Crash in [@ nsCOMPtr<T>::get | nsCOMPtr<T>::operator nsIPrincipal* | mozilla::dom::WindowGlobalParent::DocumentPrincipal]
Categories
(Core :: Privacy: Anti-Tracking, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr102 | --- | unaffected |
firefox-esr115 | --- | unaffected |
firefox117 | --- | unaffected |
firefox118 | --- | unaffected |
firefox119 | + | fixed |
People
(Reporter: aryx, Assigned: pbz)
References
(Regression)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
4 crashes from 4 different installations, all with Firefox 119.0a1 20230919093728 on Windows.
Crash report: https://crash-stats.mozilla.org/report/index/a5b89e21-e9a1-4024-ac92-a08da0230919
Reason: EXCEPTION_ACCESS_VIOLATION_READ
Top 10 frames of crashing thread:
0 xul.dll nsCOMPtr<nsIPrincipal>::get const xpcom/base/nsCOMPtr.h:747
0 xul.dll nsCOMPtr<nsIPrincipal>::operator nsIPrincipal* const xpcom/base/nsCOMPtr.h:755
0 xul.dll mozilla::dom::WindowGlobalParent::DocumentPrincipal dom/ipc/WindowGlobalParent.h:112
0 xul.dll mozilla::net::HttpChannelParent::RecvSetCookies netwerk/protocol/http/HttpChannelParent.cpp:1074
1 xul.dll mozilla::net::PHttpChannelParent::OnMessageReceived ipc/ipdl/PHttpChannelParent.cpp:939
2 xul.dll mozilla::dom::PContentParent::OnMessageReceived ipc/ipdl/PContentParent.cpp:6749
3 xul.dll mozilla::ipc::MessageChannel::DispatchAsyncMessage ipc/glue/MessageChannel.cpp:1800
3 xul.dll mozilla::ipc::MessageChannel::DispatchMessage ipc/glue/MessageChannel.cpp:1725
3 xul.dll mozilla::ipc::MessageChannel::RunMessage ipc/glue/MessageChannel.cpp:1525
4 xul.dll mozilla::ipc::MessageChannel::MessageTask::Run ipc/glue/MessageChannel.cpp:1623
Comment 1•8 months ago
|
||
The bug is marked as tracked for firefox119 (nightly). We have limited time to fix this, the soft freeze is in a day. However, the bug still isn't assigned.
:dmehic, could you please find an assignee for this tracked bug? Given that it is a regression and we know the cause, we could also simply backout the regressor. If you disagree with the tracking decision, please talk with the release managers.
For more information, please visit BugBot documentation.
Assignee | ||
Comment 2•8 months ago
|
||
I found a solution that doesn't require the affected principal checks. I'll submit a patch later today.
Assignee | ||
Comment 3•8 months ago
|
||
For the BounceTrackingStorageObserver, instead of passing in a third-party flag
we can simply check if the changed cookie is partitioned or not.
Comment 4•8 months ago
•
|
||
:pbz I know this is actively being worked on and your plan is to fix asap.
Thought worth mentioning that Monday is merge day for Fx119, to ask if there's any concerns fixing this before then?
Assignee | ||
Comment 5•8 months ago
|
||
The patch is complete, it is just pending a review of cookie-reviewers
. I've already asked on Matrix if we can get a speedy review.
Pushed by pzuhlcke@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/6379a4984eba Update BounceTrackingStorageObserver cookie check and remove nsICookieNotification isThirdPartyCookie. r=bvandersloot,cookie-reviewers,anti-tracking-reviewers,timhuang
Comment 7•8 months ago
|
||
bugherder |
Description
•