Closed
Bug 1491533
Opened 7 years ago
Closed 7 years ago
Crash in mozilla::ContentPrincipal::SetDomain::<T>::__invoke
Categories
(Core :: XPConnect, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla64
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox62 | --- | unaffected |
| firefox63 | --- | unaffected |
| firefox64 | blocking | fixed |
People
(Reporter: calixte, Assigned: jandem)
References
(Blocks 1 open bug)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
This bug was filed from the Socorro interface and is
report bp-b2e8a7f9-aa3b-48f6-ab28-6effb0180915.
=============================================================
Top 10 frames of crashing thread:
0 xul.dll static void mozilla::ContentPrincipal::SetDomain::<unnamed-tag>::__invoke caps/ContentPrincipal.cpp:372
1 xul.dll JS::IterateRealmsWithPrincipals js/src/gc/PublicIterators.cpp:256
2 xul.dll mozilla::ContentPrincipal::SetDomain caps/ContentPrincipal.cpp:376
3 xul.dll nsHTMLDocument::SetDomain dom/html/nsHTMLDocument.cpp:1043
4 xul.dll static bool mozilla::dom::HTMLDocument_Binding::set_domain dom/bindings/HTMLDocumentBinding.cpp:60
5 xul.dll mozilla::dom::binding_detail::GenericSetter<mozilla::dom::binding_detail::NormalThisPolicy> dom/bindings/BindingUtils.cpp:3240
6 xul.dll js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:552
7 xul.dll js::CallSetter js/src/vm/Interpreter.cpp:767
8 xul.dll static bool SetExistingProperty js/src/vm/NativeObject.cpp:2901
9 xul.dll bool js::NativeSetProperty<js::Qualified> js/src/vm/NativeObject.cpp:2942
=============================================================
There are 32 crashes (from 27 installations) in nightly 64 with buildid 20180914220208. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1487032.
[1] https://hg.mozilla.org/mozilla-central/rev?node=416aff73b2ee
Flags: needinfo?(jdemooij)
|
Reporter | |
Updated•7 years ago
|
Crash Signature: [@ mozilla::ContentPrincipal::SetDomain::<T>::__invoke] → [@ mozilla::ContentPrincipal::SetDomain::<T>::__invoke]
[@ mozilla::ContentPrincipal::SetDomain::$_0::__invoke]
|
Assignee | |
Comment 1•7 years ago
|
||
Oh this is probably a compartment without a CompartmentPrivate. I think we can just ignore these; will try to write a test tomorrow.
|
|
Reporter | |
Updated•7 years ago
|
OS: Windows 10 → All
|
|
Assignee | |
Comment 2•7 years ago
|
||
|
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → jdemooij
Status: NEW → ASSIGNED
Flags: needinfo?(jdemooij)
|
||
Updated•7 years ago
|
tracking-firefox64:
--- → blocking
|
|
Assignee | |
Comment 3•7 years ago
|
||
I've been unable to repro this but the off-thread parsing scenario explained in the comment could definitely trigger this (off-thread parse realms inherit the main thread principal) and it explains the non-determinism.
|
||
Updated•7 years ago
|
Priority: -- → P2
|
||
Comment 4•7 years ago
|
||
Comment on attachment 9009549 [details]
Bug 1491533 - Null check CompartmentPrivate in SetCompartmentChangedDocumentDomain. r?bholley
Bobby Holley (:bholley) has approved the revision.
Attachment #9009549 -
Flags: review+
Pushed by rvandermeulen@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c0d3f2af4dc9
Null check CompartmentPrivate in SetCompartmentChangedDocumentDomain. r=bholley
|
|
Assignee | |
Comment 6•7 years ago
|
||
Thanks for landing this, Ryan.
|
||
Comment 7•7 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
You need to log in
before you can comment on or make changes to this bug.
Description
•