Closed Bug 1743236 Opened 2 years ago Closed 2 years ago

Crash in [@ mozilla::dom::ClientSource::SetController]

Categories

(Core :: Privacy: Anti-Tracking, defect, P2)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
96 Branch
Tracking Flags:
Tracking Status
firefox-esr91 --- unaffected
firefox94 --- unaffected
firefox95 --- unaffected
firefox96 blocking fixed

People

(Reporter: aryx, Assigned: timhuang)

References

(Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(3 files)

Bug 1743236 - Part 1: Add StoragePrincipalHelper::ShouldUsePartitionPrincipalForServiceWorker() for WorkerPrivate. r?dimi
48 bytes, text/x-phabricator-request
Details | Review
Bug 1743236 - Part 2: Use Partitioned Principal when creating clientSource in WorkerPrivate. r?dimi
48 bytes, text/x-phabricator-request
Details | Review
Bug 1743236 - Part 3: Add a test. r?dimi
48 bytes, text/x-phabricator-request
Details | Review

70 content crashes from 3 different installations (both Windows and macOS). All had the Keepa.com - Amazon price tracker extension installed and reported crash url either belongs to amazon or keepa.com.

Crash report: https://crash-stats.mozilla.org/report/index/b6086180-40eb-4126-b1dc-de09f0211127

MOZ_CRASH Reason: MOZ_RELEASE_ASSERT(ClientMatchPrincipalInfo(mClientInfo.PrincipalInfo(), aServiceWorker.PrincipalInfo()))

Top 10 frames of crashing thread:

0 xul.dll mozilla::dom::ClientSource::SetController dom/clients/manager/ClientSource.cpp:378
1 xul.dll mozilla::dom::ClientSource::InheritController dom/clients/manager/ClientSource.cpp:483
2 xul.dll mozilla::dom::`anonymous namespace'::ScriptExecutorRunnable::WorkerRun dom/workers/ScriptLoader.cpp:2155
3 xul.dll mozilla::dom::WorkerRunnable::Run dom/workers/WorkerRunnable.cpp:378
4 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1177
5 xul.dll NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:467
6 xul.dll mozilla::dom::WorkerPrivate::RunCurrentSyncLoop dom/workers/WorkerPrivate.cpp:4078
7 xul.dll mozilla::dom::`anonymous namespace'::LoadAllScripts dom/workers/ScriptLoader.cpp:2358
8 xul.dll mozilla::dom::workerinternals::LoadMainScript dom/workers/ScriptLoader.cpp:2471
9 xul.dll mozilla::dom::`anonymous namespace'::CompileScriptRunnable::WorkerRun dom/workers/WorkerPrivate.cpp:371
Flags: needinfo?(tihuang)
Flags: needinfo?(tihuang)
Priority: -- → P2
Flags: needinfo?(tihuang)
Assignee: nobody → tihuang
Status: NEW → ASSIGNED
Flags: needinfo?(tihuang)

Set it as blocker for 96.

tracking-firefox96: --- → blocking

We should use the parititoned principal when creating clientSource in
WorkerPrivate if the workerPrivate is in third-party context.

Depends on D132369

This patch adds a test to ensure that a dedicated worker can be created
in a page which is controlled by a servcie worker.

Depends on D132370

Pushed by tihuang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/bbf250e00ca9
Part 1: Add StoragePrincipalHelper::ShouldUsePartitionPrincipalForServiceWorker() for WorkerPrivate. r=dimi
https://hg.mozilla.org/integration/autoland/rev/f8b6146213d6
Part 2: Use Partitioned Principal when creating clientSource in WorkerPrivate. r=dimi,edenchuang
https://hg.mozilla.org/integration/autoland/rev/dfd4214ae0b8
Part 3: Add a test. r=dimi

https://hg.mozilla.org/mozilla-central/rev/bbf250e00ca9
https://hg.mozilla.org/mozilla-central/rev/f8b6146213d6
https://hg.mozilla.org/mozilla-central/rev/dfd4214ae0b8

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox96: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 96 Branch
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: