Crash in [@ IPCError-browser | RecvCloneDocumentTreeInto Illegal subframe clone]
Categories
(Core :: Printing: Setup, defect, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr78 | --- | unaffected |
| firefox81 | --- | wontfix |
| firefox82 | --- | fixed |
| firefox83 | --- | verified |
People
(Reporter: nordzilla, Assigned: emilio)
References
(Regression)
Details
(Keywords: regression, Whiteboard: [print2020_v83])
Crash Data
Attachments
(2 files)
|
802.89 KB,
video/quicktime
|
Details | |
|
47 bytes,
text/x-phabricator-request
|
jcristau
:
approval-mozilla-beta+
|
Details | Review |
System Information
- macOS 10.15.6
- Nightly 83.0a1 (2020-10-06) (64-bit)
- Only affected when fission is enabled.
Steps To Reproduce
- Open google calendar.
- Select a zoom meeting.
- Click the Join Zoom Meeting link.
- Click the Cancel button on the pop-up in the new tab.
- Open the Print UI.
(see attached video)
Expected Behavior
- The print UI opens.
Actual Behavior
- The tab crashes.
The crash only occurs after navigating to the new tab from the calendar link. Clicking the back button to go back to the same page, closing the popup, and opening the print UI works as expected.
Crash Report
https://crash-stats.mozilla.org/report/index/049208b2-06cb-4853-90f1-42e2a0201006
Regression Range
Other Info
Log snippet from local build
...
[Child 27415, Main Thread] WARNING: Caller should supply a printer name.: file widget/nsPrintSettingsService.cpp, line 863
[Parent 27406, Main Thread] WARNING: 'aSource.Group() != aTarget.Group()', file dom/ipc/ContentParent.cpp, line 3536IPDL protocol error: Handler returned error code!
###!!! [Parent][DispatchAsyncMessage] Error: PContent::Msg_CloneDocumentTreeInto Processing error: message was deserialized, but the handler returned false (indicating failure)
[Parent 27406, Main Thread] WARNING: IPC message discarded: actor cannot send: file ipc/glue/ProtocolUtils.cpp, line 511
JavaScript error: resource:///modules/ContentCrashHandlers.jsm, line 272: TypeError: can't access property "getTabForBrowser", gBrowser is null
...
|
Reporter | |
Updated•4 years ago
|
|
|
Reporter | |
Updated•4 years ago
|
|
|
Reporter | |
Updated•4 years ago
|
|
|
Reporter | |
Updated•4 years ago
|
|
Assignee | |
Updated•4 years ago
|
|
||
Comment 1•4 years ago
|
||
Set release status flags based on info from the regressing bug 1557645
|
|
Assignee | |
Comment 2•4 years ago
|
||
The iframe that crashes is iframe@0x7fbaad806460 name="ada-embed-connector-iframe" class="ada-embed-connector-iframe" src="https://zoom.ada.support/chat/connect/?embed=1" title="Ada Embed Connector" style="display: none;" state=[100020800000] flags=[00008000] primaryframe=(nil) refcount=6<>.
|
|
Assignee | |
Comment 3•4 years ago
|
||
The browsing context group id needs to be an 64-bit integer. Otherwise
when having a browsing context created by a child process, if it goes
over INT32_MAX, parsing fails, and we end up creating a new BCG, which
can end up in the wrong process, etc.
|
|
Assignee | |
Updated•4 years ago
|
|
|
Assignee | |
Comment 4•4 years ago
|
||
Comment on attachment 9180232 [details]
Bug 1669554 - Fix parsing of initialBrowsingContextGroupId attribute. r=nika
Beta/Release Uplift Approval Request
- User impact if declined: On fission, this can cause some pages with cross-origin iframes to crash when printing.
On non-fission, this can cause some clones to end up in the wrong document if we get into the same situation, which can also cause failed prints.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: Yes
- If yes, steps to reproduce: comment 0
- List of other uplifts needed: none
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Without asserts / tests, it's really a one-liner.
- String changes made/needed: none
|
|
Assignee | |
Updated•4 years ago
|
|
||
Comment 6•4 years ago
|
||
| bugherder | ||
|
||
Comment 7•4 years ago
|
||
Bug 1557645 is not in 82, does this still need uplift?
|
|
Assignee | |
Comment 8•4 years ago
|
||
Yes, the underlying bug was introduced in bug 1589517 and can cause spurious printing failures and such.
|
|
||
Updated•4 years ago
|
|
|
||
Comment 9•4 years ago
|
||
Comment on attachment 9180232 [details]
Bug 1669554 - Fix parsing of initialBrowsingContextGroupId attribute. r=nika
approved for 82.0b9
|
|
||
Comment 10•4 years ago
|
||
| bugherder uplift | ||
|
||
Updated•4 years ago
|
|
||
Comment 11•4 years ago
|
||
Reproduced the crash in Nightly 83.0a1 (build id: 20201006041051) using Windows 10, with fission enabled.
Crash report: https://crash-stats.mozilla.org/report/index/535492ac-ed3a-44dd-9970-be3370201009
Verified - Fixed in latest Nightly 83.0a1 (build id: 20201008210150).
Given the fact that the issue is reproducible only with fission enabled, I can't verify the fix in latest Beta 82.0b9 because the fission pref is blocked to false, and the issue is not reproducible. Is there a way to enable fission in Beta 82.0b9 in order to verify the fix in Beta as well?
Thanks.
|
|
Assignee | |
Comment 12•4 years ago
|
||
Hmm, so with fission disabled you can still get into trouble, but it's a lot harder, so not really :/
|
|
||
Comment 13•4 years ago
|
||
Given the fact that fission pref is blocked to false in Beta and the issue is reproducible only with fission enabled, also based on comment 12 we can't verify the fix in Beta as well. I will remove the qe-verify+ but please feel free to set it back if further investigations are needed here from our side.
Thanks.
|
|
||
Updated•4 years ago
|
|
||
Updated•4 years ago
|
Description
•