BrowsingContext IPC validation broke mouse events with out-of-process iframes
Categories
(Core :: DOM: Core & HTML, enhancement, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox68 | --- | fixed |
People
(Reporter: hsivonen, Assigned: nika)
References
Details
Attachments
(2 files)
After https://hg.mozilla.org/integration/autoland/pushloghtml?changeset=97c2ee22169c clicking one of the button labeled "Button" in https://hsivonen.fi/fission-host.html with fission.oopif.attribute set to true, gfx.webrender.picture-caching set to false, gfx.webrender.all set to true, and (Windows-only) fission.apz-matrices-with-gpu-process set to true, the following errors are dumped after which the Web content area goes gray (but no crash is reported):
[Parent 26904, Main Thread] WARNING: 'aProcess && mProcessId != aProcess->ChildID()', file /opt/Projects/gecko/docshell/base/CanonicalBrowsingContext.cpp, line 99
IPDL protocol error: Handler returned error code!
###!!! [Parent][DispatchAsyncMessage] Error: PContent::Msg_CommitBrowsingContextTransaction Processing error: message was deserialized, but the handler returned false (indicating failure)
[Parent 26904, Gecko_IOThread] WARNING: pipe error (205): Connection reset by peer: file /opt/Projects/gecko/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 357
[Parent 26904, Gecko_IOThread] WARNING: pipe error (189): Connection reset by peer: file /opt/Projects/gecko/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 357
[Parent 26904, Gecko_IOThread] WARNING: pipe error (158): Connection reset by peer: file /opt/Projects/gecko/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 357
[Parent 26904, Compositor] WARNING: bad Shmem: file /opt/Projects/gecko/ipc/glue/ProtocolUtils.cpp, line 476
[Parent 26904, Compositor] WARNING: bad Shmem: file /opt/Projects/gecko/ipc/glue/ProtocolUtils.cpp, line 476
[Parent 26904, Compositor] WARNING: bad Shmem: file /opt/Projects/gecko/ipc/glue/ProtocolUtils.cpp, line 476
[Parent 26904, Compositor] WARNING: bad Shmem: file /opt/Projects/gecko/ipc/glue/ProtocolUtils.cpp, line 476
[Parent 26904, Compositor] WARNING: bad Shmem: file /opt/Projects/gecko/ipc/glue/ProtocolUtils.cpp, line 476
###!!! [Child][MessageChannel] Error: (msgtype=0x35010D,name=PContent::Msg_StoreUserInteractionAsPermission) Closed channel: cannot send/recv
[Child 27106, Main Thread] WARNING: MsgDropped in ContentChild: file /opt/Projects/gecko/dom/ipc/ContentChild.cpp, line 2238
###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost
(We really need to get enough stuff up and running to be able to write unit tests for this stuff.)
|
Reporter | |
Updated•5 years ago
|
|
|
Reporter | |
Comment 1•5 years ago
|
||
In ContentParent::RecvCommitBrowsingContextTransaction, this appears to be the parent for the out-of-process iframe. Yet, aContext->Canonical() seems to be associated with the top-level Web content.
|
|
Reporter | |
Updated•5 years ago
|
|
|
Reporter | |
Comment 2•5 years ago
|
||
This can be papered over by changing the line 5900 of ContentParent.cpp from return IPC_FAIL_NO_REASON(this); to return IPC_OK();.
|
||
Updated•5 years ago
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 4•5 years ago
|
||
|
|
Assignee | |
Comment 5•5 years ago
|
||
|
||
Updated•5 years ago
|
Pushed by nlayzell@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/bc6af49dc687 Part 1: Allow BC fields to be racy, and not have ProcessID validated, r=farre https://hg.mozilla.org/integration/autoland/rev/23b3ab9c9e1f Part 2: Use field epochs to avoid racy field interactions, r=farre
|
||
Comment 7•5 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/bc6af49dc687
https://hg.mozilla.org/mozilla-central/rev/23b3ab9c9e1f
Description
•