CSPViolationReportListener::Release Crash in [@ mozilla::css::StreamLoader::~StreamLoader ]
Categories
(Core :: DOM: Security, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr68 | --- | unaffected |
firefox-esr78 | --- | unaffected |
firefox78 | --- | unaffected |
firefox79 | --- | unaffected |
firefox80 | --- | fixed |
People
(Reporter: info, Unassigned)
References
Details
Crash Data
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0
Steps to reproduce:
- fresh install FF79.0b1
- install LocalCDN* (Replace JS/CSS files of CDN)
- open URI "https://www.gearslutz.com"
- (Maybe you have to update the website a few times)
Notes: Extension-URL: https://addons.mozilla.org/en-US/firefox/addon/localcdn-fork-of-decentraleyes/?src=search
Crash Report: https://crash-stats.mozilla.org/report/index/ddd698cd-6c42-4966-8f15-c39320200630
Notes: FF78 works perfectly. There is also a problem with FF79.0b1: https://bugzilla.mozilla.org/show_bug.cgi?id=1649555
Actual results:
Tab crashes sometimes
- fresh install FF79.0b1
Sorry, that was a copy&paste mistake. Affected version: FF80.0a1
Updated•4 years ago
|
Comment 2•4 years ago
|
||
Hi,
Thank you for taking the time to submit this bug report. Unfortunately we couldn't reproduce the issue, after testing on Windows 10 x 64 bit, MacOS 10.14 and Ubuntu 16.04 LTS with Nightly 80.0a1 (20200709093347). Same questions as the ones from bug 1649555, at step 4, how many times did you needed to refresh the website? Do we need to have a precise setup? Likewise at step 2, do we need to change something in the add-on's settings?
Thank you for your answer.
A user wrote that the bug in FF79.0b5 was fixed and no longer exists. [1] I can confirm this for 80.0a1 20200709093347. Sorry, I forgot to update this bug report.
At step 4, how many times did you needed to refresh the website?
This can vary, mostly in the range of 1-5 times.
Likewise at step 2, do we need to change something in the add-on's settings?
Oh right, sorry, I forgot to mention that. In the add-on options the setting "Block requests for missing resources" and the HTML filter must be activated to replace the CSS.
Basically the traffic should be redirected by LocalCDN from https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
to moz-extension://fcd181f9-dd9d-4407-a4fc-a9284ffe0df1/resources/fontawesome/4.7.0/css/font-awesome.min.css
[1] https://codeberg.org/nobody/LocalCDN/issues/46#issuecomment-67857
Comment 4•4 years ago
|
||
So can this bug be closed then?
There was a similar crash at bug 1615832, but that bug got fixed many releases ago.
Comment 5•4 years ago
|
||
Moving to the DOM Security component because this looks like a new crash in CSP code. Bug 1649560 was fixed in Fx75, but this crash signature has returned with a different call stack in Fx80, starting with build id 20200624093107.
From bp-c0e9f60e-510e-4b21-b3df-bf8650200709:
MOZ_RELEASE_ASSERT(mOnStopRequestCalled || mChannelOpenFailed);
Top 10 frames of crashing thread:
0 xul.dll mozilla::css::StreamLoader::~StreamLoader layout/style/StreamLoader.cpp:27
1 xul.dll mozilla::css::StreamLoader::~StreamLoader layout/style/StreamLoader.cpp:25
2 xul.dll CSPViolationReportListener::Release dom/security/nsHTTPSOnlyStreamListener.cpp:22
3 xul.dll mozilla::net::HttpBaseChannel::ReleaseListeners netwerk/protocol/http/HttpBaseChannel.cpp:3247
4 xul.dll mozilla::net::HttpChannelChild::CleanupRedirectingChannel netwerk/protocol/http/HttpChannelChild.cpp:1989
5 xul.dll mozilla::net::HttpChannelChild::Redirect3Complete netwerk/protocol/http/HttpChannelChild.cpp:1952
6 xul.dll mozilla::net::ChannelEventQueue::RunOrEnqueue netwerk/ipc/ChannelEventQueue.h:240
7 xul.dll mozilla::net::HttpChannelChild::RecvRedirect3Complete netwerk/protocol/http/HttpChannelChild.cpp:1775
8 xul.dll mozilla::net::PHttpChannelChild::OnMessageReceived ipc/ipdl/PHttpChannelChild.cpp:767
9 xul.dll mozilla::dom::PContentChild::OnMessageReceived ipc/ipdl/PContentChild.cpp:8388
Comment 6•4 years ago
|
||
This looks similar to the kind of issues we're hunting down in bug 1605895. It's great that we have STR for this!
Comment 7•4 years ago
|
||
Hmm.. I think I discovered this independently just few days ago: bug 1651661
Comment hidden (Intermittent Failures Robot) |
Updated•4 years ago
|
Description
•