Closed Bug 1854028 Opened 8 months ago Closed 8 months ago

Crash in [@ nsCOMPtr<T>::get | nsCOMPtr<T>::operator nsIPrincipal* | mozilla::dom::WindowGlobalParent::DocumentPrincipal]

Categories

(Core :: Privacy: Anti-Tracking, defect)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
119 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- unaffected
firefox-esr115 --- unaffected
firefox117 --- unaffected
firefox118 --- unaffected
firefox119 + fixed

People

(Reporter: aryx, Assigned: pbz)

References

(Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Bug 1854028 - Update BounceTrackingStorageObserver cookie check and remove nsICookieNotification isThirdPartyCookie. r=bvandersloot!
48 bytes, text/x-phabricator-request
Details | Review

4 crashes from 4 different installations, all with Firefox 119.0a1 20230919093728 on Windows.

Crash report: https://crash-stats.mozilla.org/report/index/a5b89e21-e9a1-4024-ac92-a08da0230919

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0  xul.dll  nsCOMPtr<nsIPrincipal>::get const  xpcom/base/nsCOMPtr.h:747
0  xul.dll  nsCOMPtr<nsIPrincipal>::operator nsIPrincipal* const  xpcom/base/nsCOMPtr.h:755
0  xul.dll  mozilla::dom::WindowGlobalParent::DocumentPrincipal  dom/ipc/WindowGlobalParent.h:112
0  xul.dll  mozilla::net::HttpChannelParent::RecvSetCookies  netwerk/protocol/http/HttpChannelParent.cpp:1074
1  xul.dll  mozilla::net::PHttpChannelParent::OnMessageReceived  ipc/ipdl/PHttpChannelParent.cpp:939
2  xul.dll  mozilla::dom::PContentParent::OnMessageReceived  ipc/ipdl/PContentParent.cpp:6749
3  xul.dll  mozilla::ipc::MessageChannel::DispatchAsyncMessage  ipc/glue/MessageChannel.cpp:1800
3  xul.dll  mozilla::ipc::MessageChannel::DispatchMessage  ipc/glue/MessageChannel.cpp:1725
3  xul.dll  mozilla::ipc::MessageChannel::RunMessage  ipc/glue/MessageChannel.cpp:1525
4  xul.dll  mozilla::ipc::MessageChannel::MessageTask::Run  ipc/glue/MessageChannel.cpp:1623
Flags: needinfo?(pbz)

The bug is marked as tracked for firefox119 (nightly). We have limited time to fix this, the soft freeze is in a day. However, the bug still isn't assigned.

:dmehic, could you please find an assignee for this tracked bug? Given that it is a regression and we know the cause, we could also simply backout the regressor. If you disagree with the tracking decision, please talk with the release managers.

For more information, please visit BugBot documentation.

Flags: needinfo?(dmehic)

I found a solution that doesn't require the affected principal checks. I'll submit a patch later today.

Assignee: nobody → pbz
Status: NEW → ASSIGNED
Flags: needinfo?(pbz)
Flags: needinfo?(dmehic)

For the BounceTrackingStorageObserver, instead of passing in a third-party flag
we can simply check if the changed cookie is partitioned or not.

:pbz I know this is actively being worked on and your plan is to fix asap.
Thought worth mentioning that Monday is merge day for Fx119, to ask if there's any concerns fixing this before then?

Flags: needinfo?(pbz)

The patch is complete, it is just pending a review of cookie-reviewers. I've already asked on Matrix if we can get a speedy review.

Flags: needinfo?(pbz)
Pushed by pzuhlcke@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6379a4984eba
Update BounceTrackingStorageObserver cookie check and remove nsICookieNotification isThirdPartyCookie. r=bvandersloot,cookie-reviewers,anti-tracking-reviewers,timhuang

https://hg.mozilla.org/mozilla-central/rev/6379a4984eba

Status: ASSIGNED → RESOLVED
Closed: 8 months ago
status-firefox119: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 119 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: