Closed Bug 1534833 Opened 1 year ago Closed 10 months ago

Assertion failure: false (), at /builds/worker/workspace/build/src/dom/localstorage/ActorsParent.cpp:3129

Categories

(Core :: Storage: localStorage & sessionStorage, defect, P2)

defect

Tracking

()

RESOLVED DUPLICATE of bug 1534431
Tracking Status
firefox67 --- affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: assertion, testcase)

Attachments

(2 files)

Attached file testcase.html

Assertion failure: false (), at /builds/worker/workspace/build/src/dom/localstorage/ActorsParent.cpp:3129

29|0|libxul.so|mozilla::dom::VerifyPrincipalInfo(mozilla::Maybe<mozilla::dom::IdType<mozilla::dom::ContentParent> > const&, mozilla::ipc::PrincipalInfo const&, mozilla::Maybe<nsID> const&)|hg:hg.mozilla.org/mozilla-central:dom/clients/manager/ClientManagerService.h:eb0a25f393aad44362b34f21173193f6f632d2eb|77|0x0
29|1|libxul.so|mozilla::dom::VerifyRequestParams(mozilla::Maybe<mozilla::dom::IdType<mozilla::dom::ContentParent> > const&, mozilla::dom::LSRequestParams const&)|hg:hg.mozilla.org/mozilla-central:dom/localstorage/ActorsParent.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|3208|0xe
29|2|libxul.so|mozilla::dom::AllocPBackgroundLSRequestParent(mozilla::ipc::PBackgroundParent*, mozilla::dom::LSRequestParams const&)|hg:hg.mozilla.org/mozilla-central:dom/localstorage/ActorsParent.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|3248|0xc
29|3|libxul.so|mozilla::ipc::PBackgroundParent::OnMessageReceived(IPC::Message const&)|s3:gecko-generated-sources:d5477e0a4c32538e30ed0dd3f2343a4aefb3eee7a4594ad5e7e48c8d7217a3c4108225357a9b76cb5ba3ef5817281c765558e9804c098dc2e0f8723d53f992f3/ipc/ipdl/PBackgroundParent.cpp:|1886|0xf
29|4|libxul.so|mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|2151|0x6
29|5|libxul.so|mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|2078|0xb
29|6|libxul.so|mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|1937|0xb
29|7|libxul.so|mozilla::ipc::MessageChannel::MessageTask::Run()|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|1968|0xc
29|8|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|1179|0x15
29|9|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|482|0x11
29|10|libxul.so|mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|333|0xd
29|11|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:eb0a25f393aad44362b34f21173193f6f632d2eb|315|0x17
29|12|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:eb0a25f393aad44362b34f21173193f6f632d2eb|308|0x8
29|13|libxul.so|nsThread::ThreadFunc(void*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:eb0a25f393aad44362b34f21173193f6f632d2eb|454|0x8
29|14|libnspr4.so|_pt_root|hg:hg.mozilla.org/mozilla-central:nsprpub/pr/src/pthreads/ptthread.c:eb0a25f393aad44362b34f21173193f6f632d2eb|201|0x7
29|15|libpthread-2.23.so||||0x76ba
29|16|libc-2.23.so||||0x10741d
Flags: in-testsuite?
Blocks: 1517090
Depends on: 1534816
Component: DOM → DOM: Web Storage
No longer depends on: 1534816
Priority: -- → P2

Tyson, how did you open/load testcase.html when you saw the assertion ?

Flags: needinfo?(twsmith)
Attached file harness.html

Try this:

  1. Put harness.html and testcase.html in the same directory
  2. Launch the browser and set dom.disable_open_during_load=true
  3. Open harness.html

That works consistently for me. To answer the initial question the fuzzer was serving testcases via http.

Flags: needinfo?(twsmith)

Ok, I can reproduce it now.

ClientManagerService::HasWindow returns false here:
https://searchfox.org/mozilla-central/rev/a7315d78417179b151fef6108f2bce14786ba64d/dom/localstorage/ActorsParent.cpp#3139

ClientManagerService::FindSource returns null because it doesn't have an entry in the hash table for given id.

No longer blocks: 1517090
Blocks: 1540402

Eden, can you investigate this one, too?

Flags: needinfo?(echuang)

Assertion failed only when opening with file://.../harness.html.

URL file scheme makes ClientIsValidCreationURL fail in ClientSource::ExecutionReady() then sends PClientSourceChild::SendTeardown to the parent process. PClientSourceParent::RecvTeardown will remove the ClientSourceParent from ClientManagerService.

After that, testcase.html line 9
window.window.onstorage = document.onselectionchange
will create LSObject and send a LSRequest to the parent process. Then we got the assertion when checking the passed in LSRequestParams.

Flags: needinfo?(echuang)

(In reply to Eden Chuang[:edenchuang] from comment #5)

Assertion failed only when opening with file://.../harness.html.

Interesting. Does this mean it's possibly related to bug 1534431?

Yes, I think this bug is totally the same with bug 1534431.

Status: NEW → RESOLVED
Closed: 10 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1534431

Yeah, but even when we fix the hang (working on it), we still need to fix the case when ClientIsValidCreationURL fails.
Otherwise LS won't work when ClientIsValidCreationURL fails.
I found out, that ClientIsValidCreationURL sometimes fails when a file:// page is session restored.

You need to log in before you can comment on or make changes to this bug.