Closed Bug 1649560 Opened 4 years ago Closed 4 years ago

CSPViolationReportListener::Release Crash in [@ mozilla::css::StreamLoader::~StreamLoader ]

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Version:
80 Branch
Platform:
Unspecified
All
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1651661
Tracking Flags:
Tracking Status
firefox-esr68 --- unaffected
firefox-esr78 --- unaffected
firefox78 --- unaffected
firefox79 --- unaffected
firefox80 --- fixed

People

(Reporter: info, Unassigned)

References

Details

Crash Data

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0

Steps to reproduce:

  1. fresh install FF79.0b1
  2. install LocalCDN* (Replace JS/CSS files of CDN)
  3. open URI "https://www.gearslutz.com"
  4. (Maybe you have to update the website a few times)

Notes: Extension-URL: https://addons.mozilla.org/en-US/firefox/addon/localcdn-fork-of-decentraleyes/?src=search
Crash Report: https://crash-stats.mozilla.org/report/index/ddd698cd-6c42-4966-8f15-c39320200630

Notes: FF78 works perfectly. There is also a problem with FF79.0b1: https://bugzilla.mozilla.org/show_bug.cgi?id=1649555

Actual results:

Tab crashes sometimes

Crash Signature: mozilla::css::StreamLoader::~StreamLoader
  1. fresh install FF79.0b1

Sorry, that was a copy&paste mistake. Affected version: FF80.0a1

Product: Firefox → WebExtensions

Hi,

Thank you for taking the time to submit this bug report. Unfortunately we couldn't reproduce the issue, after testing on Windows 10 x 64 bit, MacOS 10.14 and Ubuntu 16.04 LTS with Nightly 80.0a1 (20200709093347). Same questions as the ones from bug 1649555, at step 4, how many times did you needed to refresh the website? Do we need to have a precise setup? Likewise at step 2, do we need to change something in the add-on's settings?

Flags: needinfo?(info)

Thank you for your answer.

A user wrote that the bug in FF79.0b5 was fixed and no longer exists. [1] I can confirm this for 80.0a1 20200709093347. Sorry, I forgot to update this bug report.

At step 4, how many times did you needed to refresh the website?

This can vary, mostly in the range of 1-5 times.

Likewise at step 2, do we need to change something in the add-on's settings?

Oh right, sorry, I forgot to mention that. In the add-on options the setting "Block requests for missing resources" and the HTML filter must be activated to replace the CSS.

Basically the traffic should be redirected by LocalCDN from https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css to moz-extension://fcd181f9-dd9d-4407-a4fc-a9284ffe0df1/resources/fontawesome/4.7.0/css/font-awesome.min.css

[1] https://codeberg.org/nobody/LocalCDN/issues/46#issuecomment-67857

Flags: needinfo?(info)
See Also: → 1649555

So can this bug be closed then?

There was a similar crash at bug 1615832, but that bug got fixed many releases ago.

See Also: → 1615832

Moving to the DOM Security component because this looks like a new crash in CSP code. Bug 1649560 was fixed in Fx75, but this crash signature has returned with a different call stack in Fx80, starting with build id 20200624093107.

From bp-c0e9f60e-510e-4b21-b3df-bf8650200709:

MOZ_RELEASE_ASSERT(mOnStopRequestCalled || mChannelOpenFailed);

Top 10 frames of crashing thread:

0 xul.dll mozilla::css::StreamLoader::~StreamLoader layout/style/StreamLoader.cpp:27
1 xul.dll mozilla::css::StreamLoader::~StreamLoader layout/style/StreamLoader.cpp:25
2 xul.dll CSPViolationReportListener::Release dom/security/nsHTTPSOnlyStreamListener.cpp:22
3 xul.dll mozilla::net::HttpBaseChannel::ReleaseListeners netwerk/protocol/http/HttpBaseChannel.cpp:3247
4 xul.dll mozilla::net::HttpChannelChild::CleanupRedirectingChannel netwerk/protocol/http/HttpChannelChild.cpp:1989
5 xul.dll mozilla::net::HttpChannelChild::Redirect3Complete netwerk/protocol/http/HttpChannelChild.cpp:1952
6 xul.dll mozilla::net::ChannelEventQueue::RunOrEnqueue netwerk/ipc/ChannelEventQueue.h:240
7 xul.dll mozilla::net::HttpChannelChild::RecvRedirect3Complete netwerk/protocol/http/HttpChannelChild.cpp:1775
8 xul.dll mozilla::net::PHttpChannelChild::OnMessageReceived ipc/ipdl/PHttpChannelChild.cpp:767
9 xul.dll mozilla::dom::PContentChild::OnMessageReceived ipc/ipdl/PContentChild.cpp:8388
Status: UNCONFIRMED → NEW
Crash Signature: mozilla::css::StreamLoader::~StreamLoader → [@ mozilla::css::StreamLoader::~StreamLoader]
status-firefox78: --- → unaffected
status-firefox79: --- → unaffected
status-firefox80: --- → affected
status-firefox-esr68: --- → unaffected
status-firefox-esr78: --- → unaffected
Component: Untriaged → DOM: Security
Ever confirmed: true
OS: Unspecified → All
Product: WebExtensions → Core
Summary: Crash in [@ mozilla::css::StreamLoader::~StreamLoader ] → CSPViolationReportListener::Release Crash in [@ mozilla::css::StreamLoader::~StreamLoader ]

This looks similar to the kind of issues we're hunting down in bug 1605895. It's great that we have STR for this!

Flags: needinfo?(honzab.moz)
See Also: → 1605895

Hmm.. I think I discovered this independently just few days ago: bug 1651661

Status: NEW → RESOLVED
Closed: 4 years ago
Flags: needinfo?(honzab.moz)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.