Assertion failure: false (), at /builds/worker/workspace/build/src/dom/localstorage/ActorsParent.cpp:3129
Categories
(Core :: Storage: localStorage & sessionStorage, defect, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox67 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: assertion, testcase)
Attachments
(2 files)
Assertion failure: false (), at /builds/worker/workspace/build/src/dom/localstorage/ActorsParent.cpp:3129
29|0|libxul.so|mozilla::dom::VerifyPrincipalInfo(mozilla::Maybe<mozilla::dom::IdType<mozilla::dom::ContentParent> > const&, mozilla::ipc::PrincipalInfo const&, mozilla::Maybe<nsID> const&)|hg:hg.mozilla.org/mozilla-central:dom/clients/manager/ClientManagerService.h:eb0a25f393aad44362b34f21173193f6f632d2eb|77|0x0
29|1|libxul.so|mozilla::dom::VerifyRequestParams(mozilla::Maybe<mozilla::dom::IdType<mozilla::dom::ContentParent> > const&, mozilla::dom::LSRequestParams const&)|hg:hg.mozilla.org/mozilla-central:dom/localstorage/ActorsParent.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|3208|0xe
29|2|libxul.so|mozilla::dom::AllocPBackgroundLSRequestParent(mozilla::ipc::PBackgroundParent*, mozilla::dom::LSRequestParams const&)|hg:hg.mozilla.org/mozilla-central:dom/localstorage/ActorsParent.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|3248|0xc
29|3|libxul.so|mozilla::ipc::PBackgroundParent::OnMessageReceived(IPC::Message const&)|s3:gecko-generated-sources:d5477e0a4c32538e30ed0dd3f2343a4aefb3eee7a4594ad5e7e48c8d7217a3c4108225357a9b76cb5ba3ef5817281c765558e9804c098dc2e0f8723d53f992f3/ipc/ipdl/PBackgroundParent.cpp:|1886|0xf
29|4|libxul.so|mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|2151|0x6
29|5|libxul.so|mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|2078|0xb
29|6|libxul.so|mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|1937|0xb
29|7|libxul.so|mozilla::ipc::MessageChannel::MessageTask::Run()|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|1968|0xc
29|8|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|1179|0x15
29|9|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|482|0x11
29|10|libxul.so|mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|333|0xd
29|11|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:eb0a25f393aad44362b34f21173193f6f632d2eb|315|0x17
29|12|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:eb0a25f393aad44362b34f21173193f6f632d2eb|308|0x8
29|13|libxul.so|nsThread::ThreadFunc(void*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|454|0x8
29|14|libnspr4.so|_pt_root|hg:hg.mozilla.org/mozilla-central:nsprpub/pr/src/pthreads/ptthread.c:eb0a25f393aad44362b34f21173193f6f632d2eb|201|0x7
29|15|libpthread-2.23.so||||0x76ba
29|16|libc-2.23.so||||0x10741d
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
|
||
Comment 1•5 years ago
|
||
Tyson, how did you open/load testcase.html when you saw the assertion ?
|
Reporter | |
Comment 2•5 years ago
|
||
Try this:
- Put harness.html and testcase.html in the same directory
- Launch the browser and set dom.disable_open_during_load=true
- Open harness.html
That works consistently for me. To answer the initial question the fuzzer was serving testcases via http.
|
|
||
Comment 3•5 years ago
|
||
Ok, I can reproduce it now.
ClientManagerService::HasWindow returns false here:
https://searchfox.org/mozilla-central/rev/a7315d78417179b151fef6108f2bce14786ba64d/dom/localstorage/ActorsParent.cpp#3139
ClientManagerService::FindSource returns null because it doesn't have an entry in the hash table for given id.
|
||
Comment 5•5 years ago
•
|
||
Assertion failed only when opening with file://.../harness.html.
URL file scheme makes ClientIsValidCreationURL fail in ClientSource::ExecutionReady() then sends PClientSourceChild::SendTeardown to the parent process. PClientSourceParent::RecvTeardown will remove the ClientSourceParent from ClientManagerService.
After that, testcase.html line 9
window.window.onstorage = document.onselectionchange
will create LSObject and send a LSRequest to the parent process. Then we got the assertion when checking the passed in LSRequestParams.
|
||
Comment 6•5 years ago
|
||
(In reply to Eden Chuang[:edenchuang] from comment #5)
Assertion failed only when opening with file://.../harness.html.
Interesting. Does this mean it's possibly related to bug 1534431?
|
|
||
Comment 7•5 years ago
|
||
Yes, I think this bug is totally the same with bug 1534431.
|
|
||
Updated•5 years ago
|
|
|
||
Comment 9•5 years ago
|
||
Yeah, but even when we fix the hang (working on it), we still need to fix the case when ClientIsValidCreationURL fails.
Otherwise LS won't work when ClientIsValidCreationURL fails.
I found out, that ClientIsValidCreationURL sometimes fails when a file:// page is session restored.
Description
•