Closed Bug 1587604 Opened 2 years ago Closed 2 years ago

crash at null in [@ mozilla::net::nsHttpChannel::ReportContentTypeTelemetryForCrossOriginStylesheets]

Categories

(Core :: Networking: HTTP, defect, P2)

Product:
Core
Component:
Networking: HTTP
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla71
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- unaffected
firefox67 --- unaffected
firefox68 --- unaffected
firefox69 --- unaffected
firefox70 --- unaffected
firefox71 --- verified

People

(Reporter: tsmith, Assigned: valentin)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: crash, regression, testcase, Whiteboard: [necko-triaged])

Attachments

(2 files)

testcase.html
184 bytes, text/html
Details
Bug 1587604 - Check if loadingPrincipal is null before doing cross-origin check r=mayhemer
47 bytes, text/x-phabricator-request
Details | Review
Attached file testcase.html

Reduced with m-c:
BuildID=20191009164235
SourceStamp=a43ad34ac8e3033d22c2ea30eebfa8c271130e48

==24947==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f23b2a62a1c bp 0x7ffed8365ab0 sp 0x7ffed83658a0 T0)
==24947==The signal is caused by a READ memory access.
==24947==Hint: address points to the zero page.
    #0 0x7f23b2a62a1b in GetURI /src/obj-firefox/dist/include/nsIPrincipal.h:82:39
    #1 0x7f23b2a62a1b in mozilla::net::nsHttpChannel::ReportContentTypeTelemetryForCrossOriginStylesheets() /src/netwerk/protocol/http/nsHttpChannel.cpp:8110
    #2 0x7f23b2a6088e in mozilla::net::nsHttpChannel::CallOnStartRequest() /src/netwerk/protocol/http/nsHttpChannel.cpp:1770:3
    #3 0x7f23b2a7d17e in mozilla::net::nsHttpChannel::ContinueProcessNormal(nsresult) /src/netwerk/protocol/http/nsHttpChannel.cpp:3035:8
    #4 0x7f23b2a76654 in mozilla::net::nsHttpChannel::ProcessNormal() /src/netwerk/protocol/http/nsHttpChannel.cpp:2972:10
    #5 0x7f23b2a7434a in mozilla::net::nsHttpChannel::ContinueProcessResponse3(nsresult) /src/netwerk/protocol/http/nsHttpChannel.cpp
    #6 0x7f23b2a6d8cb in mozilla::net::nsHttpChannel::ContinueProcessResponse1() /src/netwerk/protocol/http/nsHttpChannel.cpp:2609:10
    #7 0x7f23b2a6c8a1 in mozilla::net::nsHttpChannel::ProcessResponse() /src/netwerk/protocol/http/nsHttpChannel.cpp:2476:10
    #8 0x7f23b2abce9c in mozilla::net::nsHttpChannel::OnStartRequest(nsIRequest*) /src/netwerk/protocol/http/nsHttpChannel.cpp:7678:31
    #9 0x7f23b1fb56b5 in nsInputStreamPump::OnStateStart() /src/netwerk/base/nsInputStreamPump.cpp:487:21
    #10 0x7f23b1fb4cb0 in nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) /src/netwerk/base/nsInputStreamPump.cpp:396:21
    #11 0x7f23b1c9c066 in nsInputStreamReadyEvent::Run() /src/xpcom/io/nsStreamUtils.cpp:91:20
    #12 0x7f23b1d2c339 in nsThread::ProcessNextEvent(bool, bool*) /src/xpcom/threads/nsThread.cpp:1225:14
    #13 0x7f23b1d32fa8 in NS_ProcessNextEvent(nsIThread*, bool) /src/xpcom/threads/nsThreadUtils.cpp:486:10
    #14 0x7f23b2f8022f in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /src/ipc/glue/MessagePump.cpp:88:21
    #15 0x7f23b2e78ef2 in RunInternal /src/ipc/chromium/src/base/message_loop.cc:315:10
    #16 0x7f23b2e78ef2 in RunHandler /src/ipc/chromium/src/base/message_loop.cc:308
    #17 0x7f23b2e78ef2 in MessageLoop::Run() /src/ipc/chromium/src/base/message_loop.cc:290
    #18 0x7f23bb37f239 in nsBaseAppShell::Run() /src/widget/nsBaseAppShell.cpp:137:27
    #19 0x7f23bf040b10 in nsAppStartup::Run() /src/toolkit/components/startup/nsAppStartup.cpp:276:30
    #20 0x7f23bf2c0c63 in XREMain::XRE_mainRun() /src/toolkit/xre/nsAppRunner.cpp:4600:22
    #21 0x7f23bf2c2d7f in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /src/toolkit/xre/nsAppRunner.cpp:4735:8
    #22 0x7f23bf2c4660 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /src/toolkit/xre/nsAppRunner.cpp:4816:21
    #23 0x5652161ee9d6 in do_main /src/browser/app/nsBrowserApp.cpp:218:22
    #24 0x5652161ee9d6 in main /src/browser/app/nsBrowserApp.cpp:300
Flags: in-testsuite?
Flags: needinfo?(valentin.gosu)
Regressed by: 1531405
Assignee: nobody → valentin.gosu
Flags: needinfo?(valentin.gosu)
Priority: -- → P2
Whiteboard: [necko-triaged]
Pushed by valentin.gosu@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/fd78ca9c9e15
Check if loadingPrincipal is null before doing cross-origin check r=mayhemer

https://hg.mozilla.org/mozilla-central/rev/fd78ca9c9e15

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox71: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla71

Hello! Reproduced the issue with Firefox 71.0a1 (20191009095806) on Windows 10x64. After loading the test case from comment 0 Firefox crashed.
The issue is verified fixed with Firefox 71.0b11 (20191118154140) on Windows 10x64, macOS 10.14 and Ubuntu 18.04. No crashes encountered while using the test case.

Status: RESOLVED → VERIFIED
status-firefox71: fixedverified
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.