Closed Bug 1845370 Opened 2 years ago Closed 2 years ago

Crash in [@ mozilla::dom::CanonicalBrowsingContext::Cast]

Categories

(Core :: Privacy: Anti-Tracking, defect)

Product:
Core
Component:
Privacy: Anti-Tracking
Platform:
Unspecified
All
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox-esr102 --- unaffected
firefox115 --- affected
firefox116 --- affected
firefox117 --- affected

People

(Reporter: cpeterson, Unassigned)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/21078676-25f0-4974-87fb-1b0fb0230715

The first crash report was from 108.0.2 on Windows, but there was a jump in reports from both Windows and Android in Nightly 116.

Reason: SIGSEGV / SEGV_MAPERR

Top 10 frames of crashing thread:

0  libxul.so  mozilla::dom::CanonicalBrowsingContext::Cast  docshell/base/CanonicalBrowsingContext.cpp:169
0  libxul.so  mozilla::dom::BrowsingContext::Canonical  docshell/base/BrowsingContext.cpp:285
1  libxul.so  FramingChecker::CheckFrameOptions  dom/security/FramingChecker.cpp:207
2  libxul.so  EnforceXFrameOptionsCheck  dom/security/nsContentSecurityUtils.cpp:1084
2  libxul.so  nsContentSecurityUtils::PerformCSPFrameAncestorAndXFOCheck  dom/security/nsContentSecurityUtils.cpp:1122
3  libxul.so  mozilla::dom::Document::StartDocumentLoad  dom/base/Document.cpp:3602
4  libxul.so  nsHTMLDocument::StartDocumentLoad  dom/html/nsHTMLDocument.cpp:350
5  libxul.so  nsContentDLF::CreateInstance  layout/build/nsContentDLF.cpp
6  libxul.so  nsDocShell::NewContentViewerObj  docshell/base/nsDocShell.cpp:8058
7  libxul.so  nsDocShell::CreateContentViewer  docshell/base/nsDocShell.cpp:7787

I don't see any crash reports from Beta 116 or Nightly 117, so maybe this crash was introduced and fixed in Nightly 116?

The spike was a month ago and was due to 116.0a1 build 20230615094111:

  • 86% of all crashes in the last 6 months
  • 237 crashes, and that's the only 116.0a build that does crash

I'm seeing a small number of regular 115.0.x release crashes so it's definitely not introduced in 116 (though that spike may have been!). In the last month there were also 2 crashes from 114 releases and one from 113.

There was one 116 Beta 5 crash. Maybe it was fixed after that? Or maybe not enough people use betas and we'll still see crashes on Release.

All the crashes have StorageAccessAPIHelper in the stack --> moving to anti-tracking

Component: DOM: Security → Privacy: Anti-Tracking

No crashes lately, let's reopen this when this crashes again.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.