Closed
Bug 1587963
Opened 5 years ago
Closed 4 years ago
member call on null pointer of type 'mozilla::dom::WindowGlobalParent' in dom/base/nsFrameLoader.cpp:2582
Categories
(Core :: DOM: Navigation, defect, P3)
Core
DOM: Navigation
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr68 | --- | unaffected |
| firefox71 | --- | wontfix |
| firefox72 | --- | disabled |
| firefox73 | --- | disabled |
| firefox74 | --- | fixed |
People
(Reporter: tsmith, Assigned: Yoric)
References
(Blocks 1 open bug)
Details
(Keywords: crash, csectype-nullptr, testcase)
Attachments
(2 files)
Found with m-c 20191008-9a16c53ed5c3
Test case requires fission.autostart=true
src/dom/base/nsFrameLoader.cpp:2582:60: runtime error: member call on null pointer of type 'mozilla::dom::WindowGlobalParent'
#0 0x7f385c77c2c8 in nsFrameLoader::TryRemoteBrowserInternal() src/dom/base/nsFrameLoader.cpp:2582:60
#1 0x7f385c77950a in nsFrameLoader::TryRemoteBrowser() src/dom/base/nsFrameLoader.cpp:2693:7
#2 0x7f385c764246 in nsFrameLoader::EnsureRemoteBrowser() src/dom/base/nsFrameLoader.cpp:2485:28
#3 0x7f385c764246 in nsFrameLoader::ReallyStartLoadingInternal() src/dom/base/nsFrameLoader.cpp:563
#4 0x7f385c763e93 in nsFrameLoader::ReallyStartLoading() src/dom/base/nsFrameLoader.cpp:548:17
#5 0x7f385c472106 in mozilla::dom::Document::MaybeInitializeFinalizeFrameLoaders() src/dom/base/Document.cpp:8505:13
#6 0x7f385c568871 in decltype(*(fp).*fp0()) mozilla::detail::RunnableMethodArguments<>::applyImpl<mozilla::dom::Document, void (mozilla::dom::Document::*)()>(mozilla::dom::Document*, void (mozilla::dom::Document::*)(), mozilla::Tuple<>&, std::integer_sequence<unsigned long>) src/objdir-ff-ubsan/dist/include/nsThreadUtils.h:1124:12
#7 0x7f385c568871 in _ZN7mozilla6detail23RunnableMethodArgumentsIJEE5applyINS_3dom8DocumentEMS5_FvvEEEDTcl9applyImplfp_fp0_dtdefpT10mArgumentstlSt16integer_sequenceImJEEEEEPT_T0_ src/objdir-ff-ubsan/dist/include/nsThreadUtils.h:1130
#8 0x7f385c568871 in mozilla::detail::RunnableMethodImpl<mozilla::dom::Document*, void (mozilla::dom::Document::*)(), true, (mozilla::RunnableKind)0>::Run() src/objdir-ff-ubsan/dist/include/nsThreadUtils.h:1176
#9 0x7f385c1729e4 in nsContentUtils::AddScriptRunner(already_AddRefed<nsIRunnable>) src/dom/base/nsContentUtils.cpp:5250:13
#10 0x7f385c172c38 in nsContentUtils::AddScriptRunner(nsIRunnable*) src/dom/base/nsContentUtils.cpp:5256:3
#11 0x7f385c48423e in mozilla::dom::Document::InitializeFrameLoader(nsFrameLoader*) src/dom/base/Document.cpp:8452:5
#12 0x7f385c763212 in nsFrameLoader::LoadURI(nsIURI*, nsIPrincipal*, nsIContentSecurityPolicy*, bool) src/dom/base/nsFrameLoader.cpp:510:13
#13 0x7f385c7620a5 in nsFrameLoader::LoadFrame(bool) src/dom/base/nsFrameLoader.cpp:470:10
#14 0x7f385c78312e in nsFrameLoaderOwner::ChangeRemoteness(mozilla::dom::RemotenessOptions const&, mozilla::ErrorResult&) src/dom/base/nsFrameLoaderOwner.cpp:128:19
#15 0x7f385df522f6 in mozilla::dom::XULFrameElement_Binding::changeRemoteness(JSContext*, JS::Handle<JSObject*>, mozilla::dom::XULFrameElement*, JSJitMethodCallArgs const&) src/objdir-ff-ubsan/dom/bindings/XULFrameElementBinding.cpp:426:24
#16 0x7f385e6fa7a3 in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) src/dom/bindings/BindingUtils.cpp:3250:13
#17 0x7f386526afb4 in CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&) src/js/src/vm/Interpreter.cpp:457:13
#18 0x7f386526afb4 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:549
#19 0x7f386524f19e in js::CallFromStack(JSContext*, JS::CallArgs const&) src/js/src/vm/Interpreter.cpp:622:10
#20 0x7f386524f19e in Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3111
#21 0x7f3865230f92 in js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:424:10
#22 0x7f386526b0ac in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:590:13
#23 0x7f386647e1a0 in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) src/js/src/jit/BaselineIC.cpp:2938:10
#24 0x35a147b6c797 (<unknown module>)
Flags: in-testsuite?
|
||
Updated•5 years ago
|
Component: DOM: Core & HTML → Document Navigation
|
||
Updated•5 years ago
|
Blocks: fission-dogfooding
|
|
||
Updated•5 years ago
|
Priority: -- → P3
|
||
Updated•5 years ago
|
Fission Milestone: --- → M5
|
Reporter | |
Comment 1•4 years ago
|
||
A Pernosco session is available here: https://pernos.co/debug/gFfticzjPUO1ToZS-vvPmQ/index.html
status-firefox72:
--- → disabled
status-firefox73:
--- → disabled
|
Assignee | |
Comment 3•4 years ago
|
||
We currently have a hack that sets the TabGroup based on the current window global. There
are a few cases in which we do not have a window global, though – as far as I can tell from
the code, these might be race conditions between loading and closing the tab. Just don't
do anything in such cases.
Pushed by dteller@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c329b8ebaf33 Don't change sameTabGroupAs from a WindowGlobalParent that doesn't exist;r=nika
|
||
Comment 6•4 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox74:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla74
|
||
Updated•4 years ago
|
status-firefox-esr68:
--- → unaffected
|
||
Updated•4 years ago
|
Flags: qe-verify+
QA Contact: vlad.lucaci
You need to log in
before you can comment on or make changes to this bug.
Description
•