Closed Bug 1561058 Opened 6 years ago Closed 6 years ago

Crash in [@ mozilla::ipc::WriteIPDLParam<T>]

Categories

(Core :: IPC, defect, P3)

Product:
Core
Component:
IPC
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla69
Project Flags:
Fission Milestone M4
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- unaffected
firefox68 --- unaffected
firefox69 --- fixed

People

(Reporter: neha, Assigned: nika)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1561058 - Null check ContentParent within ContentParent::RecvPostMessage,
47 bytes, text/x-phabricator-request
Details | Review

This bug is for crash report bp-4fb422eb-61e3-425f-917c-2bb7f0190624.

Top 10 frames of crashing thread:

0 XUL void mozilla::ipc::WriteIPDLParam<mozilla::dom::BrowsingContext*&> ipc/glue/IPDLParamTraits.h:53
1 XUL mozilla::dom::PContentParent::SendWindowPostMessage ipc/ipdl/PContentParent.cpp:4986
2 XUL mozilla::dom::ContentParent::RecvWindowPostMessage dom/ipc/ContentParent.cpp:5985
3 XUL mozilla::dom::PContentParent::OnMessageReceived ipc/ipdl/PContentParent.cpp:10867
4 XUL mozilla::ipc::MessageChannel::DispatchMessage ipc/glue/MessageChannel.cpp:2158
5 XUL mozilla::ipc::MessageChannel::MessageTask::Run ipc/glue/MessageChannel.cpp:1970
6 XUL nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1225
7 XUL NS_ProcessPendingEvents xpcom/threads/nsThreadUtils.cpp:434
8 XUL nsBaseAppShell::NativeEventCallback widget/nsBaseAppShell.cpp:87
9 XUL nsAppShell::ProcessGeckoEvents widget/cocoa/nsAppShell.mm:440

I got this crash while trying to reproduce Bug 1560106 but the backtrace is not the same.
With fission enabled, I browsed to https://9gag.com/ (as mentioned in that bug) and scrolled resulting in this crash.

Blocks: fission
Fission Milestone: --- → M4
Component: Document Navigation → IPC
Flags: needinfo?(nika)
Priority: -- → P3
Blocks: fission-dogfooding
No longer blocks: fission
Flags: needinfo?(nika)

That patch is basically the same thing as I have in bug 1560313, though I don't have the log, but I do add some null checks in a few other places. So maybe this is just a dupe of that other bug?

(In reply to Andrew McCreight [:mccr8] from comment #2)

That patch is basically the same thing as I have in bug 1560313, though I don't have the log, but I do add some null checks in a few other places. So maybe this is just a dupe of that other bug?

This one happens on the other side of the IPC channel, the check which I'm doing is in the parent. They're probably related, however.

(In reply to :Nika Layzell (busy - slow to reply) from comment #3)

This one happens on the other side of the IPC channel, the check which I'm doing is in the parent. They're probably related, however.

Ah, I missed that. Sorry.

Assignee: nobody → nika
Status: NEW → ASSIGNED
Pushed by nlayzell@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/72051a14f93e Null check ContentParent within ContentParent::RecvPostMessage, r=peterv

https://hg.mozilla.org/mozilla-central/rev/72051a14f93e

Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox69: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla69
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: