Use After Free in IndexedDB
Categories
(Core :: Storage: IndexedDB, defect, P1)
Tracking
()
People
(Reporter: zhanjiasong45, Assigned: sg)
Details
(Keywords: csectype-uaf, reporter-external, sec-high, Whiteboard: [reporter-external] [client-bounty-form] [verif?][adv-main70+][adv-esr68.2+])
Attachments
(7 files)
|
1.09 KB,
text/html
|
Details | |
|
27.54 KB,
text/plain
|
Details | |
|
47 bytes,
text/x-phabricator-request
|
abillings
:
sec-approval+
|
Details | Review |
|
47 bytes,
text/x-phabricator-request
|
lizzard
:
approval-mozilla-esr68+
|
Details | Review |
|
47 bytes,
text/x-phabricator-request
|
lizzard
:
approval-mozilla-beta+
|
Details | Review |
|
24.16 KB,
text/plain
|
Details | |
|
263 bytes,
text/plain
|
Details |
void IDBObjectStore::AppendIndexUpdateInfo(
int64_t aIndexID, const KeyPath& aKeyPath, bool aUnique, bool aMultiEntry,
const nsCString& aLocale, JSContext* aCx, JS::Handle<JS::Value> aVal,
nsTArray<IndexUpdateInfo>& aUpdateInfoArray, ErrorResult& aRv) {
const bool localeAware = !aLocale.IsEmpty();
if (!aMultiEntry) {
...
return;
}
JS::Rooted<JS::Value> val(aCx);
if (NS_FAILED(aKeyPath.ExtractKeyAsJSVal(aCx, aVal, val.address()))) {
return;
}
bool isArray;
if (!JS_IsArrayObject(aCx, val, &isArray)) {
IDB_REPORT_INTERNAL_ERR();
aRv.Throw(NS_ERROR_DOM_INDEXEDDB_UNKNOWN_ERR);
return;
}
if (isArray) {
JS::Rooted<JSObject*> array(aCx, &val.toObject());
uint32_t arrayLength;
if (NS_WARN_IF(!JS_GetArrayLength(aCx, array, &arrayLength))) {
IDB_REPORT_INTERNAL_ERR();
aRv.Throw(NS_ERROR_DOM_INDEXEDDB_UNKNOWN_ERR);
return;
}
for (uint32_t arrayIndex = 0; arrayIndex < arrayLength; arrayIndex++) {
JS::Rooted<JS::Value> arrayItem(aCx);
if (NS_WARN_IF(!JS_GetElement(aCx, array, arrayIndex, &arrayItem))) { // JS_GetElement can trigger js getter, call deleteIndex here will free `aLocale`.
IDB_REPORT_INTERNAL_ERR();
aRv.Throw(NS_ERROR_DOM_INDEXEDDB_UNKNOWN_ERR);
return;
}
Key value;
auto result = value.SetFromJSVal(aCx, arrayItem, aRv);
if (!result.Is(Ok, aRv) || value.IsUnset()) {
// Not a value we can do anything with, ignore it.
aRv.SuppressException();
continue;
}
IndexUpdateInfo* updateInfo = aUpdateInfoArray.AppendElement();
updateInfo->indexId() = aIndexID;
updateInfo->value() = value;
if (localeAware) {
auto result =
value.ToLocaleBasedKey(updateInfo->localizedValue(), aLocale, aRv);// UAF occurs!
if (NS_WARN_IF(!result.Is(Ok, aRv))) {
if (result.Is(Invalid, aRv)) {
aRv.Throw(NS_ERROR_DOM_INDEXEDDB_UNKNOWN_ERR);
}
return;
}
}
}
} else {
...
}
}
|
Reporter | |
Comment 1•6 years ago
|
||
|
||
Comment 2•6 years ago
|
||
Andrew, can you take a look at this? Thanks!
|
||
Updated•6 years ago
|
|
||
Comment 3•6 years ago
|
||
This is very similar to bug 1501152, with content execution triggered from another place.
|
||
Comment 4•6 years ago
|
||
Assigning to Yaron given his experience on the other bug. Given that we've landed other security bug fixes in this area, I think it makes sense to prioritize this above the other bugs discussed at yesterday's team meeting.
|
||
Updated•6 years ago
|
|
||
Comment 5•5 years ago
•
|
||
[Tracking Requested - why for this release] sec-high
|
|
||
Comment 6•5 years ago
|
||
With this commit we no longer follow the value's prototype chain when
creating index updates in IndexedDB.
|
||
Comment 7•5 years ago
|
||
So, this is very similar to "patch for spidermonkey" in bug 1501152.
I think we should convert all these IndexedDB_UAF.html tests to unit tests so they can run automatically (once all patches landed on all supported branches). I remember I already converted some of them, I'll try to find them.
|
|
||
Comment 8•5 years ago
|
||
All instances of this pattern (getting an element only if it's an own attribute) can be traced back to 2-3 places in the spec; in this case, this is an inlined implementation of a particular step of a spec algorithm. Ideally we should have one piece of code corresponding to each spec algorithm, but in the interest of fixing the problem fast first, patching it up like this is probably better.
|
|
||
Comment 9•5 years ago
|
||
Comment on attachment 9089977 [details]
Bug 1577107 - Avoid following the prototype chain
Security Approval Request
- How easily could an exploit be constructed based on the patch?: It's an easily triggered UAF, not sure how easy it is to exploit.
- Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?: No
- Which older supported branches are affected by this flaw?: All
- If not all supported branches, which bug introduced the flaw?: None
- Do you have backports for the affected branches?: No
- If not, how different, hard to create, and risky will they be?: Backporting should be straightforward.
- How likely is this patch to cause regressions; how much testing does it need?: Unlikely to cause regressions; a similar fix was already applied elsewhere.
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
||
Comment 10•5 years ago
|
||
sec-approval+ for checkin on September 24, 3 weeks into the new cycle. This is to limit the exposure somewhat.
|
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
Assignee | |
Updated•5 years ago
|
|
||
Comment 11•5 years ago
|
||
|
|
||
Updated•5 years ago
|
|
|
||
Comment 12•5 years ago
•
|
||
Backed out for wpt crashes/assertions on clone-before-keypath-eval.html:
https://hg.mozilla.org/integration/autoland/rev/13d8012af41b777b5461397598ba7f3d6b8c0d71
Push with failure: https://treeherder.mozilla.org/#/jobs?repo=autoland&group_state=expanded&selectedJob=268596129&resultStatus=superseded%2Cretry%2Cusercancel%2Ctestfailed%2Cbusted%2Cexception&revision=e91773704fbd766da1e8657b2a579713c0c54a75
Failure log: https://treeherder.mozilla.org/logviewer.html#?job_id=268596129&repo=autoland
[task 2019-09-26T16:28:20.125Z] 16:28:20 INFO - TEST-START | /IndexedDB/clone-before-keypath-eval.html
[task 2019-09-26T16:28:20.126Z] 16:28:20 INFO - Closing window 26
[task 2019-09-26T16:28:21.178Z] 16:28:21 INFO - Browser not responding, setting status to CRASH
[task 2019-09-26T16:28:22.460Z] 16:28:22 INFO - mozcrash Downloading symbols from: https://queue.taskcluster.net/v1/task/RsRqLQswS1uDjn06swtXiA/artifacts/public/build/target.crashreporter-symbols.zip
[task 2019-09-26T16:28:25.927Z] 16:28:25 INFO - mozcrash Copy/paste: /builds/worker/workspace/build/linux64-minidump_stackwalk /tmp/tmpYJTIAQ/09c443ad-2fbf-2bcf-07db-1f60e6b59b36.dmp /tmp/tmpQuJkN2
[task 2019-09-26T16:28:30.387Z] 16:28:30 INFO - mozcrash Saved minidump as /builds/worker/workspace/build/blobber_upload_dir/09c443ad-2fbf-2bcf-07db-1f60e6b59b36.dmp
[task 2019-09-26T16:28:30.391Z] 16:28:30 INFO - mozcrash Saved app info as /builds/worker/workspace/build/blobber_upload_dir/09c443ad-2fbf-2bcf-07db-1f60e6b59b36.extra
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - PROCESS-CRASH | /IndexedDB/clone-before-keypath-eval.html | application crashed [@ js::RunScript(JSContext*, js::RunState&)]
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - Crash dump filename: /tmp/tmpYJTIAQ/09c443ad-2fbf-2bcf-07db-1f60e6b59b36.dmp
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - Operating system: Android
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - 0.0.0 Linux 3.10.0+ #260 SMP PREEMPT Fri May 19 12:48:14 PDT 2017 x86_64
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - CPU: amd64
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - family 6 model 6 stepping 3
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - 4 CPUs
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO -
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - GPU: UNKNOWN
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO -
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - Crash reason: SIGSEGV /SEGV_MAPERR
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - Crash address: 0x0
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - Process uptime: not available
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO -
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - Thread 11 (crashed)
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - 0 libxul.so!js::RunScript(JSContext*, js::RunState&) [Interpreter.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 396 + 0x11]
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - rax = 0x0000743134af5c52 rdx = 0x0000000000000000
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - rcx = 0x00007431373934c8 rbx = 0x00007431298df800
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - rsi = 0x0000743137cb4338 rdi = 0x000074312c72a000
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - rbp = 0x0000743137cb4370 rsp = 0x0000743137cb4320
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - r8 = 0x0000000000000000 r9 = 0x0000000000000000
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - r10 = 0x00007431298df800 r11 = 0x000074312abcbcd4
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - r12 = 0x0000743137cb4450 r13 = 0x000074312c72a000
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - r14 = 0x0000743137cb43e0 r15 = 0xfffe000000000000
[task 2019-09-26T16:28:30.490Z] 16:28:30 INFO - rip = 0x000074313322eca5
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - Found by: given as instruction pointer in context
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - 1 libxul.so!js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) [Interpreter.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 592 + 0xb]
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - rbx = 0x00007431298df800 rbp = 0x0000743137cb4440
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - rsp = 0x0000743137cb4380 r12 = 0x0000743137cb4450
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - r13 = 0x0000000000000000 r14 = 0x000074312c72a000
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - r15 = 0xfffe000000000000 rip = 0x000074313324861c
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - 2 libxul.so!js::CallGetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::MutableHandle<JS::Value>) [Interpreter.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 761 + 0x9a]
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - rbx = 0x0000000000000000 rbp = 0x0000743137cb44b0
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - rsp = 0x0000743137cb4450 r12 = 0x00000a0d66b65ee8
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - r13 = 0x0000095d2bd0b401 r14 = 0x0000743137cb4630
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - r15 = 0x000074312c72a000 rip = 0x000074313324961f
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - 3 libxul.so!js::NativeGetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::Value>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::Value>) [NativeObject.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 2618 + 0xee0]
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - rbx = 0x00000a0d66b65e78 rbp = 0x0000743137cb45a0
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - rsp = 0x0000743137cb44c0 r12 = 0x00000a0d66b65ee8
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - r13 = 0x0000095d2bd0b401 r14 = 0x000074312c72a000
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - r15 = 0x0000743137cb4630 rip = 0x000074313342b015
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - 4 libxul.so!WriteStructuredClone(JSContext*, JS::Handle<JS::Value>, JSStructuredCloneData*, JS::StructuredCloneScope, JS::CloneDataPolicy, JSStructuredCloneCallbacks const*, void*, JS::Value const&) [StructuredClone.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 631 + 0x4eb]
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - rbx = 0x0000743137cb46c0 rbp = 0x0000743137cb49c0
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - rsp = 0x0000743137cb45b0 r12 = 0x00000ba8de1f8740
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - r13 = 0x0000743137cb46d8 r14 = 0x0000743134af83b3
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - r15 = 0xfffe000000000000 rip = 0x00007431334ac0bd
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.491Z] 16:28:30 INFO - 5 libxul.so!JS_StructuredClone(JSContext*, JS::Handle<JS::Value>, JS::MutableHandle<JS::Value>, JSStructuredCloneCallbacks const*, void*) [StructuredClone.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 3075 + 0x76]
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - rbx = 0x0000000000000000 rbp = 0x0000743137cb4af0
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - rsp = 0x0000743137cb49d0 r12 = 0x000074313669e798
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - r13 = 0x000074312c72a000 r14 = 0x0000743137cb4b20
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - r15 = 0x0000743134b2b800 rip = 0x00007431334b52db
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - 6 libxul.so!mozilla::dom::IDBObjectStore::ValueWrapper::Clone(JSContext*) [IDBObjectStore.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 2508 + 0x15]
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - rbx = 0x000074312c72a001 rbp = 0x0000743137cb4b40
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - rsp = 0x0000743137cb4b00 r12 = 0x0000743137cb5040
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - r13 = 0x0000000000000000 r14 = 0x0000743137cb5040
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - r15 = 0x0000743137cb5018 rip = 0x000074313241ef14
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - 7 libxul.so!mozilla::dom::IDBObjectStore::AddOrPut(JSContext*, mozilla::dom::IDBObjectStore::ValueWrapper&, JS::Handle<JS::Value>, bool, bool, mozilla::ErrorResult&) [IDBObjectStore.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 1509 + 0x1c3]
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - rbx = 0x000074312c72a000 rbp = 0x0000743137cb4fe0
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - rsp = 0x0000743137cb4b50 r12 = 0x0000743137cb5040
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - r13 = 0x0000000000000000 r14 = 0x000074312a2f9580
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - r15 = 0x0000743137cb5018 rip = 0x000074313241f2c9
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - 8 libxul.so!mozilla::dom::IDBObjectStore_Binding::put(JSContext*, JS::Handle<JSObject*>, mozilla::dom::IDBObjectStore*, JSJitMethodCallArgs const&) [IDBObjectStoreBinding.cpp: : 478 + 0x31]
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - rbx = 0x000074312c72a000 rbp = 0x0000743137cb5090
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - rsp = 0x0000743137cb4ff0 r12 = 0x0000000000000000
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - r13 = 0x0000743137cb5040 r14 = 0x0000743137cb50f0
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - r15 = 0x000074312a2f9580 rip = 0x0000743131eb0443
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - 9 libxul.so!bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) [BindingUtils.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 3250 + 0x11]
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - rbx = 0x0000743131eb033f rbp = 0x0000743137cb5130
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - rsp = 0x0000743137cb50a0 r12 = 0x0000000000000000
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - r13 = 0x0000000000000136 r14 = 0x00007431365ffd58
[task 2019-09-26T16:28:30.492Z] 16:28:30 INFO - r15 = 0x000074312c72a000 rip = 0x0000743131ec8057
[task 2019-09-26T16:28:30.493Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.493Z] 16:28:30 INFO - 10 libxul.so!js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) [Interpreter.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 551 + 0x186]
[task 2019-09-26T16:28:30.493Z] 16:28:30 INFO - rbx = 0x00007431298df800 rbp = 0x0000743137cb5200
[task 2019-09-26T16:28:30.493Z] 16:28:30 INFO - rsp = 0x0000743137cb5140 r12 = 0x0000743137cb5340
[task 2019-09-26T16:28:30.493Z] 16:28:30 INFO - r13 = 0x00000a0d66b6e780 r14 = 0x000074312c72a000
[task 2019-09-26T16:28:30.493Z] 16:28:30 INFO - r15 = 0x0000743137cb5188 rip = 0x000074313324821b
[task 2019-09-26T16:28:30.493Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.493Z] 16:28:30 INFO - 11 libxul.so!Interpret(JSContext*, js::RunState&) [Interpreter.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 624 + 0x7]
[task 2019-09-26T16:28:30.493Z] 16:28:30 INFO - rbx = 0x0000000000000000 rbp = 0x0000743137cb56e0
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - rsp = 0x0000743137cb5210 r12 = 0x0000000066b54b80
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - r13 = 0x000074312bdd5168 r14 = 0x00007431367910b0
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - r15 = 0xfffdffffffffffff rip = 0x000074313323df20
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - 12 libxul.so!js::RunScript(JSContext*, js::RunState&) [Interpreter.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 424 + 0xb]
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - rbx = 0x0000000000000140 rbp = 0x0000743137cb5740
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - rsp = 0x0000743137cb56f0 r12 = 0x00000a0d66b54b80
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - r13 = 0x000074312c72a000 r14 = 0x0000743137cb57b0
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - r15 = 0x0000743137cb57c8 rip = 0x000074313322ea79
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - 13 libxul.so!js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) [Interpreter.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 592 + 0xb]
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - rbx = 0x00007431298df800 rbp = 0x0000743137cb5810
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - rsp = 0x0000743137cb5750 r12 = 0x0000743137cb58b8
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - r13 = 0x0000000000000000 r14 = 0x000074312c72a000
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - r15 = 0xfffe000000000000 rip = 0x000074313324861c
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - 14 libxul.so!js::jit::InvokeFunction(JSContext*, JS::Handle<JSObject*>, bool, bool, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) [VMFunctions.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 260 + 0x37]
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - rbx = 0x0000000000000000 rbp = 0x0000743137cb5970
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - rsp = 0x0000743137cb5820 r12 = 0x0000743137cb5900
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - r13 = 0xfffe000000000000 r14 = 0x000074312c72a000
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - r15 = 0x0000000000000001 rip = 0x00007431337fccd1
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - 15 libxul.so!js::jit::InvokeFromInterpreterStub(JSContext*, js::jit::InterpreterStubExitFrameLayout*) [VMFunctions.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 289 + 0x10]
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - rbx = 0x0000000000000000 rbp = 0x0000743137cb59d0
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - rsp = 0x0000743137cb5980 r12 = 0x0000000000000000
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - r13 = 0x0000743137cb6618 r14 = 0x0000743137cb5a20
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - r15 = 0x0000743137cb5bc8 rip = 0x00007431337fd081
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - 16 0x3901bae78e04
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - rbx = 0x00003901bae78dd0 rbp = 0x0000743137cb5a30
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - rsp = 0x0000743137cb59e0 r12 = 0x0000000000000000
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - r13 = 0x0000743137cb6618 r14 = 0x0000743129c4153a
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - r15 = 0x0000743137cb5bc8 rip = 0x00003901bae78e04
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - 17 0x7431297232f0
[task 2019-09-26T16:28:30.494Z] 16:28:30 INFO - rbp = 0x0000743137cb5ad8 rsp = 0x0000743137cb5a40
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - rip = 0x00007431297232f0
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - Found by: previous frame's frame pointer
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - 18 0x3901bae7848f
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - rbp = 0x0000743137cb5b50 rsp = 0x0000743137cb5ae8
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - rip = 0x00003901bae7848f
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - Found by: previous frame's frame pointer
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - 19 libxul.so!js::jit::MaybeEnterJit(JSContext*, js::RunState&) [Jit.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 200 + 0x16f]
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - rbp = 0x0000743137cb6020 rsp = 0x0000743137cb5b60
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - rip = 0x00007431339bdb88
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - Found by: previous frame's frame pointer
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - 20 libxul.so!js::RunScript(JSContext*, js::RunState&) [Interpreter.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 409 + 0xb]
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - rbx = 0x0000000000000100 rbp = 0x0000743137cb6080
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - rsp = 0x0000743137cb6030 r12 = 0x00000a0d66b49400
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - r13 = 0x000074312c72a000 r14 = 0x0000743137cb60f0
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - r15 = 0x0000743137cb6108 rip = 0x000074313322ea33
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - 21 libxul.so!js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) [Interpreter.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 592 + 0xb]
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - rbx = 0x00007431298df800 rbp = 0x0000743137cb6150
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - rsp = 0x0000743137cb6090 r12 = 0x0000743137cb65c8
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - r13 = 0x0000000000000000 r14 = 0x000074312c72a000
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - r15 = 0x0000000000000000 rip = 0x000074313324861c
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - 22 libxul.so!js::fun_apply(JSContext*, unsigned int, JS::Value*) [JSFunction.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 1184 + 0x33]
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - rbx = 0x0000000000000000 rbp = 0x0000743137cb6680
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - rsp = 0x0000743137cb6160 r12 = 0x0000743137cb6af0
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - r13 = 0xfffdffffffffffff r14 = 0x000074312c72a000
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - r15 = 0x0000743137cb6610 rip = 0x0000743133399bda
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - 23 libxul.so!js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) [Interpreter.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 551 + 0x186]
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - rbx = 0x00007431298df800 rbp = 0x0000743137cb6750
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - rsp = 0x0000743137cb6690 r12 = 0x0000743137cb6820
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - r13 = 0x00000ba8de1d2140 r14 = 0x000074312c72a000
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - r15 = 0x0000743137cb66d8 rip = 0x000074313324821b
[task 2019-09-26T16:28:30.495Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - 24 libxul.so!js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) [BaselineIC.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 3229 + 0xa]
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - rbx = 0x0000000000000000 rbp = 0x0000743137cb6a90
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - rsp = 0x0000743137cb6760 r12 = 0x000000000000004f
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - r13 = 0x0000743129cc7e6d r14 = 0x000074312c72a000
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - r15 = 0x00007431298d53d0 rip = 0x00007431337d3dfc
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - 25 0x3901bae7a798
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - rbx = 0x00003901bae85868 rbp = 0x0000743137cb6b10
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - rsp = 0x0000743137cb6aa0 r12 = 0x0000000000000000
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - r13 = 0x0000743137cb7278 r14 = 0x0000743129cc7e6d
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - r15 = 0x0000743137cb6c78 rip = 0x00003901bae7a798
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - 26 0x7431298d53d0
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - rbp = 0x0000743137cb6b98 rsp = 0x0000743137cb6b20
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - rip = 0x00007431298d53d0
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - Found by: previous frame's frame pointer
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - 27 0x3901bae7848f
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - rbp = 0x0000743137cb6c00 rsp = 0x0000743137cb6ba8
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - rip = 0x00003901bae7848f
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - Found by: previous frame's frame pointer
[task 2019-09-26T16:28:30.496Z] 16:28:30 INFO - 28 libxul.so!js::jit::MaybeEnterJit(JSContext*, js::RunState&) [Jit.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 200 + 0x16f]
[task 2019-09-26T16:28:30.497Z] 16:28:30 INFO - rbp = 0x0000743137cb70d0 rsp = 0x0000743137cb6c10
[task 2019-09-26T16:28:30.497Z] 16:28:30 INFO - rip = 0x00007431339bdb88
[task 2019-09-26T16:28:30.497Z] 16:28:30 INFO - Found by: previous frame's frame pointer
[task 2019-09-26T16:28:30.497Z] 16:28:30 INFO - 29 libxul.so!js::RunScript(JSContext*, js::RunState&) [Interpreter.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 409 + 0xb]
[task 2019-09-26T16:28:30.497Z] 16:28:30 INFO - rbx = 0x00000000000000c0 rbp = 0x0000743137cb7130
[task 2019-09-26T16:28:30.497Z] 16:28:30 INFO - rsp = 0x0000743137cb70e0 r12 = 0x00000a0d66b54820
[task 2019-09-26T16:28:30.497Z] 16:28:30 INFO - r13 = 0x000074312c72a000 r14 = 0x0000743137cb71a0
[task 2019-09-26T16:28:30.497Z] 16:28:30 INFO - r15 = 0x0000743137cb71b8 rip = 0x000074313322ea33
[task 2019-09-26T16:28:30.497Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.497Z] 16:28:30 INFO - 30 libxul.so!js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) [Interpreter.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 592 + 0xb]
[task 2019-09-26T16:28:30.497Z] 16:28:30 INFO - rbx = 0x00007431298df800 rbp = 0x0000743137cb7200
[task 2019-09-26T16:28:30.497Z] 16:28:30 INFO - rsp = 0x0000743137cb7140 r12 = 0x0000743137cb7228
[task 2019-09-26T16:28:30.497Z] 16:28:30 INFO - r13 = 0x0000000000000000 r14 = 0x000074312c72a000
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - r15 = 0xfffe000000000000 rip = 0x000074313324861c
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - 31 libxul.so!JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) [jsapi.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 2728 + 0x37]
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - rbx = 0x0000000000000000 rbp = 0x0000743137cb72e0
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - rsp = 0x0000743137cb7210 r12 = 0x0000743137cb74f0
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - r13 = 0x000074312c72a000 r14 = 0x0000000000000001
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - r15 = 0x0000743137cb7350 rip = 0x00007431335b0484
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - 32 libxul.so!mozilla::dom::EventHandlerNonNull::Call(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) [EventHandlerBinding.cpp: : 267 + 0x15]
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - rbx = 0x0000743137cb7350 rbp = 0x0000743137cb7400
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - rsp = 0x0000743137cb72f0 r12 = 0x0000743137cb7338
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - r13 = 0x000074312c72a000 r14 = 0x000074312a4c2d80
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - r15 = 0x000074312c72a068 rip = 0x0000743131d99c08
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - 33 libxul.so!mozilla::JSEventHandler::HandleEvent(mozilla::dom::Event*) [JSEventHandler.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 205 + 0x1c]
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - rbx = 0x0000743137cb74f0 rbp = 0x0000743137cb7740
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - rsp = 0x0000743137cb7410 r12 = 0x000074312a4c2d80
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - r13 = 0x0000000080004000 r14 = 0xfff9800000000000
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - r15 = 0x000074312a44dfb0 rip = 0x000074313203ddd4
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - 34 libxul.so!mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*) [EventListenerManager.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 1039 + 0xc]
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - rbx = 0x000074312a4ca641 rbp = 0x0000743137cb7970
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - rsp = 0x0000743137cb7750 r12 = 0x000074312aca0a60
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - r13 = 0x000074312a44dfb0 r14 = 0x000074312a4ca641
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - r15 = 0x000074312a4ca640 rip = 0x000074313202ed0d
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - 35 libxul.so!mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) [EventListenerManager.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 1231 + 0x12]
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - rbx = 0x000074312a4e34c0 rbp = 0x0000743137cb7b50
[task 2019-09-26T16:28:30.498Z] 16:28:30 INFO - rsp = 0x0000743137cb7980 r12 = 0x0000000000000000
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - r13 = 0x000074312a310990 r14 = 0x000074312a4c6238
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - r15 = 0x0000743136db2ca0 rip = 0x000074313202f4ea
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - 36 libxul.so!mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) [EventDispatcher.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 349 + 0xc]
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - rbx = 0x000074312b89c008 rbp = 0x0000743137cb7b80
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - rsp = 0x0000743137cb7b60 r12 = 0x0000000000000001
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - r13 = 0x0000743137cb7d50 r14 = 0x0000743137cb7d38
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - r15 = 0x000074312b89c050 rip = 0x000074313202a9a0
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - 37 libxul.so!mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) [EventDispatcher.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 551 + 0x12]
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - rbx = 0x0000000000000000 rbp = 0x0000743137cb7c80
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - rsp = 0x0000743137cb7b90 r12 = 0x0000000000000001
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - r13 = 0x0000743137cb7d50 r14 = 0x0000743137cb7d20
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - r15 = 0x000074312b89c008 rip = 0x000074313202a491
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - 38 libxul.so!mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) [EventDispatcher.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 1045 + 0x5]
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - rbx = 0x000074312aca0a60 rbp = 0x0000743137cb7fa0
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - rsp = 0x0000743137cb7c90 r12 = 0x000074312a44dfb0
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - r13 = 0x0000743137cb7ff4 r14 = 0x0000000000000000
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - r15 = 0x0000743137cb7d50 rip = 0x000074313202b707
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - 39 libxul.so!mozilla::EventDispatcher::DispatchDOMEvent(nsISupports*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsPresContext*, nsEventStatus*) [EventDispatcher.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 0 + 0xb]
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - rbx = 0x000074312a4e34c0 rbp = 0x0000743137cb7fe0
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - rsp = 0x0000743137cb7fb0 r12 = 0x000074312aca0a60
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - r13 = 0x000074312a44dfb0 r14 = 0x0000743137cb7ff4
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - r15 = 0x0000000000000000 rip = 0x000074313202c8a5
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - 40 libxul.so!mozilla::DOMEventTargetHelper::DispatchEvent(mozilla::dom::Event&, mozilla::dom::CallerType, mozilla::ErrorResult&) [DOMEventTargetHelper.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 166 + 0xc]
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - rbx = 0x000074312a44dfb0 rbp = 0x0000743137cb8020
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - rsp = 0x0000743137cb7ff0 r12 = 0x0000743137cb8098
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - r13 = 0x000074312a44dfb0 r14 = 0x0000743137cb8030
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - r15 = 0x0000000000000001 rip = 0x000074313201efa3
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - 41 libxul.so!mozilla::dom::EventTarget::DispatchEvent(mozilla::dom::Event&, mozilla::ErrorResult&) [EventTarget.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 184 + 0x16]
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - rbx = 0x0000743137cb8030 rbp = 0x0000743137cb8050
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - rsp = 0x0000743137cb8030 r12 = 0x0000743137cb8098
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - r13 = 0x000074312a44dfb0 r14 = 0x000074312a44dfb0
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - r15 = 0x000074312aca0a60 rip = 0x0000743132032292
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - 42 libxul.so!mozilla::dom::indexedDB::(anonymous namespace)::DispatchSuccessEvent(mozilla::dom::indexedDB::(anonymous namespace)::ResultHelper*, mozilla::dom::Event*) [ActorsChild.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 767 + 0xb]
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - rbx = 0x0000000000000000 rbp = 0x0000743137cb8160
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - rsp = 0x0000743137cb8060 r12 = 0x0000743137cb8098
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - r13 = 0x000074312a44dfb0 r14 = 0x000074312a44dfb0
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - r15 = 0x000074312aca0a60 rip = 0x0000743132417989
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - 43 libxul.so!mozilla::dom::indexedDB::BackgroundFactoryRequestChild::Recv__delete__(mozilla::dom::indexedDB::FactoryRequestResponse const&) [ActorsChild.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 1646 + 0x1c]
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - rbx = 0x0000743137cb8188 rbp = 0x0000743137cb81f0
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - rsp = 0x0000743137cb8170 r12 = 0x000074312a49d8f0
[task 2019-09-26T16:28:30.499Z] 16:28:30 INFO - r13 = 0x000074312b825100 r14 = 0x000074312a4ec3e0
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - r15 = 0x000074312a49d8e0 rip = 0x0000743132417c9a
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - 44 libxul.so!non-virtual thunk to mozilla::dom::indexedDB::BackgroundFactoryRequestChild::Recv__delete__(mozilla::dom::indexedDB::FactoryRequestResponse const&) [ActorsChild.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 0 + 0xd]
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - rbx = 0x000074312a33ac08 rbp = 0x0000743137cb8200
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - rsp = 0x0000743137cb8200 r12 = 0x000074312a49d8f0
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - r13 = 0x000074312b825100 r14 = 0x000074312a49d8f0
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - r15 = 0x000074312a33ac10 rip = 0x0000743132417d19
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - 45 libxul.so!mozilla::dom::indexedDB::PBackgroundIDBFactoryRequestChild::OnMessageReceived(IPC::Message const&) [PBackgroundIDBFactoryRequestChild.cpp: : 128 + 0xd]
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - rbx = 0x000074312a33ac08 rbp = 0x0000743137cb82f0
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - rsp = 0x0000743137cb8210 r12 = 0x000074312a49d8f0
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - r13 = 0x000074312b825100 r14 = 0x000074312a49d8f0
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - r15 = 0x000074312a33ac10 rip = 0x00007431312ec412
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - 46 libxul.so!mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) [PBackgroundChild.cpp: : 5876 + 0x10]
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - rbx = 0x000074312a33ac08 rbp = 0x0000743137cb8cf0
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - rsp = 0x0000743137cb8300 r12 = 0x0000000000000000
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - r13 = 0x000074312b825100 r14 = 0x0000743137cb8318
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - r15 = 0x000074312b825040 rip = 0x0000743131266485
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - 47 libxul.so!mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) [MessageChannel.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 2185 + 0x9]
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - rbx = 0x0000000000000001 rbp = 0x0000743137cb8df0
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - rsp = 0x0000743137cb8d00 r12 = 0x0000000000000000
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - r13 = 0x000074312b825100 r14 = 0x000074312a33ac08
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - r15 = 0x000074312b8277a0 rip = 0x00007431311618d3
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.500Z] 16:28:30 INFO - 48 libxul.so!mozilla::ipc::MessageChannel::MessageTask::Run() [MessageChannel.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 1985 + 0xee]
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - rbx = 0x000074312a33abb0 rbp = 0x0000743137cb8e30
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - rsp = 0x0000743137cb8e00 r12 = 0x000074312a33ac08
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - r13 = 0x00000000ffffffff r14 = 0x000074312b82a200
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - r15 = 0x000074312b825100 rip = 0x000074313116216a
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - 49 libxul.so!mozilla::SchedulerGroup::Runnable::Run() [SchedulerGroup.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 295 + 0xa]
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - rbx = 0x000074312a42fd00 rbp = 0x0000743137cb8eb0
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - rsp = 0x0000743137cb8e40 r12 = 0x0000000000000001
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - r13 = 0x00000000ffffffff r14 = 0x000074312a42fd00
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - r15 = 0x0000743136d3a120 rip = 0x0000743130dcc4c8
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - 50 libxul.so!nsThread::ProcessNextEvent(bool, bool*) [nsThread.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 1225 + 0x9]
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - rbx = 0x0000743137cb8f10 rbp = 0x0000743137cb9400
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - rsp = 0x0000743137cb8ec0 r12 = 0x0000000000000001
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - r13 = 0x00000000ffffffff r14 = 0x000074312a42fd00
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - r15 = 0x0000743136d3a120 rip = 0x0000743130dd80ff
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.501Z] 16:28:30 INFO - 51 libxul.so!NS_ProcessNextEvent(nsIThread*, bool) [nsThreadUtils.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 486 + 0x10]
[task 2019-09-26T16:28:30.502Z] 16:28:30 INFO - rbx = 0x0000743137cb941f rbp = 0x0000743137cb9430
[task 2019-09-26T16:28:30.502Z] 16:28:30 INFO - rsp = 0x0000743137cb9410 r12 = 0x0000743136d084e0
[task 2019-09-26T16:28:30.502Z] 16:28:30 INFO - r13 = 0x0000000000000000 r14 = 0x0000743137cb9578
[task 2019-09-26T16:28:30.502Z] 16:28:30 INFO - r15 = 0x0000000000000000 rip = 0x0000743130dd9631
[task 2019-09-26T16:28:30.502Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.502Z] 16:28:30 INFO - 52 libxul.so!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) [MessagePump.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 88 + 0x7]
[task 2019-09-26T16:28:30.502Z] 16:28:30 INFO - rbx = 0x0000743136d084c0 rbp = 0x0000743137cb9470
[task 2019-09-26T16:28:30.502Z] 16:28:30 INFO - rsp = 0x0000743137cb9440 r12 = 0x0000743136d084e0
[task 2019-09-26T16:28:30.502Z] 16:28:30 INFO - r13 = 0x0000000000000000 r14 = 0x0000743137cb9578
[task 2019-09-26T16:28:30.502Z] 16:28:30 INFO - r15 = 0x0000000000000000 rip = 0x0000743131163866
[task 2019-09-26T16:28:30.502Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.502Z] 16:28:30 INFO - 53 libxul.so!MessageLoop::Run() [message_loop.cc:e91773704fbd766da1e8657b2a579713c0c54a75 : 290 + 0xc]
[task 2019-09-26T16:28:30.502Z] 16:28:30 INFO - rbx = 0x0000743137cb9488 rbp = 0x0000743137cb94b0
[task 2019-09-26T16:28:30.502Z] 16:28:30 INFO - rsp = 0x0000743137cb9480 r12 = 0x0000000000000d37
[task 2019-09-26T16:28:30.502Z] 16:28:30 INFO - r13 = 0x0000743136d18040 r14 = 0x0000743136d3a120
[task 2019-09-26T16:28:30.502Z] 16:28:30 INFO - r15 = 0x0000743136d40000 rip = 0x0000743131135bdf
[task 2019-09-26T16:28:30.502Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - 54 libxul.so!nsBaseAppShell::Run() [nsBaseAppShell.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 137 + 0xd]
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - rbx = 0x0000743136d72a80 rbp = 0x0000743137cb94d0
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - rsp = 0x0000743137cb94c0 r12 = 0x0000000000000d37
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - r13 = 0x0000743136d18040 r14 = 0x0000743136d3a120
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - r15 = 0x0000743136d40000 rip = 0x00007431326229ed
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - 55 libxul.so!XRE_RunAppShell() [nsEmbedFunctions.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 934 + 0x6]
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - rbx = 0x0000743137cb94e8 rbp = 0x0000743137cb9500
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - rsp = 0x0000743137cb94e0 r12 = 0x0000000000000d37
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - r13 = 0x0000743136d18040 r14 = 0x000000000000000e
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - r15 = 0x0000743136d40000 rip = 0x000074313314bc90
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - 56 libxul.so!MessageLoop::Run() [message_loop.cc:e91773704fbd766da1e8657b2a579713c0c54a75 : 290 + 0xc]
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - rbx = 0x0000743137cb9518 rbp = 0x0000743137cb9540
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - rsp = 0x0000743137cb9510 r12 = 0x0000000000000d37
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - r13 = 0x0000743136d18040 r14 = 0x000000000000000e
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - r15 = 0x0000743136d40000 rip = 0x0000743131135bdf
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - 57 libxul.so!XRE_InitChildProcess(int, char**, XREChildData const*) [nsEmbedFunctions.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 769 + 0x5]
[task 2019-09-26T16:28:30.503Z] 16:28:30 INFO - rbx = 0x0000743136d40000 rbp = 0x0000743137cb9760
[task 2019-09-26T16:28:30.504Z] 16:28:30 INFO - rsp = 0x0000743137cb9550 r12 = 0x0000000000000d37
[task 2019-09-26T16:28:30.504Z] 16:28:30 INFO - r13 = 0x0000743136d18040 r14 = 0x000000000000000e
[task 2019-09-26T16:28:30.504Z] 16:28:30 INFO - r15 = 0x0000743136d40000 rip = 0x000074313314bb38
[task 2019-09-26T16:28:30.504Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.504Z] 16:28:30 INFO - 58 libmozglue.so!Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun [APKOpen.cpp:e91773704fbd766da1e8657b2a579713c0c54a75 : 380 + 0x8]
[task 2019-09-26T16:28:30.504Z] 16:28:30 INFO - rbx = 0x0000000000000010 rbp = 0x0000743137cb97e0
[task 2019-09-26T16:28:30.504Z] 16:28:30 INFO - rsp = 0x0000743137cb9770 r12 = 0x000000000000002a
[task 2019-09-26T16:28:30.504Z] 16:28:30 INFO - r13 = 0x0000000000000011 r14 = 0x0000000000000011
[task 2019-09-26T16:28:30.505Z] 16:28:30 INFO - r15 = 0x0000743136d18040 rip = 0x00007431370452b4
[task 2019-09-26T16:28:30.505Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.505Z] 16:28:30 INFO - 59 base.odex + 0x8fb033
[task 2019-09-26T16:28:30.505Z] 16:28:30 INFO - rbx = 0x0000743145bb0200 rbp = 0x0000743137cb98b8
[task 2019-09-26T16:28:30.505Z] 16:28:30 INFO - rsp = 0x0000743137cb97f0 r12 = 0x0000743137cb9a40
[task 2019-09-26T16:28:30.505Z] 16:28:30 INFO - r13 = 0x0000743153775ad8 r14 = 0x0000743137cb9c50
[task 2019-09-26T16:28:30.505Z] 16:28:30 INFO - r15 = 0x0000743137cb9c50 rip = 0x00007431385b6033
[task 2019-09-26T16:28:30.505Z] 16:28:30 INFO - Found by: call frame info
[task 2019-09-26T16:28:30.505Z] 16:28:30 INFO - 60 0x743137cb9c50
[task 2019-09-26T16:28:30.505Z] 16:28:30 INFO - rbp = 0x0000743137cb9c50 rsp = 0x0000743137cb98c8
[task 2019-09-26T16:28:30.506Z] 16:28:30 INFO - rip = 0x0000743137cb9c50
[task 2019-09-26T16:28:30.506Z] 16:28:30 INFO - Found by: previous frame's frame pointer
[task 2019-09-26T16:28:30.506Z] 16:28:30 INFO - 61 dalvik-LinearAlloc (deleted) + 0x6ad8
[task 2019-09-26T16:28:30.506Z] 16:28:30 INFO - rbp = 0x0000743137cb9c50 rsp = 0x0000743137cb98d0
[task 2019-09-26T16:28:30.506Z] 16:28:30 INFO - rip = 0x0000743153775ad8
[task 2019-09-26T16:28:30.506Z] 16:28:30 INFO - Found by: stack scanning
[...]
|
|
Assignee | |
Comment 13•5 years ago
|
||
I fixed the issue with wpt, and updated the patch. I am not sure if (and how) I need to re-request sec-approval. If it's not necessary, it can be checked in again.
|
|
Assignee | |
Updated•5 years ago
|
|
|
||
Comment 14•5 years ago
|
||
Relanded, not asked for new security review as only an assertion got removed:
https://hg.mozilla.org/integration/autoland/rev/dddb97ff7ed9140ec0934f723f4446e3ada0067d
|
|
||
Comment 15•5 years ago
|
||
|
|
||
Comment 16•5 years ago
|
||
Looks like this will need a rebased patch for Beta and ESR68 uplift. Please attach rebased patches and request approval on them when you're able. Thanks!
|
|
||
Comment 17•5 years ago
|
||
I'd like to be able to land this before Monday for the beta 13 build. Following up in email.
|
|
Assignee | |
Comment 18•5 years ago
|
||
With this commit we no longer follow the value's prototype chain when
creating index updates in IndexedDB.
|
|
Assignee | |
Comment 19•5 years ago
|
||
With this commit we no longer follow the value's prototype chain when
creating index updates in IndexedDB.
|
|
Assignee | |
Comment 20•5 years ago
|
||
@lizzard: I submitted uplifted patches to esr68 and beta. I put you in as a reviewer. I am not sure if that is correct. Is there anything else I need to do?
|
|
||
Comment 21•5 years ago
|
||
Click on the "Details" link for one of those patches, then set the dropdown "approval-mozilla-beta" to "?" and fill out the form. Do the same for approval-mozilla-esr68. More info at https://wiki.mozilla.org/Release_Management/Uplift_rules
|
|
Assignee | |
Comment 22•5 years ago
|
||
Comment on attachment 9098748 [details]
Bug 1577107 - Avoid following the prototype chain r=lizzard
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration:
- User impact if declined: Security hazard due to possible use-after-free when using IndexedDB
- Fix Landed on Version: 71
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Unlikely to cause regressions; a similar fix was already applied elsewhere & backporting from 71 was straightforward.
- String or UUID changes made by this patch:
|
|
Assignee | |
Comment 23•5 years ago
|
||
Comment on attachment 9098749 [details]
Bug 1577107 - Avoid following the prototype chain r=lizzard
Beta/Release Uplift Approval Request
- User impact if declined: Unlikely to cause regressions; a similar fix was already applied elsewhere & backporting from 71 was straightforward.
- Is this code covered by automated tests?: Unknown
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Unlikely to cause regressions; a similar fix was already applied elsewhere & backporting from 71 was straightforward.
- String changes made/needed:
|
|
||
Comment 24•5 years ago
|
||
Comment on attachment 9098748 [details]
Bug 1577107 - Avoid following the prototype chain r=lizzard
Fix for sec-high issue, OK for uplift for esr
|
|
||
Comment 25•5 years ago
|
||
Comment on attachment 9098749 [details]
Bug 1577107 - Avoid following the prototype chain r=lizzard
OK for beta 13.
|
|
Assignee | |
Comment 26•5 years ago
|
||
Checkin needed for patches into beta and esr68
|
|
||
Comment 27•5 years ago
|
||
| uplift | ||
|
|
||
Comment 28•5 years ago
|
||
| uplift | ||
It's not necessary to set checkin-needed for uplifts, code sheriffs have queries to find bugs with patches approved for those branches and where the bug status is not equivalent to fixed.
https://hg.mozilla.org/releases/mozilla-beta/rev/1fcbe302034f
|
|
||
Updated•5 years ago
|
|
|
||
Comment 29•5 years ago
|
||
| backout | ||
Backed out from ESR68 for bustage.
https://hg.mozilla.org/releases/mozilla-esr68/rev/70802ae403a2c5c47bb44633742e96029de9cee0
|
|
||
Comment 30•5 years ago
|
||
Also backed out from beta for build bustage in dom/indexedDB/IDBObjectStore.cpp:
https://hg.mozilla.org/releases/mozilla-beta/rev/932c858be1c00881b81c258df8e61c6176eea8c3
Push with failures: https://treeherder.mozilla.org/#/jobs?repo=mozilla-beta&group_state=expanded&selectedJob=270062813&resultStatus=testfailed%2Cbusted%2Cexception%2Cusercancel%2Cretry%2Csuperseded&revision=5a6c32dc7d49ef8922c414470f05525c59e7a649
Failure log: https://treeherder.mozilla.org/logviewer.html#?job_id=270062813&repo=mozilla-beta
|
|
||
Comment 31•5 years ago
|
||
AFAICT both branches need s/aRv->Throw/aRv.Throw/ in a couple of places to account for the 71-only https://hg.mozilla.org/mozilla-central/rev/83c0ae8b929be92758f591016e4f0a97a4f4307d
|
|
||
Comment 32•5 years ago
|
||
| uplift | ||
|
|
Assignee | |
Comment 33•5 years ago
|
||
I fixed the issue. While I have not been able to build esr68 locally due to some toolchain issues, I built and successfully ran the IndexedDB tests for beta. Sorry for not checking this before.
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
||
Comment 34•5 years ago
|
||
I have reproduced a tab crash by opening the test page in comment 0:
https://bugzilla.mozilla.org/attachment.cgi?id=9088647
Reproduced on Nightly v71.0a1 (2019-09-29) (64-bit) asan debug build.
Logs:
"
[12380, Main Thread] WARNING: dependent window created without a parent: file z:/build/build/src/toolkit/components/startup/nsAppStartup.cpp, line 631
++DOCSHELL 0000123BF85BB080 == 1 [pid = 12380] [id = {bd4aa018-f4ca-4269-8110-5df9a1b9bef7}]
++DOMWINDOW == 1 (00001233F84BEB00) [pid = 12380] [serial = 1] [outer = 0000000000000000]
++DOMWINDOW == 2 (0000123BF85BBA80) [pid = 12380] [serial = 2] [outer = 00001233F84BEB00]
[12380, Main Thread] WARNING: NS_ENSURE_TRUE(root) failed: file z:/build/build/src/layout/base/nsDocumentViewer.cpp, line 3168
++DOCSHELL 0000123BF884FF80 == 2 [pid = 12380] [id = {dc219f95-cccb-4d45-b656-b5ee05ac0e10}]
++DOMWINDOW == 3 (00001233F8773F80) [pid = 12380] [serial = 3] [outer = 0000000000000000]
++DOMWINDOW == 4 (0000123BF8850480) [pid = 12380] [serial = 4] [outer = 00001233F8773F80]
[12380, Main Thread] WARNING: NS_ENSURE_TRUE(root) failed: file z:/build/build/src/layout/base/nsDocumentViewer.cpp, line 3168
[12380, Main Thread] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/extensions/spellcheck/src/mozPersonalDictionary.cpp, line 208
[12380, Gecko_IOThread] WARNING: pipe error: 109: file z:/build/build/src/ipc/chromium/src/chrome/common/ipc_channel_win.cc, line 341
[12380, Gecko_IOThread] WARNING: pipe error: 109: file z:/build/build/src/ipc/chromium/src/chrome/common/ipc_channel_win.cc, line 341
--DOCSHELL 0000123BF884FF80 == 1 [pid = 12380] [id = {dc219f95-cccb-4d45-b656-b5ee05ac0e10}] [url = chrome://mozapps/content/profile/createProfileWizard.xul]
--DOCSHELL 0000123BF85BB080 == 0 [pid = 12380] [id = {bd4aa018-f4ca-4269-8110-5df9a1b9bef7}] [url = chrome://mozapps/content/profile/profileSelection.xul]
--DOMWINDOW == 3 (0000123BF8850480) [pid = 12380] [serial = 4] [outer = 0000000000000000] [url = about:blank]
--DOMWINDOW == 2 (0000123BF85BBA80) [pid = 12380] [serial = 2] [outer = 0000000000000000] [url = about:blank]
--DOMWINDOW == 1 (00001233F84BEB00) [pid = 12380] [serial = 1] [outer = 0000000000000000] [url = chrome://mozapps/content/profile/profileSelection.xul]
--DOMWINDOW == 0 (00001233F8773F80) [pid = 12380] [serial = 3] [outer = 0000000000000000] [url = chrome://mozapps/content/profile/createProfileWizard.xul]
[13428, Main Thread] WARNING: Cannot lock remote start mutex: file z:/build/build/src/toolkit/components/remote/nsRemoteService.cpp, line 74
[13428, Main Thread] WARNING: CheckLinkStatus called on main thread! No check performed. Assuming link is up, status is unknown.: file z:/build/build/src/netwerk/system/win32/nsNotifyAddrListener.cpp, line 662
[13428, Main Thread] WARNING: Workers don't support the 'mem.mem.' preference!: file z:/build/build/src/dom/workers/RuntimeService.cpp, line 544
[12380, Main Thread] WARNING: XPCOM objects created/destroyed from static ctor/dtor: file z:/build/build/src/xpcom/base/nsTraceRefcnt.cpp, line 198
nsStringStats
=> mAllocCount: 30678
=> mReallocCount: 0
=> mFreeCount: 30677 -- LEAKED 1 !!!
=> mShareCount: 40519
=> mAdoptCount: 293
=> mAdoptFreeCount: 293
=> Process ID: 12380, Thread ID: 8044
1570543868012 addons.webextension.screenshots@mozilla.org WARN Loading extension 'screenshots@mozilla.org': Reading manifest: Invalid extension permission: mozillaAddons
1570543868022 addons.webextension.screenshots@mozilla.org WARN Loading extension 'screenshots@mozilla.org': Reading manifest: Invalid extension permission: telemetry
1570543868032 addons.webextension.screenshots@mozilla.org WARN Loading extension 'screenshots@mozilla.org': Reading manifest: Invalid extension permission: resource://pdf.js/
1570543868042 addons.webextension.screenshots@mozilla.org WARN Loading extension 'screenshots@mozilla.org': Reading manifest: Invalid extension permission: about:reader*
[13428, GMPThread] WARNING: Failed to delete GMP storage directory: file z:/build/build/src/dom/media/gmp/GMPServiceParent.cpp, line 1573
++DOCSHELL 000012233E20F380 == 1 [pid = 13428] [id = {7fc05208-c83e-47f7-b92c-9d99debb13ed}]
++DOMWINDOW == 1 (0000121B3E0C8A80) [pid = 13428] [serial = 1] [outer = 0000000000000000]
++DOMWINDOW == 2 (000012233E230580) [pid = 13428] [serial = 2] [outer = 0000121B3E0C8A80]
[13428, Main Thread] WARNING: Unable to read system value: 'aValue > 0', file z:/build/build/src/xpcom/base/nsSystemInfo.cpp, line 1011
[13428, Main Thread] WARNING: 'mIndex >= Count()', file z:/build/build/src/xpcom/ds/nsStringEnumerator.cpp, line 202
++DOCSHELL 000012233E514580 == 2 [pid = 13428] [id = {8cec69a3-91da-4200-a6f2-04ca28f5a499}]
++DOMWINDOW == 3 (0000121B3E16B000) [pid = 13428] [serial = 3] [outer = 0000000000000000]
++DOMWINDOW == 4 (000012233E514F80) [pid = 13428] [serial = 4] [outer = 0000121B3E16B000]
[13428, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80520012: file z:/build/build/src/toolkit/profile/nsProfileLock.cpp, line 579
++DOCSHELL 000012233E6B4E80 == 3 [pid = 13428] [id = {bf3c61d7-dd2e-4088-90aa-caf9cc41fd71}]
++DOMWINDOW == 5 (0000121B3E2B4D80) [pid = 13428] [serial = 5] [outer = 0000000000000000]
++DOCSHELL 000012233E6C9880 == 4 [pid = 13428] [id = {b27d6a98-14d6-4de0-ac13-7364cd2ef0a7}]
++DOMWINDOW == 6 (0000121B3E2D9180) [pid = 13428] [serial = 6] [outer = 0000000000000000]
++DOCSHELL 000012233E7D2D80 == 5 [pid = 13428] [id = {960eee2a-eba5-45e4-b658-933d902d8d14}]
++DOMWINDOW == 7 (0000121B3E33F700) [pid = 13428] [serial = 7] [outer = 0000000000000000]
++DOMWINDOW == 8 (000012233E7D3780) [pid = 13428] [serial = 8] [outer = 0000121B3E33F700]
++DOMWINDOW == 9 (000012233E811F80) [pid = 13428] [serial = 9] [outer = 0000121B3E33F700]
[Parent 13428, Main Thread] WARNING: Need BrowserChild to get the nativeWindow from!: file z:/build/build/src/widget/PuppetWidget.cpp, line 1090
[Parent 13428, Main Thread] WARNING: Need BrowserChild to get the nativeWindow from!: file z:/build/build/src/widget/PuppetWidget.cpp, line 1090
[Parent 13428, Main Thread] WARNING: Need BrowserChild to get the nativeWindow from!: file z:/build/build/src/widget/PuppetWidget.cpp, line 1090
[Parent 13428, Main Thread] WARNING: Need BrowserChild to get the nativeWindow from!: file z:/build/build/src/widget/PuppetWidget.cpp, line 1090
++DOMWINDOW == 10 (000012233E927780) [pid = 13428] [serial = 10] [outer = 0000121B3E2B4D80]
++DOMWINDOW == 11 (000012233E928680) [pid = 13428] [serial = 11] [outer = 0000121B3E2D9180]
++DOCSHELL 000012233E9A0180 == 6 [pid = 13428] [id = {f89aa666-2623-49d3-99e5-92c333c2bcda}]
++DOMWINDOW == 12 (0000121B3E57A880) [pid = 13428] [serial = 12] [outer = 0000000000000000]
++DOMWINDOW == 13 (000012233E9A0B80) [pid = 13428] [serial = 13] [outer = 0000121B3E57A880]
[Parent 13428, Main Thread] WARNING: This method is lossy. Use GetCanonicalPath !: file z:/build/build/src/xpcom/io/nsLocalFileWin.cpp, line 3201
[Parent 13428, Main Thread] WARNING: This method is lossy. Use GetCanonicalPath !: file z:/build/build/src/xpcom/io/nsLocalFileWin.cpp, line 3201
[Parent 13428, Main Thread] WARNING: This method is lossy. Use GetCanonicalPath !: file z:/build/build/src/xpcom/io/nsLocalFileWin.cpp, line 3201
[Parent 13428, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005: file z:/build/build/src/netwerk/cache/nsCacheService.cpp, line 169
[Parent 13428, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005: file z:/build/build/src/dom/base/ThirdPartyUtil.cpp, line 416
++DOMWINDOW == 14 (000012233EB2DE80) [pid = 13428] [serial = 14] [outer = 0000121B3E57A880]
[Parent 13428, Gecko_IOThread] WARNING: pipe error: 109: file z:/build/build/src/ipc/chromium/src/chrome/common/ipc_channel_win.cc, line 341
[Parent 13428, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005: file z:/build/build/src/dom/base/ThirdPartyUtil.cpp, line 416
[Parent 13428, Gecko_IOThread] WARNING: pipe error: 232: file z:/build/build/src/ipc/chromium/src/chrome/common/ipc_channel_win.cc, line 502
[Parent 13428, Main Thread] WARNING: Failed to retarget HTML data delivery to the parser thread.: file z:/build/build/src/parser/html/nsHtml5StreamParser.cpp, line 1142
[Parent 13428, Gecko_IOThread] WARNING: pipe error: 109: file z:/build/build/src/ipc/chromium/src/chrome/common/ipc_channel_win.cc, line 341
[Parent 13428, Gecko_IOThread] WARNING: pipe error: 109: file z:/build/build/src/ipc/chromium/src/chrome/common/ipc_channel_win.cc, line 341
[Parent 13428, Main Thread] WARNING: Failed to get base domain!: file z:/build/build/src/ipc/glue/BackgroundUtils.cpp, line 364
[Parent 13428, Main Thread] WARNING: Suboptimal indexes for the SQL statement 0x12153e0f7740 (http://mzl.la/1FuID0j).: file z:/build/build/src/storage/mozStoragePrivateHelpers.cpp, line 108
[Parent 13428, Main Thread] WARNING: '!workerClassifier', file z:/build/build/src/netwerk/url-classifier/AsyncUrlChannelClassifier.cpp, line 785
--DOCSHELL 000012233E20F380 == 5 [pid = 13428] [id = {7fc05208-c83e-47f7-b92c-9d99debb13ed}] [url = chrome://gfxsanity/content/sanityparent.html]
--DOMWINDOW == 13 (000012233E9A0B80) [pid = 13428] [serial = 13] [outer = 0000000000000000] [url = about:blank]
--DOMWINDOW == 12 (000012233E7D3780) [pid = 13428] [serial = 8] [outer = 0000000000000000] [url = about:blank]
[Parent 13428, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005: file z:/build/build/src/netwerk/url-classifier/UrlClassifierCommon.cpp, line 298
[Parent 13428, Main Thread] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/netwerk/url-classifier/AsyncUrlChannelClassifier.cpp, line 693
[Parent 13428, Main Thread] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/netwerk/url-classifier/AsyncUrlChannelClassifier.cpp, line 314
[Parent 13428, Main Thread] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/netwerk/url-classifier/AsyncUrlChannelClassifier.cpp, line 555
[Parent 13428, Main Thread] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/netwerk/url-classifier/AsyncUrlChannelClassifier.cpp, line 773
[Parent 13428, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005: file z:/build/build/src/netwerk/url-classifier/UrlClassifierCommon.cpp, line 298
[Parent 13428, Main Thread] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/netwerk/url-classifier/AsyncUrlChannelClassifier.cpp, line 693
[Parent 13428, Main Thread] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/netwerk/url-classifier/AsyncUrlChannelClassifier.cpp, line 314
[Parent 13428, Main Thread] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/netwerk/url-classifier/AsyncUrlChannelClassifier.cpp, line 555
[Parent 13428, Main Thread] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/netwerk/url-classifier/AsyncUrlChannelClassifier.cpp, line 773
[Parent 13428, Main Thread] ###!!! ASSERTION: Should be called only when this is the only edit action of the operation unless mutation event listener nests some operations: '!mPlaceholderBatch', file z:/build/build/src/editor/libeditor/TextEditor.cpp, line 893
[Parent 13428, Main Thread] ###!!! ASSERTION: Should be called only when this is the only edit action of the operation unless mutation event listener nests some operations: '!mPlaceholderBatch', file z:/build/build/src/editor/libeditor/TextEditor.cpp, line 893
[Parent 13428, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005: file z:/build/build/src/netwerk/url-classifier/UrlClassifierCommon.cpp, line 298
[Parent 13428, Main Thread] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/netwerk/url-classifier/AsyncUrlChannelClassifier.cpp, line 693
[Parent 13428, Main Thread] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/netwerk/url-classifier/AsyncUrlChannelClassifier.cpp, line 314
[Parent 13428, Main Thread] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/netwerk/url-classifier/AsyncUrlChannelClassifier.cpp, line 555
[Parent 13428, Main Thread] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/netwerk/url-classifier/AsyncUrlChannelClassifier.cpp, line 773
[Parent 13428, Gecko_IOThread] WARNING: pipe error: 109: file z:/build/build/src/ipc/chromium/src/chrome/common/ipc_channel_win.cc, line 341
[Parent 13428, Gecko_IOThread] WARNING: pipe error: 109: file z:/build/build/src/ipc/chromium/src/chrome/common/ipc_channel_win.cc, line 341
[Parent 13428, Gecko_IOThread] WARNING: pipe error: 109: file z:/build/build/src/ipc/chromium/src/chrome/common/ipc_channel_win.cc, line 341
[Parent 13428, Gecko_IOThread] WARNING: pipe error: 109: file z:/build/build/src/ipc/chromium/src/chrome/common/ipc_channel_win.cc, line 341
[Parent 13428, Gecko_IOThread] WARNING: pipe error: 109: file z:/build/build/src/ipc/chromium/src/chrome/common/ipc_channel_win.cc, line 341
console.warn: LoginManager: "searchLogins: formActionOrigin or httpRealm is recommended"
console.warn: LoginManager: "searchLogins: formActionOrigin or httpRealm is recommended"
console.warn: LoginManager: "searchLogins: formActionOrigin or httpRealm is recommended"
console.warn: LoginManager: "searchLogins: formActionOrigin or httpRealm is recommended"
console.warn: LoginManager: "searchLogins: formActionOrigin or httpRealm is recommended"
console.warn: LoginManager: "searchLogins: formActionOrigin or httpRealm is recommended"
console.warn: LoginManager: "searchLogins: formActionOrigin or httpRealm is recommended"
console.warn: LoginManager: "searchLogins: formActionOrigin or httpRealm is recommended"
[Parent 13428, QuotaManager IO] WARNING: '!outputStream', file z:/build/build/src/dom/quota/ActorsParent.cpp, line 2326
[Parent 13428, QuotaManager IO] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/dom/quota/ActorsParent.cpp, line 8138
[Parent 13428, QuotaManager IO] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/dom/quota/ActorsParent.cpp, line 7999
[Parent 13428, QuotaManager IO] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/dom/quota/ActorsParent.cpp, line 7909
[Parent 13428, Jump List] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80520012: file z:/build/build/src/widget/windows/WinUtils.cpp, line 1346
[Parent 13428, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005: file z:/build/build/src/netwerk/url-classifier/UrlClassifierCommon.cpp, line 298
[Parent 13428, Main Thread] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/netwerk/url-classifier/AsyncUrlChannelClassifier.cpp, line 693
[Parent 13428, Main Thread] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/netwerk/url-classifier/AsyncUrlChannelClassifier.cpp, line 314
[Parent 13428, Main Thread] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/netwerk/url-classifier/AsyncUrlChannelClassifier.cpp, line 555
[Parent 13428, Main Thread] WARNING: 'NS_FAILED(rv)', file z:/build/build/src/netwerk/url-classifier/AsyncUrlChannelClassifier.cpp, line 773
[Parent 13428, Main Thread] WARNING: IPC message discarded: actor cannot send: file z:/build/build/src/ipc/glue/ProtocolUtils.cpp, line 481
[Parent 13428, Main Thread] WARNING: IPC message discarded: actor cannot send: file z:/build/build/src/ipc/glue/ProtocolUtils.cpp, line 481
[Parent 13428, Main Thread] WARNING: IPC message discarded: actor cannot send: file z:/build/build/src/ipc/glue/ProtocolUtils.cpp, line 481
++DOCSHELL 000012233F797B80 == 6 [pid = 13428] [id = {44fe383d-e2f6-4cdc-8424-132771b704d2}]
++DOMWINDOW == 13 (0000121B3FFDB300) [pid = 13428] [serial = 15] [outer = 0000000000000000]
++DOMWINDOW == 14 (000012233E1C7F80) [pid = 13428] [serial = 16] [outer = 0000121B3FFDB300]
[Parent 13428, Gecko_IOThread] WARNING: file z:/build/build/src/ipc/chromium/src/base/process_util_win.cc, line 160
++DOMWINDOW == 15 (000012233E5ED380) [pid = 13428] [serial = 17] [outer = 0000121B3FFDB300]
--DOMWINDOW == 14 (000012233E1C7F80) [pid = 13428] [serial = 16] [outer = 0000000000000000] [url = about:blank]
++DOCSHELL 000012233F67A680 == 7 [pid = 13428] [id = {7d2c8e49-3bf2-45f8-8391-d1cdae9993e2}]
++DOMWINDOW == 15 (0000121B3EABA700) [pid = 13428] [serial = 18] [outer = 0000000000000000]
++DOMWINDOW == 16 (000012233F67BA80) [pid = 13428] [serial = 19] [outer = 0000121B3EABA700]
[Parent 13428, Main Thread] WARNING: NS_ENSURE_TRUE(root) failed: file z:/build/build/src/layout/base/nsDocumentViewer.cpp, line 3168
"
|
|
||
Comment 35•5 years ago
•
|
||
|
|
||
Updated•5 years ago
|
|
|
||
Comment 36•5 years ago
|
||
Furthermore, I have reproduced the crash on Beta v70.0b12 and verified the fix in Beta v70.0b13 build ID: 20191007220302.
|
|
||
Comment 37•5 years ago
|
||
I have reproduced the crash in ESR v68.1.0esr and Verified the fix on ESR.2.0esr build ID: 20191007162922, taken from here:
https://tools.taskcluster.net/index/gecko.v2.mozilla-esr68.pushdate.2019.10.07.20191007162922.firefox/win32-opt
I deem this bug verified.
|
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
|
||
Comment 38•5 years ago
|
||
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
||
Updated•9 months ago
|
Description
•