Closed Bug 1645715 Opened 7 months ago Closed 7 months ago

Crash on nullptr in mozilla::net::HttpBaseChannel::ComputeCrossOriginOpenerPolicyMismatch

Categories

(Core :: Networking: HTTP, defect, P2)

defect

Tracking

()

RESOLVED FIXED
mozilla79
Tracking Status
firefox-esr68 --- unaffected
firefox77 --- unaffected
firefox78 --- fixed
firefox79 --- fixed

People

(Reporter: michal, Assigned: valentin)

References

(Regression)

Details

(Keywords: regression, Whiteboard: [necko-triaged])

Attachments

(1 file)

Valentin, you did a review of bug 1575095. Can you please have a look at the crash?

(gdb) bt
#0  0x00007f03430321d5 in __GI___nanosleep (requested_time=requested_time@entry=0x7fff374020a0, remaining=remaining@entry=0x7fff374020a0)
    at ../sysdeps/unix/sysv/linux/nanosleep.c:28
#1  0x00007f03430320de in __sleep (seconds=0) at ../sysdeps/posix/sleep.c:55
#2  0x00007f0339dc4caa in ah_crap_handler(int) (signum=11) at /mnt/work/opt/moz/hg-central-2/toolkit/xre/nsSigHandlers.cpp:95
#3  0x00007f0339d87a07 in nsProfileLock::FatalSignalHandler(int, siginfo_t*, void*) (signo=11, info=0x7fff374023f0, context=0x7fff374022c0)
    at /mnt/work/opt/moz/hg-central-2/toolkit/profile/nsProfileLock.cpp:177
#4  0x00007f033a899a0d in js::UnixExceptionHandler(int, siginfo_t*, void*) (signum=11, info=0x7fff374023f0, context=0x7fff374022c0)
    at /mnt/work/opt/moz/hg-central-2/js/src/ds/MemoryProtectionExceptionHandler.cpp:272
#5  0x00007f033b69d6aa in WasmTrapHandler(int, siginfo_t*, void*) (signum=11, info=0x7fff374023f0, context=0x7fff374022c0)
    at /mnt/work/opt/moz/hg-central-2/js/src/wasm/WasmSignalHandlers.cpp:963
#6  0x00007f03434a1b20 in <signal handler called> () at /lib64/libpthread.so.0
#7  0x00007f03307e7e54 in nsCOMPtr<nsIURI>::operator->() const (this=0x7fff37402a50)
    at /mnt/work/opt/moz/hg-central-2/_obj-browser-release-tb-fp-dbg/dist/include/nsCOMPtr.h:858
#8  0x00007f03310cd8c9 in mozilla::net::HttpBaseChannel::ComputeCrossOriginOpenerPolicyMismatch() (this=0x7f02eb10f000)
    at /mnt/work/opt/moz/hg-central-2/netwerk/protocol/http/HttpBaseChannel.cpp:2327
#9  0x00007f03311f2044 in mozilla::net::nsHttpChannel::ContinueProcessResponse1() (this=0x7f02eb10f000)
    at /mnt/work/opt/moz/hg-central-2/netwerk/protocol/http/nsHttpChannel.cpp:2583
#10 0x00007f03311f1e1f in mozilla::net::nsHttpChannel::ProcessResponse() (this=0x7f02eb10f000)
    at /mnt/work/opt/moz/hg-central-2/netwerk/protocol/http/nsHttpChannel.cpp:2547
#11 0x00007f0331213a5a in mozilla::net::nsHttpChannel::OnStartRequest(nsIRequest*) (this=0x7f02eb10f000, request=0x7f02f73067a0)
    at /mnt/work/opt/moz/hg-central-2/netwerk/protocol/http/nsHttpChannel.cpp:7552
#12 0x00007f0330a00c2b in nsInputStreamPump::OnStateStart() (this=0x7f02f73067a0) at /mnt/work/opt/moz/hg-central-2/netwerk/base/nsInputStreamPump.cpp:481
#13 0x00007f0330a006ed in nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) (this=0x7f02f73067a0, stream=0x7f02edfd1a20)
    at /mnt/work/opt/moz/hg-central-2/netwerk/base/nsInputStreamPump.cpp:390
#14 0x00007f03306c4ebb in nsInputStreamReadyEvent::Run() (this=0x7f02edf5d220) at /mnt/work/opt/moz/hg-central-2/xpcom/io/nsStreamUtils.cpp:94
#15 0x00007f033077afca in nsThread::ProcessNextEvent(bool, bool*) (this=0x7f0342d67310, aMayWait=false, aResult=0x7fff37403787)
    at /mnt/work/opt/moz/hg-central-2/xpcom/threads/nsThread.cpp:1238
#16 0x00007f0330780d47 in NS_ProcessNextEvent(nsIThread*, bool) (aThread=0x7f0342d67310, aMayWait=false)
    at /mnt/work/opt/moz/hg-central-2/xpcom/threads/nsThreadUtils.cpp:501
#17 0x00007f03315de148 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) (this=0x7f031a01ff80, aDelegate=0x7f0342d657a0)
    at /mnt/work/opt/moz/hg-central-2/ipc/glue/MessagePump.cpp:87
#18 0x00007f03314cf617 in MessageLoop::RunInternal() (this=0x7f0342d657a0) at /mnt/work/opt/moz/hg-central-2/ipc/chromium/src/base/message_loop.cc:315
#19 0x00007f03314cf595 in MessageLoop::RunHandler() (this=0x7f0342d657a0) at /mnt/work/opt/moz/hg-central-2/ipc/chromium/src/base/message_loop.cc:308
#20 0x00007f03314cf553 in MessageLoop::Run() (this=0x7f0342d657a0) at /mnt/work/opt/moz/hg-central-2/ipc/chromium/src/base/message_loop.cc:290
#21 0x00007f0336babb01 in nsBaseAppShell::Run() (this=0x7f031a052c80) at /mnt/work/opt/moz/hg-central-2/widget/nsBaseAppShell.cpp:137
#22 0x00007f0339b92a40 in nsAppStartup::Run() (this=0x7f03176498d0) at /mnt/work/opt/moz/hg-central-2/toolkit/components/startup/nsAppStartup.cpp:271
#23 0x00007f0339db12ce in XREMain::XRE_mainRun() (this=0x7fff37404360) at /mnt/work/opt/moz/hg-central-2/toolkit/xre/nsAppRunner.cpp:4665
#24 0x00007f0339db23ba in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) (this=0x7fff37404360, argc=3, argv=0x7fff374056c8, aConfig=...)
    at /mnt/work/opt/moz/hg-central-2/toolkit/xre/nsAppRunner.cpp:4812
#25 0x00007f0339db28b9 in XRE_main(int, char**, mozilla::BootstrapConfig const&) (argc=3, argv=0x7fff374056c8, aConfig=...)

(gdb) f 8
#8  0x00007f03310cd8c9 in mozilla::net::HttpBaseChannel::ComputeCrossOriginOpenerPolicyMismatch (this=0x7f02eb10f000)
    at /mnt/work/opt/moz/hg-central-2/netwerk/protocol/http/HttpBaseChannel.cpp:2327
2327	    uri->GetSpec(docOrigin);

(gdb) p uri
$5 = {mRawPtr = 0x0}

(gdb) x/wa *(void **) documentOrigin.mRawPtr
0x7f033fce5178 <_ZTVN7mozilla15SystemPrincipalE+16>:	0x32585000
Flags: needinfo?(valentin.gosu)
Assignee: nobody → valentin.gosu
Status: NEW → ASSIGNED
Flags: needinfo?(valentin.gosu)
Pushed by valentin.gosu@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/00d535d4004d
Check if uri is null in ComputeCrossOriginOpenerPolicyMismatch r=michal,necko-reviewers

Comment on attachment 9156655 [details]
Bug 1645715 - Check if uri is null in ComputeCrossOriginOpenerPolicyMismatch r=michal

Beta/Release Uplift Approval Request

  • User impact if declined: Potential crash when logging HTTP
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): This code block is only run when nsHttp logging is enabled
  • String changes made/needed:
Attachment #9156655 - Flags: approval-mozilla-beta?
Status: ASSIGNED → RESOLVED
Closed: 7 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla79

Comment on attachment 9156655 [details]
Bug 1645715 - Check if uri is null in ComputeCrossOriginOpenerPolicyMismatch r=michal

looks harmless enough; approved for 78.0b9

Attachment #9156655 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.