Closed
Bug 1600645
Opened 5 years ago
Closed 5 years ago
Assertion failure: mIndex > -1, at /builds/worker/workspace/build/src/docshell/shistory/nsSHistory.cpp:1384
Categories
(Core :: DOM: Navigation, defect, P3)
Core
DOM: Navigation
Tracking
()
RESOLVED
DUPLICATE
of bug 1594850
Fission Milestone | M5 |
Tracking | Status | |
---|---|---|
firefox72 | --- | fixed |
People
(Reporter: jkratzer, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: assertion, testcase, Whiteboard: [fuzzblocker])
Attachments
(1 file)
157 bytes,
text/html
|
Details |
Testcase found while fuzzing mozilla-central rev caf55914ccdd.
Assertion failure: mIndex > -1, at /builds/worker/workspace/build/src/docshell/shistory/nsSHistory.cpp:1384
rax = 0x000056325398c340 rdx = 0x0000000000000000
rcx = 0x00007fb4a3fcc374 rbx = 0x00007fb4826cfc40
rsi = 0x00007fb4af6e48b0 rdi = 0x00007fb4af6e3680
rbp = 0x00007ffd23a1f710 rsp = 0x00007ffd23a1f6f0
r8 = 0x00007fb4af6e48b0 r9 = 0x00007fb4b084d780
r10 = 0x0000000000000000 r11 = 0x0000000000000000
r12 = 0x00000000ffffffff r13 = 0x00007fb47be64e20
r14 = 0x00007fb47d15d300 r15 = 0x00007fb4802cb880
rip = 0x00007fb4a0c46ed4
OS|Linux|0.0.0 Linux 5.0.0-35-generic #38~18.04.1-Ubuntu SMP Mon Nov 11 09:16:10 UTC 2019 x86_64
CPU|amd64|family 6 model 94 stepping 3|1
GPU|||
Crash|SIGSEGV|0x0|0
0|0|libxul.so|nsSHistory::EnsureCorrectEntryAtCurrIndex(nsISHEntry*)|hg:hg.mozilla.org/mozilla-central:docshell/shistory/nsSHistory.cpp:caf55914ccddba34d462a1206530d7868b6c4992|1384|0x0
0|1|libxul.so|nsDocShell::OnNewURI(nsIURI*, nsIChannel*, nsIPrincipal*, nsIPrincipal*, nsIPrincipal*, unsigned int, nsIContentSecurityPolicy*, bool, bool, bool)|hg:hg.mozilla.org/mozilla-central:docshell/base/nsDocShell.cpp:caf55914ccddba34d462a1206530d7868b6c4992|10813|0x20
0|2|libxul.so|nsDocShell::OnLoadingSite(nsIChannel*, bool, bool)|hg:hg.mozilla.org/mozilla-central:docshell/base/nsDocShell.cpp:caf55914ccddba34d462a1206530d7868b6c4992|10868|0x1b
0|3|libxul.so|nsDocShell::CreateContentViewer(nsTSubstring<char> const&, nsIRequest*, nsIStreamListener**)|hg:hg.mozilla.org/mozilla-central:docshell/base/nsDocShell.cpp:caf55914ccddba34d462a1206530d7868b6c4992|7916|0x5
0|4|libxul.so|nsDSURIContentListener::DoContent(nsTSubstring<char> const&, bool, nsIRequest*, nsIStreamListener**, bool*)|hg:hg.mozilla.org/mozilla-central:docshell/base/nsDSURIContentListener.cpp:caf55914ccddba34d462a1206530d7868b6c4992|184|0x17
0|5|libxul.so|nsDocumentOpenInfo::TryContentListener(nsIURIContentListener*, nsIChannel*)|hg:hg.mozilla.org/mozilla-central:uriloader/base/nsURILoader.cpp:caf55914ccddba34d462a1206530d7868b6c4992|742|0x2
0|6|libxul.so|nsDocumentOpenInfo::DispatchContent(nsIRequest*, nsISupports*)|hg:hg.mozilla.org/mozilla-central:uriloader/base/nsURILoader.cpp:caf55914ccddba34d462a1206530d7868b6c4992|413|0x18
0|7|libxul.so|nsDocumentOpenInfo::OnStartRequest(nsIRequest*)|hg:hg.mozilla.org/mozilla-central:uriloader/base/nsURILoader.cpp:caf55914ccddba34d462a1206530d7868b6c4992|292|0xd
0|8|libxul.so|nsBaseChannel::OnStartRequest(nsIRequest*)|hg:hg.mozilla.org/mozilla-central:netwerk/base/nsBaseChannel.cpp:caf55914ccddba34d462a1206530d7868b6c4992|830|0x19
0|9|libxul.so|nsInputStreamPump::OnStateStart()|hg:hg.mozilla.org/mozilla-central:netwerk/base/nsInputStreamPump.cpp:caf55914ccddba34d462a1206530d7868b6c4992|487|0x15
0|10|libxul.so|nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*)|hg:hg.mozilla.org/mozilla-central:netwerk/base/nsInputStreamPump.cpp:caf55914ccddba34d462a1206530d7868b6c4992|396|0x8
0|11|libxul.so|nsInputStreamReadyEvent::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/io/nsStreamUtils.cpp:caf55914ccddba34d462a1206530d7868b6c4992|91|0x15
0|12|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:caf55914ccddba34d462a1206530d7868b6c4992|1225|0x15
0|13|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:caf55914ccddba34d462a1206530d7868b6c4992|486|0x11
0|14|libxul.so|mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:caf55914ccddba34d462a1206530d7868b6c4992|88|0xa
0|15|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:caf55914ccddba34d462a1206530d7868b6c4992|315|0x17
0|16|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:caf55914ccddba34d462a1206530d7868b6c4992|290|0x8
0|17|libxul.so|nsBaseAppShell::Run()|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:caf55914ccddba34d462a1206530d7868b6c4992|137|0xd
0|18|libxul.so|nsAppStartup::Run()|hg:hg.mozilla.org/mozilla-central:toolkit/components/startup/nsAppStartup.cpp:caf55914ccddba34d462a1206530d7868b6c4992|276|0xe
0|19|libxul.so|XREMain::XRE_mainRun()|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsAppRunner.cpp:caf55914ccddba34d462a1206530d7868b6c4992|4586|0x11
0|20|libxul.so|XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsAppRunner.cpp:caf55914ccddba34d462a1206530d7868b6c4992|4721|0x8
0|21|libxul.so|XRE_main(int, char**, mozilla::BootstrapConfig const&)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsAppRunner.cpp:caf55914ccddba34d462a1206530d7868b6c4992|4802|0x5
0|22|firefox-bin|do_main|hg:hg.mozilla.org/mozilla-central:browser/app/nsBrowserApp.cpp:caf55914ccddba34d462a1206530d7868b6c4992|218|0x26
0|23|firefox-bin|main|hg:hg.mozilla.org/mozilla-central:browser/app/nsBrowserApp.cpp:caf55914ccddba34d462a1206530d7868b6c4992|300|0xf
0|24|libc-2.27.so||||0x21b97
0|25|firefox-bin|MOZ_ReportCrash|hg:hg.mozilla.org/mozilla-central:mfbt/Assertions.h:caf55914ccddba34d462a1206530d7868b6c4992|203|0x5
Flags: in-testsuite?
Updated•5 years ago
|
Fission Milestone: --- → M5
Priority: -- → P3
Comment 1•5 years ago
|
||
A crash with this signature was fixed in bug 1594850. The revision caf55914ccdd used here is from Nov 8, whereas my fix came in on Nov 14, so this version of firefox did not have my fix. Closing this.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
Updated•5 years ago
|
status-firefox72:
--- → fixed
status-firefox73:
affected → ---
Updated•4 years ago
|
Blocks: fuzzing-fission
You need to log in
before you can comment on or make changes to this bug.
Description
•