Crash in [@ mozilla::dom::BrowsingContext::LoadURI]
Categories
(Core :: Window Management, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr60 | --- | unaffected |
firefox-esr68 | --- | unaffected |
firefox69 | --- | unaffected |
firefox70 | --- | disabled |
firefox71 | --- | fixed |
People
(Reporter: marcia, Assigned: kmag)
References
(Regression)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
This bug is for crash report bp-2efd9a50-3bca-40d7-870a-e7a710190816.
Seen while looking at nightly crash triage - small volume Win crash which started in 20190815094649: https://bit.ly/2P0DzxB
Looks as if it started after Bug 1562292 landed. ni on :kmag
Top 10 frames of crashing thread:
0 xul.dll mozilla::dom::BrowsingContext::LoadURI docshell/base/BrowsingContext.cpp:789
1 xul.dll nsWindowWatcher::OpenWindowInternal toolkit/components/windowwatcher/nsWindowWatcher.cpp:1194
2 xul.dll nsWindowWatcher::OpenWindow2 toolkit/components/windowwatcher/nsWindowWatcher.cpp:376
3 xul.dll nsGlobalWindowOuter::OpenInternal dom/base/nsGlobalWindowOuter.cpp:7304
4 xul.dll nsGlobalWindowOuter::OpenOuter dom/base/nsGlobalWindowOuter.cpp:5759
5 xul.dll nsGlobalWindowInner::Open dom/base/nsGlobalWindowInner.cpp:3744
6 xul.dll static bool mozilla::dom::Window_Binding::open dom/bindings/WindowBinding.cpp:2868
7 xul.dll mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::MaybeGlobalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions> dom/bindings/BindingUtils.cpp:3163
8 xul.dll js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:539
9 xul.dll js::ForwardingProxyHandler::call js/src/proxy/Wrapper.cpp:162
Reporter | ||
Comment 1•5 years ago
|
||
Discussed during triage - Neil can you have someone take a look? Thanks.
Comment 2•5 years ago
|
||
it's crashing on a MOZ_DIAGNOSTIC_ASSERT, so only hitting users on nightly and devedition as well.
Assignee | ||
Comment 3•5 years ago
|
||
The (non-normative) window.open spec does not specify what should happen when
window.open is called on a window with a null/discarded browsing context, but
in general the lookup and creation rules do not make sense when the window has
no BC. It does, however, specify that we should return null when a target BC
cannot be found or created, and gives us broad discretion over when we decide
to ignore a load request and return null. Since we can't trigger a
cross-process load from a discarded BC, simply aborting in that case seems
like the logical solution.
For Location objects, the spec is more specific, and requires that we ignore
load attempts on Location objects whose documents are null, which in our
implementation corresponds to a discarded BrowsingContext.
LocationBase::SetURI already enforces this, but a second check in
BrowsingContext::LoadURI is probably a good idea as well.
Pushed by maglione.k@gmail.com: https://hg.mozilla.org/integration/autoland/rev/d0acf898fb0d Silently ignore load attempt on/from discarded BrowsingContext. r=nika
Updated•5 years ago
|
Comment 5•5 years ago
|
||
bugherder |
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Comment 6•5 years ago
|
||
Retroactively moving fixed bugs whose summaries mention "Fission" (or other Fission-related keywords) but are not assigned to a Fission Milestone to an appropriate Fission Milestone.
This will generate a lot of bugmail, so you can filter your bugmail for the following UUID and delete them en masse:
0ee3c76a-bc79-4eb2-8d12-05dc0b68e732
Updated•2 years ago
|
Description
•