Closed Bug 1643049 Opened 3 years ago Closed 3 years ago

Crash in [@ mozilla::dom::ClonedErrorHolder::Init]

Categories

(Core :: DOM: Content Processes, defect)

Product:
Core
Component:
DOM: Content Processes
Platform:
Unspecified
Windows 10
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla79
Tracking Flags:
Tracking Status
firefox-esr68 --- unaffected
firefox76 --- wontfix
firefox77 --- wontfix
firefox78 --- wontfix
firefox79 --- fixed

People

(Reporter: sg, Assigned: emilio)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1643049 - Fix string usage in ClonedErrorHolder::Init. r=mccr8
47 bytes, text/x-phabricator-request
Details | Review

This bug is for crash report bp-09a43da6-151a-469d-82fc-be6250200603.

Top 10 frames of crashing thread:

0 xul.dll mozilla::dom::ClonedErrorHolder::Init dom/ipc/ClonedErrorHolder.cpp
1 xul.dll static mozilla::dom::ClonedErrorHolder::Create dom/ipc/ClonedErrorHolder.cpp:36
2 xul.dll mozilla::dom::JSActor::QueryHandler::RejectedCallback dom/ipc/JSActor.cpp:423
3 xul.dll mozilla::dom::`anonymous namespace'::PromiseNativeHandlerShim::RejectedCallback dom/promise/Promise.cpp:393
4 xul.dll mozilla::dom::NativeHandlerCallback dom/promise/Promise.cpp:343
5 xul.dll js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:585
6 xul.dll js::Call js/src/vm/Interpreter.cpp:665
7 xul.dll PromiseReactionJob js/src/builtin/Promise.cpp:1906
8 xul.dll js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:585
9 xul.dll JS::Call js/src/jsapi.cpp:2840

This started this Nightly build id 20200601214228

Crash reason is MOZ_DIAGNOSTIC_ASSERT(this->mData[substring_type::mLength] == 0) (nsTDependentString must wrap only null-terminated strings. You are probably looking for nsTDependentSubstring.)

Here's the set of commits added in that build: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=702ad0fa15860f6ea37effdcb45973cc63d3125b&tochange=bc973d369db58faf254ddcef201089dc28e6d3be

Nothing obviously jumps out to me as being related to errors or window actors.

Don't know, but the issue is clear, it doesn't seem like lineBuf guarantees null-termination...

Assignee: nobody → emilio
Status: NEW → ASSIGNED
Pushed by ealvarez@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/7ddeabdb0517
Fix string usage in ClonedErrorHolder::Init. r=mccr8

https://hg.mozilla.org/mozilla-central/rev/7ddeabdb0517

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox79: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla79
You need to log in before you can comment on or make changes to this bug.