1617488 - Assertion failure: nsContentUtils::IsSafeToRunScript() || mOwnerContent->OwnerDoc()->IsStaticDocument() (FrameLoader should never be initialized during document update or reflow!), at src/dom/base/nsFrameLoader.cpp:2014

Status: RESOLVED FIXED

(Core :: DOM: Navigation, defect, P1)

Description

[Tyson Smith [:tsmith]]

Attachment: testcase.html

Reduced with m-c 20200223-4ee8b095bb52

The test case must be served via a web server to trigger the issue.

Assertion failure: nsContentUtils::IsSafeToRunScript() || mOwnerContent->OwnerDoc()->IsStaticDocument() (FrameLoader should never be initialized during document update or reflow!), at src/dom/base/nsFrameLoader.cpp:2014

#0 nsFrameLoader::AssertSafeToInit() src/dom/base/nsFrameLoader.cpp:2011:3
#1 nsFrameLoader::MaybeCreateDocShell() src/dom/base/nsFrameLoader.cpp:2026:3
#2 nsFrameLoader::GetBrowsingContext() src/dom/base/nsFrameLoader.cpp:3272:15
#3 nsFrameLoader::ApplySandboxFlags(unsigned int) src/dom/base/nsFrameLoader.cpp:3085:34
#4 mozilla::dom::HTMLIFrameElement::AfterSetAttr(int, nsAtom*, nsAttrValue const*, nsAttrValue const*, nsIPrincipal*, bool) src/dom/html/HTMLIFrameElement.cpp:170:23
#5 mozilla::dom::Element::SetAttrAndNotify(int, nsAtom*, nsAtom*, nsAttrValue const*, nsAttrValue&, nsIPrincipal*, unsigned char, bool, bool, bool, mozilla::dom::Document*, mozAutoDocUpdate const&) src/dom/base/Element.cpp:2353:10
#6 mozilla::dom::Element::SetAttr(int, nsAtom*, nsAtom*, nsTSubstring<char16_t> const&, nsIPrincipal*, bool) src/dom/base/Element.cpp:2213:10
#7 mozilla::dom::Element::SetAttribute(nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, nsIPrincipal*, mozilla::ErrorResult&) src/dom/base/Element.cpp:1285:12
#8 mozilla::dom::Element_Binding::setAttribute(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) src/obj-firefox/dom/bindings/ElementBinding.cpp:1305:24
#9 bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) src/dom/bindings/BindingUtils.cpp:3170:13
#10 CallJSNative src/js/src/vm/Interpreter.cpp:477:13
#11 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:569:12
#12 InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) src/js/src/vm/Interpreter.cpp:632:10
#13 CallFromStack src/js/src/vm/Interpreter.cpp:636:10
#14 Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3049:16
#15 js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:449:10
#16 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:604:13
#17 InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) src/js/src/vm/Interpreter.cpp:632:10
#18 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) src/js/src/vm/Interpreter.cpp:649:8
#19 JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) src/js/src/jsapi.cpp:2797:10
#20 mozilla::dom::IdleRequestCallback::Call(JSContext*, JS::Handle<JS::Value>, mozilla::dom::IdleDeadline&, mozilla::ErrorResult&) src/obj-firefox/dom/bindings/WindowBinding.cpp:803:8
#21 Call src/obj-firefox/dist/include/mozilla/dom/WindowBinding.h:766:12
#22 Call src/obj-firefox/dist/include/mozilla/dom/WindowBinding.h:779:12
#23 mozilla::dom::IdleRequest::IdleRun(nsPIDOMWindowInner*, double, bool) src/dom/base/IdleRequest.cpp:62:13
#24 nsGlobalWindowInner::RunIdleRequest(mozilla::dom::IdleRequest*, double, bool) src/dom/base/nsGlobalWindowInner.cpp:665:12
#25 nsGlobalWindowInner::ExecuteIdleRequest(mozilla::TimeStamp) src/dom/base/nsGlobalWindowInner.cpp:693:3
#26 IdleRequestExecutor::Run() src/dom/base/nsGlobalWindowInner.cpp:534:13
#27 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1220:14
#28 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:481:10
#29 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:87:21
#30 RunInternal src/ipc/chromium/src/base/message_loop.cc:315:10
#31 RunHandler src/ipc/chromium/src/base/message_loop.cc:308:3
#32 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290:3
#33 nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#34 XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:944:20
#35 RunInternal src/ipc/chromium/src/base/message_loop.cc:315:10
#36 RunHandler src/ipc/chromium/src/base/message_loop.cc:308:3
#37 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290:3
#38 XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:779:34
#39 content_process_main src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
#40 main src/browser/app/nsBrowserApp.cpp:303:18

Comment 1

[Nika Layzell [:nika] (ni? for response)]

Attachment: Bug 1617488 - Delay setting sandbox flags until frameloader has been initialized,

Comment 2

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

https://hg.mozilla.org/integration/autoland/rev/47dc55317582c524900c55fc2ef77d335607ab85
https://hg.mozilla.org/mozilla-central/rev/47dc55317582