Crash with failed "@mozilla.org/peerconnection;1" instance (round 2)
Categories
(Core :: WebRTC: Networking, defect, P3)
Tracking
()
People
(Reporter: Oriol, Assigned: bwc)
References
(Regression)
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(2 files)
|
48 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-esr91+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-esr91+
|
Details | Review |
Basically the same as bug 1550540. It regressed just some months after getting fixed.
Run this code in the browser console:
Cc["@mozilla.org/peerconnection;1"].createInstance(Ci.nsIArray)
Expected: it throws a JS exception like
[Exception... "ComponentManager::CreateInstance returned failure code:" nsresult: "0x80570015 (NS_ERROR_XPC_CI_RETURNED_FAILURE)" location: "JS frame :: debugger eval code :: <TOP_LEVEL> :: line 1" data: no]
Result: Firefox crashes
AddressSanitizer:DEADLYSIGNAL
Regression window: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=49320c7fe8b3a547856dc67e7d57a64db6b56ffd&tochange=9e3f44e87a1a2be927c7fab135653c6b86b982c9
|
Reporter | |
Comment 1•4 years ago
|
||
https://crash-stats.mozilla.org/report/index/a85a6b98-62d0-439b-af83-bbbae0210619
https://crash-stats.mozilla.org/report/index/a442a38f-2921-4c43-8b01-6a3a60210619
Basically,
NS_IMPL_COMPONENT_FACTORY(mozilla::PeerConnectionImpl) {
return do_AddRef(new PeerConnectionImpl()).downcast<nsISupports>();
}
instantiates PeerConnectionImpl with a nullprt aGlobal.
But RTCStatsTimestampMaker::RTCStatsTimestampMaker assumes it's not null:
nsCOMPtr<nsPIDOMWindowInner> window =
do_QueryInterface(aGlobal->GetAsSupports());
So this was regressed by bug 1588588.
|
||
Updated•4 years ago
|
|
Assignee | |
Updated•4 years ago
|
|
|
Assignee | |
Updated•4 years ago
|
|
|
Assignee | |
Comment 2•4 years ago
|
||
|
|
Assignee | |
Comment 3•4 years ago
|
||
|
|
Assignee | |
Comment 4•4 years ago
|
||
Depends on D124061
|
|
Assignee | |
Comment 5•4 years ago
|
||
Mochitest and wpt look fine, not sure about crashtest though. Here's a baseline push for comparison:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=4cefc1c3c5bf237cb20881b0d6d551a101f3be0b
|
|
Assignee | |
Comment 6•4 years ago
|
||
Yeah, try looks the same as baseline.
|
||
Comment 8•4 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/b5c54bb33074
https://hg.mozilla.org/mozilla-central/rev/d755daa2871c
|
||
Updated•4 years ago
|
|
||
Comment 9•4 years ago
|
||
Comment on attachment 9238687 [details]
Bug 1717318: Stop PeerConnectionImpl from crashing if constructed with a null global. r?mjf
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: This is a simple fix checking for a null ptr to avoid a crash.
- User impact if declined: Possible crash in the wild.
- Fix Landed on Version: 93
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Small number of changes (2 asserts and a null deref check).
- String or UUID changes made by this patch: n/a
|
|
||
Updated•4 years ago
|
|
|
||
Updated•4 years ago
|
|
|
||
Comment 10•4 years ago
|
||
Comment on attachment 9238686 [details]
Bug 1717318: Test-case for bug. r?mjf
Approved for 91.4esr, thanks.
|
|
||
Updated•4 years ago
|
|
|
||
Comment 11•4 years ago
|
||
| bugherder uplift | ||
Description
•