Closed Bug 1658160 Opened 6 months ago Closed 5 months ago

Assertion failure: get() (dereferencing a UniquePtr containing nullptr), at dist/include/mozilla/UniquePtr.h:281

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
All
Linux
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
81 Branch
Tracking Flags:
Tracking Status
firefox-esr68 --- unaffected
firefox-esr78 --- unaffected
firefox79 --- unaffected
firefox80 --- unaffected
firefox81 --- fixed

People

(Reporter: gkw, Assigned: sfink)

References

(Regression)

Details

(Keywords: regression, testcase)

Attachments

(1 file)

Bug 1658160 - Give shell workers a module loader
47 bytes, text/x-phabricator-request
Details | Review 
evalInWorker('registerModule("a", parseModule(""));');

Compiled using GCC 9.3.0 and Clang 9 with:

AR=ar sh ./configure --enable-debug --with-ccache --enable-gczeal --enable-debug-symbols --disable-tests

Run with:

-fuzzing-safe --ion-offthread-compile=off --ion-eager

Tested on m-c rev fa0dbdf15f29.

The first bad revision is:
changeset:   https://hg.mozilla.org/mozilla-central/rev/2f8d79b33e8a
user:        Jon Coppeard
date:        Thu Aug 06 14:21:34 2020 +0000
summary:     Bug 1655455 - Replace setModuleResolveHook() with registerModule() test function r=jandem

Jon, is bug 1655455 a likely regressor? I doubt this is s-s but setting it just-in-case the assertion failure message sounds bad.

Flags: sec-bounty?
Flags: needinfo?(jcoppeard)

This is not s-s and a fuzzblocker caused by the recently added testing function registerModule which blew up our fuzzing as well over the weekend. :jonco mentioned that he is on PTO on Monday but :sfink might be able to look into it to unblock.

Flags: sec-bounty? → needinfo?(sphink)

The problem is that shell workers do not have a module loader. I'm not sure if workers aren't supposed to use modules, or whether it's just a matter of creating a loader for them. I'll try doing the latter.

Assignee: nobody → sphink
Status: NEW → ASSIGNED
Group: core-security → javascript-core-security

Looks like Steve has got this.

Flags: needinfo?(jcoppeard)

shell-only

Group: javascript-core-security
Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/mozilla-central/rev/8b3429b0e8da
Give shell workers a module loader r=jonco

https://hg.mozilla.org/mozilla-central/rev/8b3429b0e8da

Status: ASSIGNED → RESOLVED
Closed: 5 months ago
status-firefox81: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 81 Branch
Flags: needinfo?(sphink)
You need to log in before you can comment on or make changes to this bug.