Assertion failure: aParserCreated == false (Skipping nonce-check is only allowed for Preloads), at dom/security/nsCSPUtils.cpp:928
Categories
(Core :: Security, defect)
Tracking
()
People
(Reporter: dholbert, Unassigned)
References
Details
(Keywords: assertion)
Attachments
(1 file)
|
74 bytes,
text/html
|
Details |
STR:
- In a debug build, visit https://bug1735376.bmoattachments.org/attachment.cgi?id=9246221
- If nothing bad has happened, reload.
ACTUAL RESULTS:
Usually (at least 50% of the time), I get:
Assertion failure: aParserCreated == false (Skipping nonce-check is only allowed for Preloads), at $SRC/dom/security/nsCSPUtils.cpp:928
#01: nsCSPNonceSrc::permits(nsIURI*, nsTSubstring<char16_t> const&, bool, bool, bool, bool) const ($SRC/dom/security/nsCSPUtils.cpp:927)
#02: nsCSPDirective::permits(nsIURI*, nsTSubstring<char16_t> const&, bool, bool, bool, bool) const ($SRC/dom/security/nsCSPUtils.cpp:1069)
#03: nsCSPPolicy::permits(nsIContentSecurityPolicy::CSPDirective, nsIURI*, nsTSubstring<char16_t> const&, bool, bool, bool, nsTSubstring<char16_t>&) const ($SRC/dom/security/nsCSPUtils.cpp:1365)
#04: nsCSPContext::permitsInternal(nsIContentSecurityPolicy::CSPDirective, mozilla::dom::Element*, nsICSPEventListener*, nsIURI*, nsIURI*, nsTSubstring<char16_t> const&, bool, bool, bool, bool) ($SRC/dom/security/nsCSPContext.cpp:189)
#05: nsCSPContext::ShouldLoad(nsIContentPolicy::nsContentPolicyType, nsICSPEventListener*, nsIURI*, nsIURI*, bool, nsTSubstring<char16_t> const&, bool, short*) ($SRC/dom/security/nsCSPContext.cpp:156)
#06: CSPService::ConsultCSPForRedirect(nsIURI*, nsIURI*, nsILoadInfo*, mozilla::Maybe<nsresult>&) ($SRC/dom/security/nsCSPService.cpp:396)
#07: CSPService::AsyncOnChannelRedirect(nsIChannel*, nsIChannel*, unsigned int, nsIAsyncVerifyRedirectCallback*) ($SRC/dom/security/nsCSPService.cpp:305)
#08: mozilla::net::nsAsyncRedirectVerifyHelper::DelegateOnChannelRedirect(nsIChannelEventSink*, nsIChannel*, nsIChannel*, unsigned int) ($SRC/netwerk/base/nsAsyncRedirectVerifyHelper.cpp:155)
#09: mozilla::net::nsIOService::AsyncOnChannelRedirect(nsIChannel*, nsIChannel*, unsigned int, mozilla::net::nsAsyncRedirectVerifyHelper*) ($SRC/netwerk/base/nsIOService.cpp:770)
#10: mozilla::net::nsAsyncRedirectVerifyHelper::Run() ($SRC/netwerk/base/nsAsyncRedirectVerifyHelper.cpp:250)
#11: mozilla::SchedulerGroup::Runnable::Run() ($SRC/xpcom/threads/SchedulerGroup.cpp:144)
#12: mozilla::RunnableTask::Run() ($SRC/xpcom/threads/TaskController.cpp:469)
#13: mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) ($SRC/xpcom/threads/TaskController.cpp:771)
#14: mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) ($SRC/xpcom/threads/TaskController.cpp:607)
#15: mozilla::TaskController::ProcessPendingMTTask(bool) ($SRC/xpcom/threads/TaskController.cpp:391)
#16: mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_0>::Run() ($OBJ/dist/include/nsThreadUtils.h:532)
#17: nsThread::ProcessNextEvent(bool, bool*) ($SRC/xpcom/threads/nsThread.cpp:0)
#18: NS_ProcessNextEvent(nsIThread*, bool) ($SRC/xpcom/threads/nsThreadUtils.cpp:467)
#19: mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ($SRC/ipc/glue/MessagePump.cpp:85)
#20: mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ($SRC/ipc/glue/MessagePump.cpp:269)
#21: MessageLoop::RunInternal() ($SRC/ipc/chromium/src/base/message_loop.cc:0)
#22: MessageLoop::Run() ($SRC/ipc/chromium/src/base/message_loop.cc:307)
#23: nsBaseAppShell::Run() ($SRC/widget/nsBaseAppShell.cpp:139)
#24: XRE_RunAppShell() ($SRC/toolkit/xre/nsEmbedFunctions.cpp:864)
#25: mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ($SRC/ipc/glue/MessagePump.cpp:235)
#26: MessageLoop::RunInternal() ($SRC/ipc/chromium/src/base/message_loop.cc:0)
#27: MessageLoop::Run() ($SRC/ipc/chromium/src/base/message_loop.cc:307)
#28: XRE_InitChildProcess(int, char**, XREChildData const*) ($SRC/toolkit/xre/nsEmbedFunctions.cpp:705)
#29: mozilla::BootstrapImpl::XRE_InitChildProcess(int, char**, XREChildData const*) ($SRC/toolkit/xre/Bootstrap.cpp:67)
#30: main ($SRC/browser/app/nsBrowserApp.cpp:327)
#31: ??? (/lib/x86_64-linux-gnu/libc.so.6 + 0x2dfd0)
#32: __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6 + 0x2e07d)
#33: ??? ($OBJ/dist/bin/firefox + 0x39249)
#34: ??? (???:???)
EXPECTED RESULTS:
No such assertion failure.
I haven't dug into what precisely about this testcase is causing the issue, but I'm guessing it might be the fact that (a) it lives on bugzilla which has a strict CSP, and (b) it includes some stray (not-actually-functional) <script src> tags:
<script src="helpers.js"></script>
<script src="bootstrap.js"></script>
This is not a recent regression; I can reproduce it in the oldest debug build that mozregression will let me launch, from 1 year ago, 2021-01-08 (mozregression's taskcluster debug builds are only preserved for 1 year).
The assertion in question is here:
https://searchfox.org/mozilla-central/rev/d25b03e77bc6bc3d9c86165b83e0b512700b0462/dom/security/nsCSPUtils.cpp#913-929
...and was added in bug 1505412. --> Marking as depending on that bug. sstreich, maybe you could take a look?
|
Reporter | |
Comment 1•4 years ago
|
||
|
|
Reporter | |
Comment 2•4 years ago
|
||
Comment on attachment 9258205 [details]
testcase 1 (might require several reloads to trigger the bug)
(In reply to Daniel Holbert [:dholbert] from comment #0)
I haven't dug into what precisely about this testcase is causing the issue, but I'm guessing it might be the fact that (a) it lives on bugzilla which has a strict CSP, and (b) it includes some stray (not-actually-functional)
<script src>tags:
Indeed, that seems to be it. I've confirmed that this further-reduced testcase reproduces the issue (though it took 4 or 5 reloads before I hit the assertion-failure).
|
|
Reporter | |
Comment 3•4 years ago
|
||
A pernosco trace is available here:
https://pernos.co/debug/Qyc3SuJ5CwXr1wAXID37fA/index.html
|
||
Comment 4•2 years ago
|
||
Code/assert is removed by bug 1313937.
Description
•