Closed Bug 1560313 Opened 3 years ago Closed 3 years ago

[Fission] Crash in [@ nsGlobalWindowOuter::GetPrincipal]


(Core :: DOM: Navigation, defect, P2)

69 Branch



Fission Milestone M4
Tracking Status
firefox-esr60 --- unaffected
firefox67 --- unaffected
firefox68 --- unaffected
firefox69 --- fixed


(Reporter: emilghitta, Assigned: mccr8)



(Keywords: crash)

Crash Data


(1 file, 1 obsolete file)

This bug is for crash report bp-1607a149-413e-4e7d-bb85-fc1bc0190620.

Top 10 frames of crashing thread:

0 xul.dll nsGlobalWindowOuter::GetPrincipal dom/base/nsGlobalWindowOuter.cpp:2746
1 xul.dll nsGlobalWindowOuter::GetPrincipalForPostMessage dom/base/nsGlobalWindowOuter.cpp:5997
2 xul.dll mozilla::dom::ContentChild::RecvWindowPostMessage dom/ipc/ContentChild.cpp:3979
3 xul.dll mozilla::dom::PContentChild::OnMessageReceived ipc/ipdl/PContentChild.cpp:12357
4 xul.dll mozilla::ipc::MessageChannel::DispatchMessage ipc/glue/MessageChannel.cpp:2082
5 xul.dll mozilla::ipc::MessageChannel::MessageTask::Run ipc/glue/MessageChannel.cpp:1970
6 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1225
7 xul.dll NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:486
8 xul.dll void mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:88
9 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/

Affected Versions

  • Firefox 69.0a1 (BuildId:20190620094631).

Affected Platforms

  • Windows 10 64bit
  • Ubuntu 18.04 64bit

Unaffected platforms

  • macOS 10.10.5 (not sure for now, didn't managed to reproduce on macOS after a couple of tries. Will get back and investigate further).

Steps to Reproduce

  1. Launch Firefox with a clean profile.
  2. Access the about:config page.
  3. Create the fission.autostart pref and set it to true
  4. Access the following webpage
  5. Wait for the page to fully load and start scrolling (maybe refresh the page a couple of times).

Expected Results

  • Firefox is stable and the website is successfully loaded.

Actual Results

  • Tab crash
Summary: Crash in [@ nsGlobalWindowOuter::GetPrincipal] → [Fission] Crash in [@ nsGlobalWindowOuter::GetPrincipal]
Fission Milestone: --- → M4
Flags: needinfo?(continuation)

My guess is that we're trying to postmessage to a BrowsingContext where the window is null, but I'd have to check. Presumably the fix to that would be to bail out in that case.

Assignee: nobody → continuation
Flags: needinfo?(continuation)
Priority: -- → P2

I couldn't reproduce the crash, but there are a few places in
ContentChild where we grab a window off of a BC without checking if
the window exists, so I added null checks.

Blocks: fission-dogfooding
No longer blocks: fission
Attachment #9074033 - Attachment is obsolete: true
Pushed by
Add some null checks for GetDOMWindow() in ContentChild. r=farre
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla69
You need to log in before you can comment on or make changes to this bug.