Closed Bug 1665862 Opened 1 year ago Closed 1 year ago

Crash in [@ xpc::UnprivilegedJunkScope]


(Core :: DOM: Networking, defect, P1)




83 Branch
Tracking Status
firefox-esr78 --- unaffected
firefox80 --- wontfix
firefox81 --- wontfix
firefox82 --- wontfix
firefox83 --- fixed


(Reporter: gsvelto, Assigned: kmag)




(Keywords: crash, regression, Whiteboard: [necko-triaged])

Crash Data


(1 file)

Crash report:

Top 10 frames of crashing thread:

0 xul.dll xpc::UnprivilegedJunkScope js/xpconnect/src/XPCJSRuntime.cpp:566
1 xul.dll mozilla::AutoSafeJSContext::AutoSafeJSContext dom/script/ScriptSettings.cpp:731
2 xul.dll mozilla::dom::Proxy::HandleEvent dom/xhr/XMLHttpRequestWorker.cpp:901
3 xul.dll mozilla::EventListenerManager::HandleEventInternal dom/events/EventListenerManager.cpp:1278
4 xul.dll static mozilla::EventTargetChainItem::HandleEventTargetChain dom/events/EventDispatcher.cpp:557
5 xul.dll static mozilla::EventDispatcher::Dispatch dom/events/EventDispatcher.cpp:1054
6 xul.dll static mozilla::EventDispatcher::DispatchDOMEvent dom/events/EventDispatcher.cpp
7 xul.dll mozilla::DOMEventTargetHelper::DispatchEvent dom/events/DOMEventTargetHelper.cpp:145
8 xul.dll mozilla::dom::EventTarget::DispatchEvent dom/events/EventTarget.cpp:184
9 xul.dll mozilla::dom::XMLHttpRequestMainThread::FireReadystatechangeEvent dom/xhr/XMLHttpRequestMainThread.cpp:1252

We're hitting a release assertion, there's multiple stacks but they all eventually call XMLHttpRequestMainThread::FireReadystatechangeEvent() which ultimately leads to the assertion being triggered. The volume isn't high but it has been steadily increasing. Not being familiar with this code I can't tell what's wrong.

Component: Networking: HTTP → DOM: Networking

This release assertion was added recently.
:kmag, could you take a look?

Flags: needinfo?(kmaglione+bmo)
Assignee: nobody → kmaglione+bmo
Flags: needinfo?(kmaglione+bmo)

It crashes if it fails to create the unprivileged junk scope, which is not
great when it's being used by a fallible function.

Severity: -- → S2
Priority: -- → P1
Whiteboard: [necko-triaged]

Setting affected based on bug 1645510.

Pushed by
Don't use AutoSafeJSContext in XMLHttpRequestWorker. r=nika
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → 83 Branch

The patch landed in nightly and beta is affected.
:kmag, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(kmaglione+bmo)

This is an OOM or binary corruption crash. Making it non-fatal will probably just kick the can a bit further down the road. Probably not worth the trouble of uplifting. And it's quite low volume.

Flags: needinfo?(kmaglione+bmo)
You need to log in before you can comment on or make changes to this bug.