Closed
Bug 1508373
Opened 4 years ago
Closed 2 years ago
Assertion failure: entry, at /builds/worker/workspace/build/src/dom/payments/PaymentRequestManager.cpp:393
Categories
(Core :: DOM: Web Payments, defect, P3)
Core
DOM: Web Payments
Tracking
()
RESOLVED
WORKSFORME
| Tracking | Status | |
|---|---|---|
| firefox65 | --- | affected |
People
(Reporter: jkratzer, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase, Whiteboard: [bugmon:bisected,confirmed])
Attachments
(1 file)
|
747 bytes,
text/html
|
Details |
Testcase found while fuzzing mozilla-central rev e44bb5b4bc79. Testcase requires a build with --enable-fuzzing in order to reproduce. Assertion failure: entry, at /builds/worker/workspace/build/src/dom/payments/PaymentRequestManager.cpp:393 rax = 0x000055f9c8ab3e40 rdx = 0x0000000000000000 rcx = 0x00007fdfdf4e5c63 rbx = 0x00007ffd3199c048 rsi = 0x00007fdfed0618b0 rdi = 0x00007fdfed060680 rbp = 0x00007ffd3199c070 rsp = 0x00007ffd3199c040 r8 = 0x00007fdfed0618b0 r9 = 0x00007fdfee1d2740 r10 = 0x0000000000000000 r11 = 0x0000000000000000 r12 = 0x00007fdfd36b8610 r13 = 0x00007fdfd2536570 r14 = 0x00007ffd3199c198 r15 = 0x00007ffd3199c0a0 rip = 0x00007fdfdcda7b25 OS|Linux|0.0.0 Linux 4.15.0-38-generic #41-Ubuntu SMP Wed Oct 10 10:59:38 UTC 2018 x86_64 CPU|amd64|family 6 model 78 stepping 3|1 GPU||| Crash|SIGSEGV /SEGV_MAPERR|0x0|0 0|0|libxul.so|mozilla::dom::PaymentRequestManager::NotifyRequestDone(mozilla::dom::PaymentRequest*)|hg:hg.mozilla.org/mozilla-central:dom/payments/PaymentRequestManager.cpp:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|394|0x0 0|1|libxul.so|mozilla::dom::PaymentRequestManager::RespondPayment(mozilla::dom::PaymentRequest*, mozilla::dom::IPCPaymentActionResponse const&)|hg:hg.mozilla.org/mozilla-central:dom/payments/PaymentRequestManager.cpp:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|722|0xf 0|2|libxul.so|mozilla::dom::PaymentRequestChild::RecvRespondPayment(mozilla::dom::IPCPaymentActionResponse const&)|hg:hg.mozilla.org/mozilla-central:dom/payments/ipc/PaymentRequestChild.cpp:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|44|0x16 0|3|libxul.so|mozilla::dom::PPaymentRequestChild::OnMessageReceived(IPC::Message const&)|s3:gecko-generated-sources:40edf41b027962d537a12d8171bcb3308b14f70b3745c0eb325eded63d66252c45881b0c9e3d794ff37c2a940a7e942d44720c8b3bd71d640ee5953b95a62f76/ipc/ipdl/PPaymentRequestChild.cpp:|134|0x3 0|4|libxul.so|mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|2244|0x6 0|5|libxul.so|mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|2171|0xb 0|6|libxul.so|mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|2008|0xb 0|7|libxul.so|mozilla::ipc::MessageChannel::MessageTask::Run()|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|2041|0xc 0|8|libxul.so|mozilla::SchedulerGroup::Runnable::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/SchedulerGroup.cpp:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|337|0x15 0|9|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|1244|0x11 0|10|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|530|0x11 0|11|libxul.so|mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|97|0xa 0|12|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|325|0x17 0|13|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|318|0x8 0|14|libxul.so|nsBaseAppShell::Run()|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|158|0xd 0|15|libxul.so|XRE_RunAppShell()|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|961|0x11 0|16|libxul.so|mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|269|0x5 0|17|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|325|0x17 0|18|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|318|0x8 0|19|libxul.so|XRE_InitChildProcess(int, char**, XREChildData const*)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|787|0x8 0|20|firefox-bin|content_process_main(mozilla::Bootstrap*, int, char**)|hg:hg.mozilla.org/mozilla-central:ipc/contentproc/plugin-container.cpp:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|50|0x14 0|21|firefox-bin|main|hg:hg.mozilla.org/mozilla-central:browser/app/nsBrowserApp.cpp:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|287|0x11 0|22|libc-2.27.so||||0x21b97 0|23|firefox-bin|MOZ_ReportAssertionFailure|hg:hg.mozilla.org/mozilla-central:mfbt/Assertions.h:e44bb5b4bc79be613d29b3f95d7b508e68e3d128|164|0x5
Flags: in-testsuite?
|
||
Comment 1•4 years ago
|
||
Eden, does this need to be prioritized?
Flags: needinfo?(echuang)
Priority: -- → P3
|
||
Updated•4 years ago
|
Flags: needinfo?(echuang)
|
||
Comment 2•2 years ago
|
||
Bugmon Analysis:
The bug appears to have been fixed in the following build range:
Start: 483fcc9deed0a0d8b76f275da6ecd36ba689f9ca (20200401093031)
End: 39c389ff5ce2428545685f59db4bc902017e5cd1 (20200401120938)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=483fcc9deed0a0d8b76f275da6ecd36ba689f9ca&tochange=39c389ff5ce2428545685f59db4bc902017e5cd1
Whiteboard: [bugmon:bisected,confirmed]
|
||
Comment 3•2 years ago
|
||
(In reply to Bugmon [:jkratzer for issues] from comment #2)
Bugmon Analysis:
The bug appears to have been fixed in the following build range:Start: 483fcc9deed0a0d8b76f275da6ecd36ba689f9ca (20200401093031)
End: 39c389ff5ce2428545685f59db4bc902017e5cd1 (20200401120938)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=483fcc9deed0a0d8b76f275da6ecd36ba689f9ca&tochange=39c389ff5ce2428545685f59db4bc902017e5cd1
I see nothing obvious in that range that fixed this specifically, but something did it apparently.
See Also: → 1515074
|
|
||
Updated•2 years ago
|
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•