Open
Bug 1771300
Opened 2 years ago
Updated 2 years ago
Assertion failure: !originInfo->mQuotaObjects.Count(), at /dom/quota/ActorsParent.cpp:4516
Categories
(Core :: Storage: IndexedDB, defect, P2)
Tracking
()
NEW
People
(Reporter: jkratzer, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: testcase)
Attachments
(1 file)
|
252 bytes,
text/plain
|
Details |
Testcase found while fuzzing mozilla-central rev aee55da05180 (built with: --enable-debug --enable-fuzzing).
Testcase can be reproduced using the following commands:
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch --build aee55da05180 --debug --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html
Assertion failure: !originInfo->mQuotaObjects.Count(), at /dom/quota/ActorsParent.cpp:4516
r10 = 0x00007ffac24a2651 r11 = 0x0000006a9d93eee0 r12 = 0x00007ffa81464d3c
r13 = 0x000002417ce85ac0 r14 = 0x0000000000000000 r15 = 0x0000000000000000
r8 = 0x0000006a9d93fdf0 r9 = 0x00007ffac2450000 rax = 0x00007ffa81464ea4
rbp = 0x0000006a9d93f598 rbx = 0x0000006a9d93f568 rcx = 0x00007ffa84223b60
rdi = 0x000002417d147700 rdx = 0x0000000000000000 rip = 0x00007ffa7b6475e2
rsi = 0x00000241701358c0 rsp = 0x0000006a9d93f520
OS|Windows NT|10.0.19044
CPU|amd64|family 6 model 158 stepping 10|4
Crash|EXCEPTION_BREAKPOINT|0x00007ffa7b6475e2|30
30|0|xul.dll|mozilla::dom::quota::QuotaManager::UnloadQuota()|hg:hg.mozilla.org/mozilla-central:dom/quota/ActorsParent.cpp:aee55da05180a837afcefb572b8b531c9ee9b6f3|4516|0x812
30|1|xul.dll|mozilla::dom::quota::QuotaManager::ShutdownStorage()|hg:hg.mozilla.org/mozilla-central:dom/quota/ActorsParent.cpp:aee55da05180a837afcefb572b8b531c9ee9b6f3|6504|0x46
30|2|xul.dll|mozilla::detail::RunnableMethodImpl<mozilla::dom::quota::QuotaManager *,void (mozilla::dom::quota::QuotaManager::*)(),1,mozilla::RunnableKind::Standard>::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.h:aee55da05180a837afcefb572b8b531c9ee9b6f3|1200|0x20
30|3|xul.dll|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:aee55da05180a837afcefb572b8b531c9ee9b6f3|1174|0xa54
30|4|xul.dll|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:aee55da05180a837afcefb572b8b531c9ee9b6f3|465|0x44
30|5|xul.dll|mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:aee55da05180a837afcefb572b8b531c9ee9b6f3|330|0x112
30|6|xul.dll|MessageLoop::RunHandler()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:aee55da05180a837afcefb572b8b531c9ee9b6f3|373|0x4f
30|7|xul.dll|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:aee55da05180a837afcefb572b8b531c9ee9b6f3|355|0x6f
30|8|xul.dll|static nsThread::ThreadFunc(void*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:aee55da05180a837afcefb572b8b531c9ee9b6f3|378|0x141
30|9|nss3.dll|PR_NativeRunThread(void*)|hg:hg.mozilla.org/mozilla-central:nsprpub/pr/src/threads/combined/pruthr.c:aee55da05180a837afcefb572b8b531c9ee9b6f3|399|0x111
30|10|nss3.dll|pr_root(void*)|hg:hg.mozilla.org/mozilla-central:nsprpub/pr/src/md/windows/w95thred.c:aee55da05180a837afcefb572b8b531c9ee9b6f3|139|0x10
30|11|ucrtbase.dll||||
30|12|KERNELBASE.dll||||
30|13|ucrtbase.dll||||
30|14|kernel32.dll||||
30|15|ucrtbase.dll||||
30|16|mozglue.dll|patched_BaseThreadInitThunk(int, void*, void*)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/dllservices/mozglue/WindowsDllBlocklist.cpp:aee55da05180a837afcefb572b8b531c9ee9b6f3|572|0x93
30|17|ntdll.dll||||
30|18|KERNELBASE.dll||||
|
Reporter | |
Comment 1•2 years ago
|
||
|
||
Updated•2 years ago
|
Severity: -- → S3
Priority: -- → P2
You need to log in
before you can comment on or make changes to this bug.
Description
•