Crash in [@ nsWrapperCache::GetWrapper]
Categories
(Core :: DOM: Forms, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr78 | --- | unaffected |
| firefox-esr91 | 94+ | fixed |
| firefox93 | --- | unaffected |
| firefox94 | + | fixed |
| firefox95 | + | fixed |
People
(Reporter: aryx, Assigned: emilio)
References
(Regression)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-beta+
RyanVM
:
approval-mozilla-esr91+
|
Details | Review |
There are already bugs for this crash signature but it didn't affect Firefox 94 betas before. There are 18 crashes from several installations of Firefox 94.0b7
The urls submitted indicate the existence of forms (e.g. for login or registration). Eden, could this be a side effect of the changes from bug 1730156?
Maybe Fission related. (DOMFissionEnabled=1)
Crash report: https://crash-stats.mozilla.org/report/index/e69dbcb3-3e55-4d68-be04-332f90211019
Reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Top 10 frames of crashing thread:
0 XUL nsWrapperCache::GetWrapper const dom/base/nsWrapperCacheInlines.h:28
1 XUL mozilla::dom::WindowGlobalParent_Binding::getExistingActor dom/bindings/WindowGlobalActorsBinding.cpp:2469
2 XUL mozilla::dom::WindowGlobalParent_Binding::getExistingActor dom/bindings/WindowGlobalActorsBinding.cpp:2469
3 XUL bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions> dom/bindings/BindingUtils.cpp:3300
4 XUL js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:472
5 XUL Interpret js/src/vm/Interpreter.cpp:3239
6 XUL js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:504
7 XUL js::Call js/src/vm/Interpreter.cpp:549
8 XUL JS_CallFunctionValue js/src/vm/CallAndConstruct.cpp:53
9 XUL nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:973
|
Reporter | |
Comment 1•3 years ago
|
||
Correction, >100 crashes, mostly Windows + the ones on macOS mentioned in comment 0.
|
Assignee | |
Comment 2•3 years ago
|
||
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
Assignee | |
Comment 4•3 years ago
|
||
I doubt it's because of that bug, it seems like bug 1366818 introduced the call to getExistingActor, and the code was wrong since bug 1708734.
|
||
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Comment 5•3 years ago
|
||
Would be good if we could get this into today's b8 build if possible. Please nominate for Beta/ESR approval if you're not worried about regressions.
|
|
Assignee | |
Comment 6•3 years ago
|
||
Comment on attachment 9246628 [details]
Bug 1736545 - WindowGlobal.getExistingActor can return null. r=nika
Beta/Release Uplift Approval Request
- User impact if declined: Crashes
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Webidl version of a null check
- String changes made/needed:
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: Some esr patches need this
- User impact if declined:
- Fix Landed on Version:
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Telss webidl that we can return null.
- String or UUID changes made by this patch: none
|
|
||
Comment 7•3 years ago
|
||
Comment on attachment 9246628 [details]
Bug 1736545 - WindowGlobal.getExistingActor can return null. r=nika
Needed to fix a crash spike caused by an earlier uplift to Beta/ESR. Approved for 94.0b8 & 91.3esr.
|
|
||
Comment 8•3 years ago
|
||
| bugherder uplift | ||
|
|
||
Comment 9•3 years ago
|
||
| bugherder uplift | ||
|
||
Comment 10•3 years ago
|
||
| bugherder | ||
Description
•