15:11.231Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.233Z] 20:15:11 INFO - GECKO(1022) | #04: CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) [js/src/vm/Interpreter.cpp:446] [task 2018-08-07T20:15:11.236Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.238Z] 20:15:11 INFO - GECKO(1022) | #05: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [js/src/vm/Interpreter.cpp:519] [task 2018-08-07T20:15:11.241Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.243Z] 20:15:11 INFO - GECKO(1022) | #06: InternalCall [js/src/vm/Interpreter.cpp:585] [task 2018-08-07T20:15:11.247Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.250Z] 20:15:11 INFO - GECKO(1022) | #07: js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) [js/src/vm/Interpreter.cpp:603] [task 2018-08-07T20:15:11.252Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.254Z] 20:15:11 INFO - GECKO(1022) | #08: js::ForwardingProxyHandler::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const [js/src/proxy/Wrapper.cpp:176] [task 2018-08-07T20:15:11.256Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.258Z] 20:15:11 INFO - GECKO(1022) | #09: js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const [js/src/proxy/CrossCompartmentWrapper.cpp:359] [task 2018-08-07T20:15:11.262Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.263Z] 20:15:11 INFO - GECKO(1022) | #10: js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) [js/src/proxy/Proxy.cpp:504] [task 2018-08-07T20:15:11.264Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.265Z] 20:15:11 INFO - GECKO(1022) | #11: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [js/src/vm/Interpreter.cpp:508] [task 2018-08-07T20:15:11.266Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.273Z] 20:15:11 INFO - GECKO(1022) | #12: InternalCall [js/src/vm/Interpreter.cpp:585] [task 2018-08-07T20:15:11.274Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.275Z] 20:15:11 INFO - GECKO(1022) | #13: Interpret [js/src/vm/Interpreter.cpp:3239] [task 2018-08-07T20:15:11.276Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.278Z] 20:15:11 INFO - GECKO(1022) | #14: js::RunScript(JSContext*, js::RunState&) [js/src/vm/Interpreter.cpp:425] [task 2018-08-07T20:15:11.279Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.280Z] 20:15:11 INFO - GECKO(1022) | #15: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [js/src/vm/Realm-inl.h:74] [task 2018-08-07T20:15:11.281Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.282Z] 20:15:11 INFO - GECKO(1022) | #16: InternalCall [js/src/vm/Interpreter.cpp:585] [task 2018-08-07T20:15:11.284Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.285Z] 20:15:11 INFO - GECKO(1022) | #17: js::jit::DoCallFallback [js/src/jit/BaselineIC.cpp:2582] [task 2018-08-07T20:15:11.286Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.286Z] 20:15:11 INFO - GECKO(1022) | #18: ??? (???:???) [task 2018-08-07T20:15:11.287Z] 20:15:11 INFO - GECKO(1022) | [Parent 1022, Main Thread] ###!!! ASSERTION: Want to fire DOMNodeRemoved event, but it's not safe: 'Error', file /builds/worker/workspace/build/src/dom/base/nsContentUtils.cpp, line 4723 [task 2018-08-07T20:15:11.289Z] 20:15:11 INFO - GECKO(1022) | #01: nsINode::RemoveChild(nsINode&, mozilla::ErrorResult&) [dom/base/nsINode.cpp:570] [task 2018-08-07T20:15:11.290Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.291Z] 20:15:11 INFO - GECKO(1022) | #02: nsINode::Remove() [dom/bindings/ErrorResult.h:809] [task 2018-08-07T20:15:11.291Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.292Z] 20:15:11 INFO - GECKO(1022) | #03: mozilla::dom::Element_Binding::remove [s3:gecko-generated-sources-l1:b5957f896aad21aaf147e89357937fb266cb1bbd3a717dd651810c410a01a29ae0272c59cdf693f3653adca18623d3be2a38acdd4c43b4008df9a25dee120e84/dom/bindings/ElementBinding.cpp::4621] [task 2018-08-07T20:15:11.293Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.295Z] 20:15:11 INFO - GECKO(1022) | #04: bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) [dom/bindings/BindingUtils.cpp:3313] [task 2018-08-07T20:15:11.295Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.296Z] 20:15:11 INFO - GECKO(1022) | #05: CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) [js/src/vm/Interpreter.cpp:446] [task 2018-08-07T20:15:11.297Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.298Z] 20:15:11 INFO - GECKO(1022) | #06: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [js/src/vm/Interpreter.cpp:519] [task 2018-08-07T20:15:11.299Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.300Z] 20:15:11 INFO - GECKO(1022) | #07: InternalCall [js/src/vm/Interpreter.cpp:585] [task 2018-08-07T20:15:11.301Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.301Z] 20:15:11 INFO - GECKO(1022) | #08: js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) [js/src/vm/Interpreter.cpp:603] [task 2018-08-07T20:15:11.302Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.303Z] 20:15:11 INFO - GECKO(1022) | #09: js::ForwardingProxyHandler::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const [js/src/proxy/Wrapper.cpp:176] [task 2018-08-07T20:15:11.304Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.305Z] 20:15:11 INFO - GECKO(1022) | #10: js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const [js/src/proxy/CrossCompartmentWrapper.cpp:359] [task 2018-08-07T20:15:11.306Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.307Z] 20:15:11 INFO - GECKO(1022) | #11: js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) [js/src/proxy/Proxy.cpp:504] [task 2018-08-07T20:15:11.308Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.309Z] 20:15:11 INFO - GECKO(1022) | #12: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [js/src/vm/Interpreter.cpp:508] [task 2018-08-07T20:15:11.311Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.312Z] 20:15:11 INFO - GECKO(1022) | #13: InternalCall [js/src/vm/Interpreter.cpp:585] [task 2018-08-07T20:15:11.313Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.314Z] 20:15:11 INFO - GECKO(1022) | #14: Interpret [js/src/vm/Interpreter.cpp:3239] [task 2018-08-07T20:15:11.316Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.317Z] 20:15:11 INFO - GECKO(1022) | #15: js::RunScript(JSContext*, js::RunState&) [js/src/vm/Interpreter.cpp:425] [task 2018-08-07T20:15:11.319Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.321Z] 20:15:11 INFO - GECKO(1022) | #16: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [js/src/vm/Realm-inl.h:74] [task 2018-08-07T20:15:11.322Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.324Z] 20:15:11 INFO - GECKO(1022) | #17: InternalCall [js/src/vm/Interpreter.cpp:585] [task 2018-08-07T20:15:11.326Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.327Z] 20:15:11 INFO - GECKO(1022) | #18: js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) [js/src/vm/Interpreter.cpp:603] [task 2018-08-07T20:15:11.329Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.331Z] 20:15:11 INFO - GECKO(1022) | #19: js::ForwardingProxyHandler::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const [js/src/proxy/Wrapper.cpp:176] [task 2018-08-07T20:15:11.332Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.334Z] 20:15:11 INFO - GECKO(1022) | #20: js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const [js/src/proxy/CrossCompartmentWrapper.cpp:359] [task 2018-08-07T20:15:11.336Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.337Z] 20:15:11 INFO - GECKO(1022) | #21: js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) [js/src/proxy/Proxy.cpp:504] [task 2018-08-07T20:15:11.339Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.341Z] 20:15:11 INFO - GECKO(1022) | #22: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [js/src/vm/Interpreter.cpp:508] [task 2018-08-07T20:15:11.342Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.344Z] 20:15:11 INFO - GECKO(1022) | #23: InternalCall [js/src/vm/Interpreter.cpp:585] [task 2018-08-07T20:15:11.346Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.347Z] 20:15:11 INFO - GECKO(1022) | #24: Interpret [js/src/vm/Interpreter.cpp:3239] [task 2018-08-07T20:15:11.349Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.351Z] 20:15:11 INFO - GECKO(1022) | #25: js::RunScript(JSContext*, js::RunState&) [js/src/vm/Interpreter.cpp:425] [task 2018-08-07T20:15:11.352Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.353Z] 20:15:11 INFO - GECKO(1022) | #26: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [js/src/vm/Realm-inl.h:74] [task 2018-08-07T20:15:11.354Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.356Z] 20:15:11 INFO - GECKO(1022) | #27: InternalCall [js/src/vm/Interpreter.cpp:585] [task 2018-08-07T20:15:11.357Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.358Z] 20:15:11 INFO - GECKO(1022) | #28: js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) [js/src/vm/Interpreter.cpp:603] [task 2018-08-07T20:15:11.359Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.360Z] 20:15:11 INFO - GECKO(1022) | #29: js::ForwardingProxyHandler::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const [js/src/proxy/Wrapper.cpp:176] [task 2018-08-07T20:15:11.361Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.362Z] 20:15:11 INFO - GECKO(1022) | #30: js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const [js/src/proxy/CrossCompartmentWrapper.cpp:359] [task 2018-08-07T20:15:11.363Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.364Z] 20:15:11 INFO - GECKO(1022) | #31: js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) [js/src/proxy/Proxy.cpp:504] [task 2018-08-07T20:15:11.365Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.366Z] 20:15:11 INFO - GECKO(1022) | #32: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [js/src/vm/Interpreter.cpp:508] [task 2018-08-07T20:15:11.367Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.368Z] 20:15:11 INFO - GECKO(1022) | #33: InternalCall [js/src/vm/Interpreter.cpp:585] [task 2018-08-07T20:15:11.369Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.370Z] 20:15:11 INFO - GECKO(1022) | #34: Interpret [js/src/vm/Interpreter.cpp:3239] [task 2018-08-07T20:15:11.371Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.373Z] 20:15:11 INFO - GECKO(1022) | #35: js::RunScript(JSContext*, js::RunState&) [js/src/vm/Interpreter.cpp:425] [task 2018-08-07T20:15:11.374Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.375Z] 20:15:11 INFO - GECKO(1022) | #36: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [js/src/vm/Realm-inl.h:74] [task 2018-08-07T20:15:11.376Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.378Z] 20:15:11 INFO - GECKO(1022) | #37: InternalCall [js/src/vm/Interpreter.cpp:585] [task 2018-08-07T20:15:11.379Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.380Z] 20:15:11 INFO - GECKO(1022) | #38: js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) [js/src/vm/Interpreter.cpp:603] [task 2018-08-07T20:15:11.381Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.382Z] 20:15:11 INFO - GECKO(1022) | #39: js::ForwardingProxyHandler::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const [js/src/proxy/Wrapper.cpp:176] [task 2018-08-07T20:15:11.383Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.384Z] 20:15:11 INFO - GECKO(1022) | #40: js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const [js/src/proxy/CrossCompartmentWrapper.cpp:359] [task 2018-08-07T20:15:11.385Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.386Z] 20:15:11 INFO - GECKO(1022) | #41: js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) [js/src/proxy/Proxy.cpp:504] [task 2018-08-07T20:15:11.387Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.388Z] 20:15:11 INFO - GECKO(1022) | #42: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [js/src/vm/Interpreter.cpp:508] [task 2018-08-07T20:15:11.389Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.390Z] 20:15:11 INFO - GECKO(1022) | #43: InternalCall [js/src/vm/Interpreter.cpp:585] [task 2018-08-07T20:15:11.391Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.393Z] 20:15:11 INFO - GECKO(1022) | #44: Interpret [js/src/vm/Interpreter.cpp:3239] [task 2018-08-07T20:15:11.394Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.395Z] 20:15:11 INFO - GECKO(1022) | #45: js::RunScript(JSContext*, js::RunState&) [js/src/vm/Interpreter.cpp:425] [task 2018-08-07T20:15:11.396Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.397Z] 20:15:11 INFO - GECKO(1022) | #46: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [js/src/vm/Realm-inl.h:74] [task 2018-08-07T20:15:11.398Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.399Z] 20:15:11 INFO - GECKO(1022) | #47: InternalCall [js/src/vm/Interpreter.cpp:585] [task 2018-08-07T20:15:11.400Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.401Z] 20:15:11 INFO - GECKO(1022) | #48: js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) [js/src/vm/Interpreter.cpp:603] [task 2018-08-07T20:15:11.402Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.404Z] 20:15:11 INFO - GECKO(1022) | #49: js::CallSelfHostedFunction(JSContext*, JS::Handle<js::PropertyName*>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) [js/src/vm/SelfHosting.cpp:1848] [task 2018-08-07T20:15:11.405Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.406Z] 20:15:11 INFO - GECKO(1022) | #50: js::jit::InterpretResume(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::Handle<js::PropertyName*>, JS::MutableHandle<JS::Value>) [js/src/jsapi.h:74] [task 2018-08-07T20:15:11.407Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.407Z] 20:15:11 INFO - GECKO(1022) | #51: ??? (???:???) [task 2018-08-07T20:15:11.409Z] 20:15:11 INFO - GECKO(1022) | Hit MOZ_CRASH(This is unsafe! Fix the caller!) at /builds/worker/workspace/build/src/dom/events/EventDispatcher.cpp:905 [task 2018-08-07T20:15:11.410Z] 20:15:11 INFO - GECKO(1022) | #01: mozilla::EventDispatcher::DispatchDOMEvent(nsISupports*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsPresContext*, nsEventStatus*) [dom/events/EventDispatcher.cpp:1194] [task 2018-08-07T20:15:11.410Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.411Z] 20:15:11 INFO - GECKO(1022) | #02: nsGlobalWindowInner::DispatchEvent(mozilla::dom::Event&, mozilla::dom::CallerType, mozilla::ErrorResult&) [dom/base/nsGlobalWindowInner.cpp:4327] [task 2018-08-07T20:15:11.411Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.412Z] 20:15:11 INFO - GECKO(1022) | #03: mozilla::dom::EventTarget_Binding::dispatchEvent [s3:gecko-generated-sources-l1:8333fb48b73b6c79bb5764789f95b7413a025071c55373534272d97eb2b31ac191cce4c3dbc60ec407405d56879b461dadf98603ed8cd166c255bba15c9c1411/dom/bindings/EventTargetBinding.cpp::987] [task 2018-08-07T20:15:11.413Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.413Z] 20:15:11 INFO - GECKO(1022) | #04: bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::MaybeGlobalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) [dom/bindings/BindingUtils.cpp:3313] [task 2018-08-07T20:15:11.413Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.413Z] 20:15:11 INFO - GECKO(1022) | #05: CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) [js/src/vm/Interpreter.cpp:446] [task 2018-08-07T20:15:11.415Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.416Z] 20:15:11 INFO - GECKO(1022) | #06: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [js/src/vm/Interpreter.cpp:519] [task 2018-08-07T20:15:11.417Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.417Z] 20:15:11 INFO - GECKO(1022) | #07: InternalCall [js/src/vm/Interpreter.cpp:585] [task 2018-08-07T20:15:11.418Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.418Z] 20:15:11 INFO - GECKO(1022) | #08: js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) [js/src/vm/Interpreter.cpp:603] [task 2018-08-07T20:15:11.418Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.419Z] 20:15:11 INFO - GECKO(1022) | #09: js::ForwardingProxyHandler::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const [js/src/proxy/Wrapper.cpp:176] [task 2018-08-07T20:15:11.419Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.421Z] 20:15:11 INFO - GECKO(1022) | #10: js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const [js/src/proxy/CrossCompartmentWrapper.cpp:359] [task 2018-08-07T20:15:11.421Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.422Z] 20:15:11 INFO - GECKO(1022) | #11: js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) [js/src/proxy/Proxy.cpp:504] [task 2018-08-07T20:15:11.423Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.423Z] 20:15:11 INFO - GECKO(1022) | #12: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [js/src/vm/Interpreter.cpp:508] [task 2018-08-07T20:15:11.423Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.423Z] 20:15:11 INFO - GECKO(1022) | #13: InternalCall [js/src/vm/Interpreter.cpp:585] [task 2018-08-07T20:15:11.424Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.425Z] 20:15:11 INFO - GECKO(1022) | #14: Interpret [js/src/vm/Interpreter.cpp:3239] [task 2018-08-07T20:15:11.425Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.427Z] 20:15:11 INFO - GECKO(1022) | #15: js::RunScript(JSContext*, js::RunState&) [js/src/vm/Interpreter.cpp:425] [task 2018-08-07T20:15:11.427Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.428Z] 20:15:11 INFO - GECKO(1022) | #16: js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [js/src/vm/Realm-inl.h:74] [task 2018-08-07T20:15:11.429Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.430Z] 20:15:11 INFO - GECKO(1022) | #17: InternalCall [js/src/vm/Interpreter.cpp:585] [task 2018-08-07T20:15:11.430Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.432Z] 20:15:11 INFO - GECKO(1022) | #18: js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) [js/src/vm/Interpreter.cpp:603] [task 2018-08-07T20:15:11.432Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.433Z] 20:15:11 INFO - GECKO(1022) | #19: js::jit::InvokeFunction(JSContext*, JS::Handle<JSObject*>, bool, bool, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) [js/src/jit/VMFunctions.cpp:107] [task 2018-08-07T20:15:11.434Z] 20:15:11 INFO - [task 2018-08-07T20:15:11.435Z] 20:15:11 INFO - GECKO(1022) | #20: js::jit::InvokeFromInterpreterStub(JSContext*, js::jit::InterpreterStubExitFrameLayout*) [js/src/jit/VMFunctions.cpp:136] [task 2018-08-07T20:15:11.436Z] 20:15:11 INFO -
Flags: needinfo?(mconley)
Who is calling dispatchEvent? The stack is missing the information. tryserver seems to have that, so it is [task 2018-08-07T20:15:20.891Z] 20:15:20 INFO - rbx = 0x00007fff7a77dcc0 rbp = 0x00007fff7a77dd90 [task 2018-08-07T20:15:20.893Z] 20:15:20 INFO - rsp = 0x00007fff7a77dc20 r12 = 0x0000000000000001 [task 2018-08-07T20:15:20.894Z] 20:15:20 INFO - r13 = 0x00007fff7a77dc50 r14 = 0x00007fff7a77dc40 [task 2018-08-07T20:15:20.895Z] 20:15:20 INFO - r15 = 0x00007fff7a77deb0 rip = 0x00007f04205b4f6c [task 2018-08-07T20:15:20.897Z] 20:15:20 INFO - Found by: call frame info [task 2018-08-07T20:15:20.898Z] 20:15:20 INFO - 80 libxul.so!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS*, unsigned short, nsXPTMethodInfo const*, nsXPTCMiniVariant*) [XPCWrappedJSClass.cpp:78d39108dabd7fbdcfece821f4d91487b10a5734 : 1134 + 0x5] [task 2018-08-07T20:15:20.899Z] 20:15:20 INFO - rbx = 0x00007fff7a77deb8 rbp = 0x00007fff7a77e190 [task 2018-08-07T20:15:20.901Z] 20:15:20 INFO - rsp = 0x00007fff7a77dda0 r12 = 0x00007fff7a77de01 [task 2018-08-07T20:15:20.902Z] 20:15:20 INFO - r13 = 0x0000000080004005 r14 = 0x00007f0415114c40 [task 2018-08-07T20:15:20.903Z] 20:15:20 INFO - r15 = 0x00007fff7a77df00 rip = 0x00007f041dc30b70 [task 2018-08-07T20:15:20.904Z] 20:15:20 INFO - Found by: call frame info [task 2018-08-07T20:15:20.906Z] 20:15:20 INFO - 81 libxul.so!PrepareAndDispatch [xptcstubs_x86_64_linux.cpp:78d39108dabd7fbdcfece821f4d91487b10a5734 : 128 + 0xf] [task 2018-08-07T20:15:20.907Z] 20:15:20 INFO - rbx = 0x00007fff7a77e1e8 rbp = 0x00007fff7a77e280 [task 2018-08-07T20:15:20.908Z] 20:15:20 INFO - rsp = 0x00007fff7a77e1a0 r12 = 0x00007fff7a77e310 [task 2018-08-07T20:15:20.910Z] 20:15:20 INFO - r13 = 0x00007f0414132f80 r14 = 0x00007fff7a77e2c0 [task 2018-08-07T20:15:20.911Z] 20:15:20 INFO - r15 = 0x00007fff7a77e1d0 rip = 0x00007f041d566905 [task 2018-08-07T20:15:20.913Z] 20:15:20 INFO - Found by: call frame info [task 2018-08-07T20:15:20.914Z] 20:15:20 INFO - 82 libxul.so!SharedStub + 0x5b [task 2018-08-07T20:15:20.915Z] 20:15:20 INFO - rbx = 0x00007fff7a77e318 rbp = 0x00007fff7a77e300 [task 2018-08-07T20:15:20.920Z] 20:15:20 INFO - rsp = 0x00007fff7a77e290 r12 = 0x0000000000000008 [task 2018-08-07T20:15:20.921Z] 20:15:20 INFO - r13 = 0x00007f03ec4cace0 r14 = 0x00007f0422192bec [task 2018-08-07T20:15:20.923Z] 20:15:20 INFO - r15 = 0x0000000000000000 rip = 0x00007f041d565d79 [task 2018-08-07T20:15:20.924Z] 20:15:20 INFO - Found by: call frame info [task 2018-08-07T20:15:20.925Z] 20:15:20 INFO - 83 libxul.so!nsObserverList::NotifyObservers(nsISupports*, char const*, char16_t const*) [nsObserverList.cpp:78d39108dabd7fbdcfece821f4d91487b10a5734 : 112 + 0x13] [task 2018-08-07T20:15:20.927Z] 20:15:20 INFO - rdx = 0x6563616672755349 rcx = 0xff00000000000000 [task 2018-08-07T20:15:20.928Z] 20:15:20 INFO - rbx = 0x00007fff7a77e318 rsi = 0xe4e40065736f6c63 [task 2018-08-07T20:15:20.929Z] 20:15:20 INFO - rdi = 0x0000000000000000 rbp = 0x00007fff7a77e350 [task 2018-08-07T20:15:20.931Z] 20:15:20 INFO - rsp = 0x00007fff7a77e310 r8 = 0x0000000000000000 [task 2018-08-07T20:15:20.932Z] 20:15:20 INFO - r9 = 0x0000000000000000 r12 = 0x0000000000000008 [task 2018-08-07T20:15:20.933Z] 20:15:20 INFO - r13 = 0x00007f03ec4cace0 r14 = 0x00007f0422192bec [task 2018-08-07T20:15:20.935Z] 20:15:20 INFO - r15 = 0x0000000000000000 rip = 0x00007f041d502f09 [task 2018-08-07T20:15:20.936Z] 20:15:20 INFO - Found by: call frame info [task 2018-08-07T20:15:20.937Z] 20:15:20 INFO - 84 libxul.so!nsObserverService::NotifyObservers(nsISupports*, char const*, char16_t const*) [nsObserverService.cpp:78d39108dabd7fbdcfece821f4d91487b10a5734 : 295 + 0x13] [task 2018-08-07T20:15:20.938Z] 20:15:20 INFO - rbx = 0x00007f0422192bec rbp = 0x00007fff7a77e3c0 [task 2018-08-07T20:15:20.940Z] 20:15:20 INFO - rsp = 0x00007fff7a77e360 r12 = 0x00007fff7a77e380 [task 2018-08-07T20:15:20.941Z] 20:15:20 INFO - r13 = 0x00007f041ae08290 r14 = 0x0000062e2bac4d5b [task 2018-08-07T20:15:20.942Z] 20:15:20 INFO - r15 = 0x00007fff7a77e370 rip = 0x00007f041d50306d [task 2018-08-07T20:15:20.944Z] 20:15:20 INFO - Found by: call frame info [task 2018-08-07T20:15:20.945Z] 20:15:20 INFO - 85 libxul.so!nsFrameMessageManager::Close() [nsFrameMessageManager.cpp:78d39108dabd7fbdcfece821f4d91487b10a5734 : 952 + 0x1e] [task 2018-08-07T20:15:20.946Z] 20:15:20 INFO - rbx = 0x00007f03ec4cace0 rbp = 0x00007fff7a77e400 [task 2018-08-07T20:15:20.948Z] 20:15:20 INFO - rsp = 0x00007fff7a77e3d0 r12 = 0x00007fff7a77e3d0 [task 2018-08-07T20:15:20.949Z] 20:15:20 INFO - r13 = 0x00007fff7a77e3d8 r14 = 0x00007f03e8ed8710 [task 2018-08-07T20:15:20.950Z] 20:15:20 INFO - r15 = 0x00007f03e8ed87a8 rip = 0x00007f041e0c5339 [task 2018-08-07T20:15:20.952Z] 20:15:20 INFO - Found by: call frame info [task 2018-08-07T20:15:20.953Z] 20:15:20 INFO - 86 libxul.so!nsFrameLoader::StartDestroy() [nsFrameLoader.cpp:78d39108dabd7fbdcfece821f4d91487b10a5734 : 1703 + 0x11] [task 2018-08-07T20:15:20.954Z] 20:15:20 INFO - rbx = 0x00007f03ec3fb4c0 rbp = 0x00007fff7a77e490 [task 2018-08-07T20:15:20.956Z] 20:15:20 INFO - rsp = 0x00007fff7a77e410 r12 = 0x0000000000000000 [task 2018-08-07T20:15:20.957Z] 20:15:20 INFO - r13 = 0x00007fff7a77e4a0 r14 = 0x00007f03e8ed8710 [task 2018-08-07T20:15:20.958Z] 20:15:20 INFO - r15 = 0x00007f03e8ed87a8 rip = 0x00007f041e1c6f5e [task 2018-08-07T20:15:20.960Z] 20:15:20 INFO - Found by: call frame info [task 2018-08-07T20:15:20.961Z] 20:15:20 INFO - 87 libxul.so!mozilla::dom::XULFrameElement::UnbindFromTree(bool, bool) [XULFrameElement.cpp:78d39108dabd7fbdcfece821f4d91487b10a5734 : 172 + 0x10] [task 2018-08-07T20:15:20.962Z] 20:15:20 INFO - rbx = 0x0000000000000001 rbp = 0x00007fff7a77e4e0 [task 2018-08-07T20:15:20.964Z] 20:15:20 INFO - rsp = 0x00007fff7a77e4a0 r12 = 0x0000000000000001 [task 2018-08-07T20:15:20.965Z] 20:15:20 INFO - r13 = 0x00007fff7a77e4a0 r14 = 0x00007f03e8ed8710 [task 2018-08-07T20:15:20.966Z] 20:15:20 INFO - r15 = 0x00007f03e8ed87a8 rip = 0x00007f041f1652f0 So, we have code observing message-manager-close and doing stuff there that shouldn't be done there. Need to audit all the usage.
Depends on: 1482402
Comment on attachment 9007868 [details] Bug 1451108 - Make it fatal anytime we dispatch events when it's not a good time to run script. r?smaug Olli Pettay [:smaug] has approved the revision.
Attachment #9007868 - Flags: review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/7a1e3ad7a911dadcab91b767f1a2f3535b48980e https://hg.mozilla.org/mozilla-central/rev/7a1e3ad7a911
Group: dom-core-security → core-security-release
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox64: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main64-]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: