Closed
Bug 1495862
Opened 2 years ago
Closed 2 years ago
Crash in mozilla::dom::FeaturePolicy::AllowsFeatureInternal
Categories
(Core :: DOM: Security, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla64
Tracking | Status | |
---|---|---|
firefox-esr60 | --- | unaffected |
firefox62 | --- | unaffected |
firefox63 | --- | unaffected |
firefox64 | --- | fixed |
People
(Reporter: calixte, Assigned: baku)
References
(Blocks 1 open bug)
Details
(Keywords: crash, regression, Whiteboard: [domsecurity-active])
Crash Data
Attachments
(1 file, 1 obsolete file)
1.58 KB,
patch
|
ckerschb
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-eb6d6e98-7013-4e3b-8670-8bddb0181002. ============================================================= Top 10 frames of crashing thread: 0 libxul.so mozilla::dom::FeaturePolicy::AllowsFeatureInternal const xpcom/ds/nsTArray.h:510 1 libxul.so mozilla::dom::FeaturePolicy::InheritPolicy const dom/security/featurepolicy/FeaturePolicy.cpp:55 2 libxul.so mozilla::dom::FeaturePolicyUtils::ForEachFeature clang/include/c++/4.9.4/functional:2440 3 libxul.so mozilla::dom::FeaturePolicy::InheritPolicy dom/security/featurepolicy/FeaturePolicy.cpp:38 4 libxul.so mozilla::dom::HTMLIFrameElement::RefreshFeaturePolicy dom/html/HTMLIFrameElement.cpp:309 5 libxul.so mozilla::dom::HTMLIFrameElement::AfterSetAttr dom/html/HTMLIFrameElement.cpp:180 6 libxul.so mozilla::dom::Element::SetAttrAndNotify dom/base/Element.cpp:2762 7 libxul.so mozilla::dom::Element::SetAttr dom/base/Element.cpp:2609 8 libxul.so nsHtml5TreeOperation::SetHTMLElementAttributes dom/base/Element.h:864 9 libxul.so nsHtml5TreeOperation::CreateHTMLElement parser/html/nsHtml5TreeOperation.cpp:506 ============================================================= There is 1 crash in nightly 64 with buildid 20181001220118. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1390801. [1] https://hg.mozilla.org/mozilla-central/rev?node=8edf2b229c9c
Flags: needinfo?(amarchesini)
Assignee | ||
Comment 1•2 years ago
|
||
I suspect this is going to be fixed by bug 1496034.
Flags: needinfo?(amarchesini)
Updated•2 years ago
|
Assignee | ||
Comment 2•2 years ago
|
||
I managed to reproduce it. Sometimes StartLoad() is called after checking mFeaturePolicy.
Assignee: nobody → amarchesini
Attachment #9016728 -
Flags: review?(ckerschb)
Assignee | ||
Comment 3•2 years ago
|
||
Attachment #9016728 -
Attachment is obsolete: true
Attachment #9016728 -
Flags: review?(ckerschb)
Attachment #9016778 -
Flags: review?(ckerschb)
Comment 4•2 years ago
|
||
Comment on attachment 9016778 [details] [diff] [review] aa.patch Review of attachment 9016778 [details] [diff] [review]: ----------------------------------------------------------------- good catch. r=me
Attachment #9016778 -
Flags: review?(ckerschb) → review+
Updated•2 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [domsecurity-active]
Pushed by amarchesini@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/d49ecfa61467 Ensure FeaturePolicy creation in the document, r=ckerschb
Comment 6•2 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/d49ecfa61467
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
You need to log in
before you can comment on or make changes to this bug.
Description
•