Closed Bug 1665862 Opened 4 years ago Closed 4 years ago

Crash in [@ xpc::UnprivilegedJunkScope]

Categories

(Core :: DOM: Networking, defect, P1)

Product:
Core
Component:
DOM: Networking
Platform:
Unspecified
All
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
83 Branch
Tracking Flags:
Tracking Status
firefox-esr78 --- unaffected
firefox80 --- wontfix
firefox81 --- wontfix
firefox82 --- wontfix
firefox83 --- fixed

People

(Reporter: gsvelto, Assigned: kmag)

References

(Regression)

Details

(Keywords: crash, regression, Whiteboard: [necko-triaged])

Crash Data

Attachments

(1 file)

Bug 1665862: Don't use AutoSafeJSContext in XMLHttpRequestWorker. r=nika
47 bytes, text/x-phabricator-request
Details | Review

Crash report: https://crash-stats.mozilla.org/report/index/9cc3f581-80c8-4598-a887-cde160200918

Top 10 frames of crashing thread:

0 xul.dll xpc::UnprivilegedJunkScope js/xpconnect/src/XPCJSRuntime.cpp:566
1 xul.dll mozilla::AutoSafeJSContext::AutoSafeJSContext dom/script/ScriptSettings.cpp:731
2 xul.dll mozilla::dom::Proxy::HandleEvent dom/xhr/XMLHttpRequestWorker.cpp:901
3 xul.dll mozilla::EventListenerManager::HandleEventInternal dom/events/EventListenerManager.cpp:1278
4 xul.dll static mozilla::EventTargetChainItem::HandleEventTargetChain dom/events/EventDispatcher.cpp:557
5 xul.dll static mozilla::EventDispatcher::Dispatch dom/events/EventDispatcher.cpp:1054
6 xul.dll static mozilla::EventDispatcher::DispatchDOMEvent dom/events/EventDispatcher.cpp
7 xul.dll mozilla::DOMEventTargetHelper::DispatchEvent dom/events/DOMEventTargetHelper.cpp:145
8 xul.dll mozilla::dom::EventTarget::DispatchEvent dom/events/EventTarget.cpp:184
9 xul.dll mozilla::dom::XMLHttpRequestMainThread::FireReadystatechangeEvent dom/xhr/XMLHttpRequestMainThread.cpp:1252

We're hitting a release assertion, there's multiple stacks but they all eventually call XMLHttpRequestMainThread::FireReadystatechangeEvent() which ultimately leads to the assertion being triggered. The volume isn't high but it has been steadily increasing. Not being familiar with this code I can't tell what's wrong.

Component: Networking: HTTP → DOM: Networking

This release assertion was added recently.
:kmag, could you take a look?
Thanks.

Flags: needinfo?(kmaglione+bmo)
Assignee: nobody → kmaglione+bmo
Flags: needinfo?(kmaglione+bmo)

It crashes if it fails to create the unprivileged junk scope, which is not
great when it's being used by a fallible function.

Severity: -- → S2
Priority: -- → P1
Whiteboard: [necko-triaged]

Setting affected based on bug 1645510.

status-firefox80: --- → wontfix
status-firefox81: --- → affected
status-firefox82: --- → affected
Regressed by: 1645510
Has Regression Range: --- → yes
Pushed by maglione.k@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/b7431901a0db
Don't use AutoSafeJSContext in XMLHttpRequestWorker. r=nika

https://hg.mozilla.org/mozilla-central/rev/b7431901a0db

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox83: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 83 Branch

The patch landed in nightly and beta is affected.
:kmag, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(kmaglione+bmo)

This is an OOM or binary corruption crash. Making it non-fatal will probably just kick the can a bit further down the road. Probably not worth the trouble of uplifting. And it's quite low volume.

status-firefox81: affectedwontfix
status-firefox82: affectedwontfix
Flags: needinfo?(kmaglione+bmo)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: