Closed Bug 1736545 Opened 1 month ago Closed 1 month ago

Crash in [@ nsWrapperCache::GetWrapper]

Categories

(Core :: DOM: Forms, defect)

defect

Tracking

()

RESOLVED FIXED
95 Branch
Tracking Status
firefox-esr78 --- unaffected
firefox-esr91 94+ fixed
firefox93 --- unaffected
firefox94 + fixed
firefox95 + fixed

People

(Reporter: aryx, Assigned: emilio)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

There are already bugs for this crash signature but it didn't affect Firefox 94 betas before. There are 18 crashes from several installations of Firefox 94.0b7

The urls submitted indicate the existence of forms (e.g. for login or registration). Eden, could this be a side effect of the changes from bug 1730156?

Maybe Fission related. (DOMFissionEnabled=1)

Crash report: https://crash-stats.mozilla.org/report/index/e69dbcb3-3e55-4d68-be04-332f90211019

Reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS

Top 10 frames of crashing thread:

0 XUL nsWrapperCache::GetWrapper const dom/base/nsWrapperCacheInlines.h:28
1 XUL mozilla::dom::WindowGlobalParent_Binding::getExistingActor dom/bindings/WindowGlobalActorsBinding.cpp:2469
2 XUL mozilla::dom::WindowGlobalParent_Binding::getExistingActor dom/bindings/WindowGlobalActorsBinding.cpp:2469
3 XUL bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions> dom/bindings/BindingUtils.cpp:3300
4 XUL js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:472
5 XUL Interpret js/src/vm/Interpreter.cpp:3239
6 XUL js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:504
7 XUL js::Call js/src/vm/Interpreter.cpp:549
8 XUL JS_CallFunctionValue js/src/vm/CallAndConstruct.cpp:53
9 XUL nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:973
Flags: needinfo?(echuang)

Correction, >100 crashes, mostly Windows + the ones on macOS mentioned in comment 0.

OS: macOS → Unspecified
Assignee: nobody → emilio
Status: NEW → ASSIGNED
Attachment #9246628 - Attachment description: Bug 1736545 - WGP.getExistingActor can return null. r=nika → Bug 1736545 - WindowGlobal.getExistingActor can return null. r=nika
Pushed by ealvarez@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2f8f19ca6968
WindowGlobal.getExistingActor can return null. r=nika

I doubt it's because of that bug, it seems like bug 1366818 introduced the call to getExistingActor, and the code was wrong since bug 1708734.

Flags: needinfo?(echuang)

Would be good if we could get this into today's b8 build if possible. Please nominate for Beta/ESR approval if you're not worried about regressions.

Flags: needinfo?(emilio)

Comment on attachment 9246628 [details]
Bug 1736545 - WindowGlobal.getExistingActor can return null. r=nika

Beta/Release Uplift Approval Request

  • User impact if declined: Crashes
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Webidl version of a null check
  • String changes made/needed:

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Some esr patches need this
  • User impact if declined:
  • Fix Landed on Version:
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Telss webidl that we can return null.
  • String or UUID changes made by this patch: none
Flags: needinfo?(emilio)
Attachment #9246628 - Flags: approval-mozilla-esr91?
Attachment #9246628 - Flags: approval-mozilla-beta?

Comment on attachment 9246628 [details]
Bug 1736545 - WindowGlobal.getExistingActor can return null. r=nika

Needed to fix a crash spike caused by an earlier uplift to Beta/ESR. Approved for 94.0b8 & 91.3esr.

Attachment #9246628 - Flags: approval-mozilla-esr91?
Attachment #9246628 - Flags: approval-mozilla-esr91+
Attachment #9246628 - Flags: approval-mozilla-beta?
Attachment #9246628 - Flags: approval-mozilla-beta+
Status: ASSIGNED → RESOLVED
Closed: 1 month ago
Resolution: --- → FIXED
Target Milestone: --- → 95 Branch
You need to log in before you can comment on or make changes to this bug.