Closed Bug 1779521 Opened 2 years ago Closed 2 years ago

Crash in [@ mozilla::BasePrincipal::AddonPolicy]

Categories

(Core :: Graphics: Canvas2D, defect, P3)

Unspecified
Windows 10
defect

Tracking

()

RESOLVED FIXED
104 Branch
Tracking Status
firefox-esr91 --- unaffected
firefox-esr102 --- fixed
firefox102 --- unaffected
firefox103 --- unaffected
firefox104 --- fixed

People

(Reporter: aosmond, Assigned: aosmond)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Crash report: https://crash-stats.mozilla.org/report/index/42ec494d-6124-4921-9c0e-f23b80220713

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0 xul.dll mozilla::BasePrincipal::AddonPolicy 
1 xul.dll mozilla::CanvasUtils::DoDrawImageSecurityCheck dom/canvas/CanvasUtils.cpp:253
2 xul.dll mozilla::dom::CanvasGeneralPattern::ForStyle dom/canvas/CanvasRenderingContext2D.cpp:305
3 xul.dll mozilla::dom::CanvasRenderingContext2D::FillRect dom/canvas/CanvasRenderingContext2D.cpp:2809
4 xul.dll mozilla::dom::CanvasRenderingContext2D_Binding::fillRect dom/bindings/CanvasRenderingContext2DBinding.cpp:5916
5 xul.dll mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions> dom/bindings/BindingUtils.cpp:3285
6 xul.dll Interpret js/src/vm/Interpreter.cpp:3325
7 xul.dll js::Call js/src/vm/Interpreter.cpp:606
8 xul.dll js::jit::InvokeFromInterpreterStub js/src/jit/VMFunctions.cpp:551
9 None @0x000000df80eb1d84 

There are a few crashes where the principal was clearly null for the element. We should consider checking explicitly instead of just asserting.

Flags: needinfo?(aosmond)
Flags: needinfo?(aosmond)
Pushed by aosmond@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/0f614ef65bc2
Check for null principal when drawing images to a canvas element. r=lsalzman
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 104 Branch

Copying crash signatures from duplicate bugs.

Crash Signature: [@ mozilla::BasePrincipal::AddonPolicy] → [@ mozilla::BasePrincipal::AddonPolicy] [@ Is<mozilla::ContentPrincipal>]
Crash Signature: [@ mozilla::BasePrincipal::AddonPolicy] [@ Is<mozilla::ContentPrincipal>] → [@ mozilla::BasePrincipal::AddonPolicy] [@ Is<mozilla::ContentPrincipal>]

Comment on attachment 9285470 [details]
Bug 1779521 - Check for null principal when drawing images to a canvas element.

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Dependency for uplift in bug 1833876
  • User impact if declined:
  • Fix Landed on Version: 104.0a1
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Good test coverage
Attachment #9285470 - Flags: approval-mozilla-esr102?

Comment on attachment 9285470 [details]
Bug 1779521 - Check for null principal when drawing images to a canvas element.

Approved for 102.14esr

Attachment #9285470 - Flags: approval-mozilla-esr102? → approval-mozilla-esr102+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: