Closed Bug 1650409 Opened 3 months ago Closed 2 months ago

Crash in [@ nsNoDataProtocolContentPolicy::ShouldLoad] (mozilla::css::Loader::CheckContentPolicy)

Categories

(Core :: CSS Parsing and Computation, defect)

80 Branch
defect

Tracking

()

VERIFIED FIXED
mozilla80
Tracking Status
firefox80 --- fixed

People

(Reporter: rafalopilowski1, Assigned: heycam)

References

()

Details

Crash Data

Attachments

(2 files)

Attached video Screencast of the issue

This bug is for crash reports:

STR:

  1. Open Firefox Nightly on Android
  2. Navigate to "https://audio.onet.pl"

Expected behaviour:

Website "https://audio.onet.pl" loads correctly.

Actual behaviour:

Recoverable native crashes [@ nsNoDataProtocolContentPolicy::ShouldLoad] reported to Socorro.

Device information

  • Android device: OnePlus 6 (Android 10, Oxygen 10.3.4)

  • Fenix version:

    Nightly 200702 06:03 (Build #21840612)
    AC: 49.0.20200701130905, 14d09cc4a
    GV: 79.0a1-20200629094229
    AS: 61.0.7

Top 10 frames of crashing thread:

0 libxul.so nsNoDataProtocolContentPolicy::ShouldLoad dom/base/nsNoDataProtocolContentPolicy.cpp:44
1 libxul.so nsContentPolicy::CheckPolicy dom/base/nsContentPolicy.cpp:123
2 libxul.so nsContentPolicy::ShouldLoad dom/base/nsContentPolicy.cpp:172
3 libxul.so NS_CheckContentLoadPolicy dom/base/nsContentPolicyUtils.h:226
4 libxul.so mozilla::css::Loader::CheckContentPolicy layout/style/Loader.cpp:898
5 libxul.so mozilla::css::Loader::InternalLoadNonDocumentSheet layout/style/Loader.cpp:2031
6 libxul.so mozilla::css::Loader::LoadSheet layout/style/Loader.cpp:2007
7 libxul.so mozilla::dom::Document::PreloadStyle dom/base/Document.cpp:11577
8 libxul.so mozilla::PreloadService::PreloadStyle uriloader/preload/PreloadService.cpp:198
9 libxul.so mozilla::PreloadService::PreloadOrCoalesce uriloader/preload/PreloadService.cpp:166

Also valid for Firefox Nightly from 03.07.2020

Nightly 200703 08:40 (Build #21850844)
AC: 49.0.20200702131412, 1cba216b2
GV: 80.0a1-20200701093012
AS: 61.0.7

Socorro: crash report bp-c8a41ffb-1169-4907-8d1d-b75070200703

Confirmed for Firefox Nightly 80.0a1 on Windows 10 (Build #20200703094420)

Socorro: crash report bp-b09b58c0-1fec-4c46-a40e-5968c0200703

Moving to Core - CSS Parsing and Computation (based on crashing thread), as I've reproduced this bug on both Windows and Android.

Component: Stability → CSS Parsing and Computation
OS: Android → Unspecified
Product: Fenix → Core
Version: unspecified → 80 Branch
Summary: Crash in [@ nsNoDataProtocolContentPolicy::ShouldLoad] → Crash in [@ nsNoDataProtocolContentPolicy::ShouldLoad] (mozilla::css::Loader::CheckContentPolicy)

From the crash location, it looks like ShouldLoad's aContentLocation argument is null:

https://searchfox.org/mozilla-central/rev/1b95a0179507a4dc7d4b0c94c2df420dc1a72885/dom/base/nsNoDataProtocolContentPolicy.cpp#44

Ultimately that nsIURI comes from here:

https://searchfox.org/mozilla-central/rev/1b95a0179507a4dc7d4b0c94c2df420dc1a72885/dom/base/nsContentSink.cpp#819-820

Honza, do we need to null check the URL in case it fails to get created?

Severity: -- → S2
Flags: needinfo?(honzab.moz)

What we should do is check result of NS_NewURI here. If it fails, we can't preload anything. Then probably add non-null check to PreloadService::PreloadOrCoalesceResult as a deeper protection.

Flags: needinfo?(honzab.moz)
Assignee: nobody → cam
Pushed by cmccormack@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/82b8d1e9468a
Null check preload URL parsing. r=mayhemer
Status: UNCONFIRMED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla80

Confirming this issue is fixed now for Fenix Nightly (build #22030613) and Firefox Nightly on Windows (build #20200721094241)

URL mentioned in this issue now loads properly:

Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.