Closed Bug 1653407 Opened 5 years ago Closed 5 years ago

sendAsyncMessage in child actor crashes when no parent actor defined

Categories

(Core :: DOM: Content Processes, defect, P2)

Product:
Core
Component:
DOM: Content Processes
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
81 Branch
Project Flags:
Fission Milestone M6b
Tracking Flags:
Tracking Status
firefox81 --- fixed

People

(Reporter: agi, Assigned: nika)

Details

Attachments

(2 files)

Bug 1653407 - Part 1: Handle null JSActor wrappers better,
47 bytes, text/x-phabricator-request
Details | Review
Bug 1653407 - Part 2: Fix issue with NoteJSContextException,
47 bytes, text/x-phabricator-request
Details | Review

It seems that calling this.sendAsyncMessage(...) crashes the browser when no parent actor is defined.

E.g. I have

      GeckoViewContent: {
        child: {
          moduleURI: "resource:///actors/GeckoViewContentChild.jsm",
          events: {
                // ... events
          },  
          allFrames: true,
        },  
      },

notice no "parent" section. When calling

    this.sendAsyncMessage("GeckoView:DOMFullscreenRequest", {});

I get the following crash (null dereference):

    js::GetObjectClass(JSObject const*) jsfriendapi.h:597
    js::IsProxy(JSObject const*) Proxy.h:379
    js::IsWrapper(JSObject const*) Wrapper.h:383
    js::IsCrossCompartmentWrapper(JSObject const*) Wrapper.h:387
    JS::GetNonCCWObjectGlobal(JSObject*) jsapi.cpp:1243
    mozilla::dom::JSActor::ReceiveMessageOrQuery(JSContext*, mozilla::dom::JSActorMessageMeta const&, JS::Handle<JS::Value>, mozilla::ErrorResult&) JSActor.cpp:265
    mozilla::dom::JSActorManager::ReceiveRawMessage(mozilla::dom::JSActorMessageMeta const&, mozilla::dom::ipc::StructuredCloneData&&, mozilla::dom::ipc::StructuredCloneData&&) JSActorManager.cpp:173
    mozilla::dom::WindowGlobalParent::RecvRawMessage(mozilla::dom::JSActorMessageMeta const&, mozilla::dom::ClonedMessageData const&, mozilla::dom::ClonedMessageData const&) WindowGlobalParent.cpp:424
    mozilla::dom::PWindowGlobalParent::OnMessageReceived(IPC::Message const&) PWindowGlobalParent.cpp:628
    mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) PContentParent.cpp:6578
    mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) MessageChannel.cpp:2150
    mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) MessageChannel.cpp:2074
    mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) MessageChannel.cpp:1922
    mozilla::ipc::MessageChannel::MessageTask::Run() MessageChannel.cpp:1953
    mozilla::RunnableTask::Run() TaskController.cpp:244
    mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) TaskController.cpp:499
    mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) TaskController.cpp:373
    mozilla::TaskController::ProcessPendingMTTask(bool) TaskController.cpp:164
    mozilla::TaskController::InitializeInternal()::$_4::operator()() const TaskController.cpp:83
    mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_4>::Run() nsThreadUtils.h:577
    nsThread::ProcessNextEvent(bool, bool*) nsThread.cpp:1234
    NS_ProcessNextEvent(nsIThread*, bool) nsThreadUtils.cpp:513
    mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) MessagePump.cpp:87
    MessageLoop::RunInternal() message_loop.cc:334
    MessageLoop::RunHandler() message_loop.cc:327
    MessageLoop::Run() message_loop.cc:309
    nsBaseAppShell::Run() nsBaseAppShell.cpp:137
    nsAppStartup::Run() nsAppStartup.cpp:270
    XREMain::XRE_mainRun() nsAppRunner.cpp:4719
    XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) nsAppRunner.cpp:4909
    XRE_main(int, char**, mozilla::BootstrapConfig const&) nsAppRunner.cpp:4963
    GeckoStart nsAndroidStartup.cpp:38
    mozilla::BootstrapImpl::GeckoStart(_JNIEnv*, char**, int, mozilla::StaticXREAppData const&) Bootstrap.cpp:77
    Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun 0x000079e75bf98752
    nativeRun 0x000079e75d0c3b28
    art_quick_invoke_static_stub 0x000079e7710ff877
    art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*) 0x000079e770c350fe
    art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*) 0x000079e770e124c6
    bool art::interpreter::DoCall<true, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x000079e770e0d4a3
    bool art::interpreter::DoInvoke<(art::InvokeType)0, true, false>(art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x000079e770e4837f
    art::JValue art::interpreter::ExecuteSwitchImpl<false, false>(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x000079e770e3f42f
    art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x000079e770de9d94
    artQuickToInterpreterBridge 0x000079e7710d6bbd
    art_quick_to_interpreter_bridge 0x000079e771109c2d
    art_quick_invoke_stub 0x000079e7710ff515
    art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*) 0x000079e770c350d8
    art::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::ArgArray*, art::JValue*, char const*) 0x000079e771015ab7
    art::InvokeVirtualOrInterfaceWithJValues(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, jvalue*) 0x000079e771016f35
    art::Thread::CreateCallback(void*) 0x000079e771041096
    __pthread_start(void*) 0x000079e7f4b41f3c
    __start_thread 0x000079e7f4af0c8e
    __bionic_clone 0x000079e7f4aef516
Flags: needinfo?(nika)
Assignee: nobody → nika
Flags: needinfo?(nika)

Previously these methods would crash if we ever didn't have a preserved wrapper,
such as when no module URI is specified.

Previously we would end up throwing an uncatchable exception if actor
construction failed with an exception, due to calling
NoteJSContextException(cx), and then exiting a AutoEntryScript, which will clear
the exception on the JSContext and report it.

Status: NEW → ASSIGNED
Fission Milestone: --- → M6b

The severity field is not set for this bug.
:neha, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(nkochar)
Severity: -- → S2
Flags: needinfo?(nkochar)
Priority: -- → P2
Pushed by nlayzell@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/df366e95416b Part 1: Handle null JSActor wrappers better, r=kmag https://hg.mozilla.org/integration/autoland/rev/aec5c209d375 Part 2: Fix issue with NoteJSContextException, r=kmag

https://hg.mozilla.org/mozilla-central/rev/df366e95416b
https://hg.mozilla.org/mozilla-central/rev/aec5c209d375

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox81: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 81 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: