1866778 - Crash in [@ libsystem_kernel.dylib@0x7ffe] launching external application, on macOS 12.7.2 beta

Status: RESOLVED WORKSFORME

(Firefox :: File Handling, defect)

Description

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

Between 50-100 crashes per major release on macOS. Recent relative crash volume increases for beta and nightly make these interesting.

Crash report: https://crash-stats.mozilla.org/report/index/ae178196-d0de-4ef3-838c-257460231126

Reason: EXC_SOFTWARE / SIGABRT

crashing thread:

 Ø 0 	libsystem_kernel.dylib	libsystem_kernel.dylib@0x7ffe		context
1 	libsystem_c.dylib	abort		frame_pointer
2 	libsystem_c.dylib	__assert_rtn		cfi
Ø 3 	libquarantine.dylib	libquarantine.dylib@0x2c9f		cfi
Ø 4 	libquarantine.dylib	libquarantine.dylib@0x16fe		frame_pointer
Ø 5 	libquarantine.dylib	libquarantine.dylib@0x1960		frame_pointer
Ø 6 	LaunchServices	LaunchServices@0x5da24		frame_pointer
Ø 7 	LaunchServices	LaunchServices@0x13a5a9		frame_pointer
Ø 8 	LaunchServices	LaunchServices@0x125cf8		frame_pointer
Ø 9 	LaunchServices	LaunchServices@0x11dac0		frame_pointer
Ø 10 	LaunchServices	LaunchServices@0x5b4bc		frame_pointer
11 	CoreFoundation	__CFDictionaryApplyFunction_block_invoke		frame_pointer
12 	CoreFoundation	CFBasicHashApply		cfi
13 	CoreFoundation	CFDictionaryApplyFunction		cfi
Ø 14 	LaunchServices	LaunchServices@0x58a24		cfi
Ø 15 	LaunchServices	LaunchServices@0x54a08		frame_pointer
Ø 16 	LaunchServices	LaunchServices@0x10d46e		frame_pointer
Ø 17 	LaunchServices	LaunchServices@0x10db53		frame_pointer
Ø 18 	LaunchServices	LaunchServices@0x54348		frame_pointer
19 	XUL	nsLocalHandlerAppMac::LaunchWithURI(nsIURI*, mozilla::dom::BrowsingContext*)	uriloader/exthandler/mac/nsLocalHandlerAppMac.mm:72 	frame_pointer
20 	XUL	nsMIMEInfoBase::LaunchWithURI(nsIURI*, mozilla::dom::BrowsingContext*)	uriloader/exthandler/nsMIMEInfoImpl.cpp:406 	cfi

Comment 1

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

All crashes observed with macOS 12.7.2 21G1967.

Haik, could a person proficient with process launching on macOS look into this? Do the launched processes get quarantined?

Comment 2

[Steven Michaud [:smichaud] (Retired)]

As best I can tell "macOS 12.7.2 21G1967" is a beta. So the latest actual release is still "12.7.1 21G920".

Almost all of these crashes have the following mac crash info. They're also almost all on AMD64 hardware.

{
  "num_records": 1,
  "records": [
    {
      "abort_cause": null,
      "backtrace": null,
      "dialog_mode": null,
      "message": "Assertion failed: (*src != '\\0'), function macsafestring_decode, file utility.c, line 80.\n",
      "message2": null,
      "module": "/usr/lib/system/libsystem_c.dylib",
      "signature_string": null,
      "thread": null
    }
  ]
}

This is almost certainly an Apple bug, newly introduced in 12.7.2 21G1967. It's bad enough that Apple can probably find it on its own. It probably also effects other apps. But if Mozilla has a viable Apple contact, it'd be worthwhile passing this bug along to them.

https://crash-stats.mozilla.org/search/?modules_in_stack=~libquarantine&date=%3E%3D2023-11-20T17%3A08%3A00.000Z&date=%3C2023-11-27T17%3A08%3A00.000Z&_facets=signature&_facets=platform_version&_facets=cpu_arch&_facets=mac_crash_info&_sort=-date&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-mac_crash_info

Comment 3

[Steven Michaud [:smichaud] (Retired)]

Many of these are startup crashes (have uptimes of 30 seconds or less):

https://crash-stats.mozilla.org/search/?modules_in_stack=~libquarantine&uptime=%3C%3D30&date=%3E%3D2023-10-27T17%3A40%3A00.000Z&date=%3C2023-11-27T17%3A40%3A00.000Z&_facets=signature&_facets=platform_version&_facets=cpu_arch&_facets=mac_crash_info&_facets=uptime&_sort=-date&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports

But half of them have uptimes of 5 minutes or more ... which is puzzling:

https://crash-stats.mozilla.org/search/?modules_in_stack=~libquarantine&uptime=%3E%3D300&date=%3E%3D2023-10-27T17%3A40%3A00.000Z&date=%3C2023-11-27T17%3A40%3A00.000Z&_facets=signature&_facets=platform_version&_facets=cpu_arch&_facets=mac_crash_info&_facets=uptime&_sort=-date&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports

Comment 4

[Steven Michaud [:smichaud] (Retired)]

The top three lines of these crash stacks are probably something like:

    (libquarantine.dylib) macsafestring_decode(char*, unsigned long, char*, unsigned long)
    (libquarantine.dylib) parse_label + 0xcb
    (libquarantine.dylib) _qtn_file_init_with_path + 0x58

The assertion isn't in current macsafestring_decode() code.

Comment 5

[Haik Aftandilian [:haik]]

Thank you, Steven, for jumping on this and providing your analysis.

I've filed FB13418311 with Apple for this problem.

I'm working on getting a system running 12.7.2 up to test with.

FB13418311:

New macOS 12.7.2 Crash - libquarantine.dylib assertion failed in macsafestring_decode

Starting with macOS 12.7.2, in our Firefox crash reporting telemetry
we are receiving crash reports due to the following assertion failure
in libquarantine.dylib. The crashes are originating from a call to
LSOpenFromURLSpec() from Firefox code.

"Assertion failed: (*src != '\\0'), function macsafestring_decode, file utility.c, line 80.\n",

Suspected final frames of the crashing stack:
libquarantine.dylib: macsafestring_decode(char*, unsigned long, char*, unsigned long)
libquarantine.dylib: parse_label + 0xcb
libquarantine.dylib: _qtn_file_init_with_path + 0x58

Example stack trace:
0 	libsystem_kernel.dylib	libsystem_kernel.dylib@0x7ffe		context
1 	libsystem_c.dylib	abort		frame_pointer
2 	libsystem_c.dylib	__assert_rtn		cfi
3 	libquarantine.dylib	libquarantine.dylib@0x2c9f		cfi
4 	libquarantine.dylib	libquarantine.dylib@0x16fe		frame_pointer
5 	libquarantine.dylib	libquarantine.dylib@0x1960		frame_pointer
6 	LaunchServices	LaunchServices@0x5da24		frame_pointer
7 	LaunchServices	LaunchServices@0x13a5a9		frame_pointer
8 	LaunchServices	LaunchServices@0x125cf8		frame_pointer
9 	LaunchServices	LaunchServices@0x11dac0		frame_pointer
10 	LaunchServices	LaunchServices@0x5b4bc		frame_pointer
11 	CoreFoundation	__CFDictionaryApplyFunction_block_invoke		frame_pointer
12 	CoreFoundation	CFBasicHashApply		cfi
13 	CoreFoundation	CFDictionaryApplyFunction		cfi
14 	LaunchServices	LaunchServices@0x58a24		cfi
15 	LaunchServices	LaunchServices@0x54a08		frame_pointer
16 	LaunchServices	LaunchServices@0x10d46e		frame_pointer
17 	LaunchServices	LaunchServices@0x10db53		frame_pointer
18 	LaunchServices	LaunchServices@0x54348		frame_pointer
19 	XUL	nsLocalHandlerAppMac::LaunchWithURI(nsIURI*, mozilla::dom::BrowsingContext*)	uriloader/exthandler/mac/nsLocalHandlerAppMac.mm:72 	frame_pointer
20 	XUL	nsMIMEInfoBase::LaunchWithURI(nsIURI*, mozilla::dom::BrowsingContext*)	uriloader/exthandler/nsMIMEInfoImpl.cpp:406 	cfi

We are tracking this problem on Firefox bug 1866778:
https://bugzilla.mozilla.org/show_bug.cgi?id=1866778

Comment 6

[BugBot [:suhaib / :marco/ :calixte]]

The bug is linked to a topcrash signature, which matches the following criterion:

• Top 5 desktop browser crashes on Mac on beta

For more information, please visit BugBot documentation.

Comment 7

[Steven Michaud [:smichaud] (Retired)]

I've installed macOS 12.7.2 (build 21G1971) on an Intel Mac, and am able to reproduce these crashes. To trigger them, make Firefox (or some other app) load a file into an external application. It seems Safari and Chrome no longer have this capability -- so I can't get them to crash. Are there any other applications that can do this? If so please let me know. They'll probably also crash.

Haik: I don't know how far along you are installing macOS 12.7.2. To do it, first install macOS 12.7.1 (or upgrade it to that level). Then you'll need to run the "Developer Beta Access Utility" to switch your machine from regular updates to beta updates. Only afterwards will you be able to install macOS 12.7.2. For some reason this download (macOSDeveloperBetaAccessUtility.dmg) isn't currently available from Apple. If need be, I can send you mine via WeTransfer. Let me know if you'd like me to do that.

Comment 8

[Steven Michaud [:smichaud] (Retired)]

Here's an lldb crash stack:

Assertion failed: (*src != '\0'), function macsafestring_decode, file utility.c, line 80.
Process 44347 stopped
* thread #1, name = 'MainThread', queue = 'com.apple.main-thread', stop reason = hit program assert
    frame #4: 0x00007ff81460fca0 libquarantine.dylib`macsafestring_decode.cold.1 + 33
libquarantine.dylib`__assert_rtn:
    0x7ff81460fca0 <+0>: jmpq   *0x37b6e802(%rip)         ; (void *)0x00007ff80a143f81: __assert_rtn

libquarantine.dylib`__bzero:
    0x7ff81460fca6 <+0>: jmpq   *0x37b6e804(%rip)         ; (void *)0x00007ff80a21308e: symbol stub for: __bzero

libquarantine.dylib`__error:
    0x7ff81460fcac <+0>: jmpq   *0x37b6e806(%rip)         ; (void *)0x00007ff80a1bd1da: __error

libquarantine.dylib`__maskrune:
    0x7ff81460fcb2 <+0>: jmpq   *0x37b6e808(%rip)         ; (void *)0x00007ff80a0dc9c7: __maskrune
Target 0: (firefox) stopped.
(lldb) bt
* thread #1, name = 'MainThread', queue = 'com.apple.main-thread', stop reason = hit program assert
    frame #0: 0x00007ff80a1c2ffe libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007ff80a1f91ff libsystem_pthread.dylib`pthread_kill + 263
    frame #2: 0x00007ff80a144d14 libsystem_c.dylib`abort + 123
    frame #3: 0x00007ff80a1440bb libsystem_c.dylib`__assert_rtn + 314
  * frame #4: 0x00007ff81460fca0 libquarantine.dylib`macsafestring_decode.cold.1 + 33
    frame #5: 0x00007ff81460e6ff libquarantine.dylib`macsafestring_decode + 177
    frame #6: 0x00007ff81460e961 libquarantine.dylib`qtn_proc_init_with_pid + 149
    frame #7: 0x00007ff80a7a0a25 LaunchServices`_LSCopyProcessQuarantineProperties + 62
    frame #8: 0x00007ff80a87d5aa LaunchServices`_LSAnnotateAndSendAppleEventWithOptions + 474
    frame #9: 0x00007ff80a868cf9 LaunchServices`_LSLaunchWithRunningboard(LSContext*, FSNode*, unsigned int, void*, __CFArray const*, AEDesc const*, AEDesc const*, NSArray<LSSliceInfo*>*, __CFDictionary const*, unsigned int, audit_token_t const*, _LSOpen2Options const*, ProcessSerialNumber*, NSError* __autoreleasing*) + 32708
    frame #10: 0x00007ff80a860ac1 LaunchServices`_LSLaunch + 232
    frame #11: 0x00007ff80a79dba4 LaunchServices`_LSOpenItemsWithHandler_CFDictionaryApplier(void const*, void const*, void*) + 4717
    frame #12: 0x00007ff80a2c16ee CoreFoundation`__CFDictionaryApplyFunction_block_invoke + 22
    frame #13: 0x00007ff80a28a523 CoreFoundation`CFBasicHashApply + 115
    frame #14: 0x00007ff80a27d24b CoreFoundation`CFDictionaryApplyFunction + 131
    frame #15: 0x00007ff80a79ba25 LaunchServices`_LSOpenStuffCallLocal + 9499
    frame #16: 0x00007ff80a797a09 LaunchServices`_LSOpenStuff + 1621
    frame #17: 0x00007ff80a85046f LaunchServices`_LSOpenURLsWithRole_Common + 139
    frame #18: 0x00007ff80a850b54 LaunchServices`_LSOpenURLsWithRole_CommonLegacy(__CFArray const*, unsigned int, AEKeyDesc const*, LSApplicationParameters_V1 const*, _LSOpen2Options const*, ProcessSerialNumber*, long, __CFURL const**, unsigned char*) + 106
    frame #19: 0x00007ff80a797349 LaunchServices`LSOpenFromURLSpec + 275
    frame #20: 0x00007ff80a850cc1 LaunchServices`__LSOpenFromRefSpec_block_invoke_2 + 71
    frame #21: 0x00007ff80a7ab2f4 LaunchServices`__FSShimFSRefs_block_invoke + 17
    frame #22: 0x00007ff80a7ab160 LaunchServices`+[FSNode(FSRefs) shimFSRefs:count:reason:error:block:] + 577
    frame #23: 0x00007ff80a7ab280 LaunchServices`FSShimFSRefs + 140
    frame #24: 0x00007ff80a850c74 LaunchServices`__LSOpenFromRefSpec_block_invoke + 97
    frame #25: 0x00007ff80a793d9a LaunchServices`__FSShimFSRef_block_invoke + 17
    frame #26: 0x00007ff80a793cc5 LaunchServices`+[FSNode(FSRefs) shimFSRef:reason:error:block:] + 268
    frame #27: 0x00007ff80a793b58 LaunchServices`FSShimFSRef + 128
    frame #28: 0x00007ff80a850c0d LaunchServices`LSOpenFromRefSpec + 99
    frame #29: 0x0000000112ae9cd5 XUL`nsLocalFile::LaunchWithDoc(this=<unavailable>, aDocToLoad=<unavailable>, aLaunchInBackground=false) at nsLocalFileUnix.cpp:2730:15 [opt]
    frame #30: 0x00000001134156b0 XUL`nsMIMEInfoMac::LaunchWithFile(this=<unavailable>, aFile=0x000000013eca9d40) at nsMIMEInfoMac.mm:83:15 [opt]
    frame #31: 0x000000011340743f XUL`nsExternalAppHandler::LaunchLocalFile(this=0x0000000128628740) at nsExternalHelperAppService.cpp:2644:21 [opt]
    frame #32: 0x0000000112b4c37e XUL`NS_InvokeByIndex at xptcinvoke_asm_x86_64_unix.S:101
    frame #33: 0x000000011334bea0 XUL`XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) [inlined] CallMethodHelper::Invoke() at XPCWrappedNative.cpp:1627:10 [opt]
    frame #34: 0x000000011334be80 XUL`XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) [inlined] CallMethodHelper::Call() at XPCWrappedNative.cpp:1180:19 [opt]
    frame #35: 0x000000011334b252 XUL`XPCWrappedNative::CallMethod(ccx=0x00007ff7bfefac28, mode=<unavailable>) at XPCWrappedNative.cpp:1126:23 [opt]
    frame #36: 0x000000011334d4ac XUL`XPC_WN_CallMethod(cx=<unavailable>, argc=0, vp=<unavailable>) at XPCWrappedNativeJSOps.cpp:966:10 [opt]
    frame #37: 0x000000011728c883 XUL`js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) [inlined] CallJSNative(cx=0x0000000108c26400, native=<unavailable>, reason=<unavailable>, args=0x00007ff7bfefb110)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&) at Interpreter.cpp:472:13 [opt]
    frame #38: 0x000000011728c7b4 XUL`js::InternalCallOrConstruct(cx=0x0000000108c26400, args=0x00007ff7bfefb110, construct=NO_CONSTRUCT, reason=<unavailable>) at Interpreter.cpp:566:12 [opt]
    frame #39: 0x0000000117297832 XUL`js::Interpret(JSContext*, js::RunState&) [inlined] InternalCall(cx=0x0000000108c26400, args=0x00007ff7bfefb110) at Interpreter.cpp:633:10 [opt]
    frame #40: 0x0000000117297828 XUL`js::Interpret(JSContext*, js::RunState&) [inlined] js::CallFromStack(cx=0x0000000108c26400, args=0x00007ff7bfefb110) at Interpreter.cpp:638:10 [opt]
    frame #41: 0x0000000117297828 XUL`js::Interpret(cx=0x0000000108c26400, state=0x00007ff7bfefb250) at Interpreter.cpp:3053:16 [opt]
    frame #42: 0x000000011728c4e7 XUL`js::RunScript(JSContext*, js::RunState&) [inlined] MaybeEnterInterpreterTrampoline(cx=0x0000000108c26400, state=0x00007ff7bfefb250) at Interpreter.cpp:386:10 [opt]
    frame #43: 0x000000011728c3bd XUL`js::RunScript(cx=<unavailable>, state=0x00007ff7bfefb250) at Interpreter.cpp:444:13 [opt]
    frame #44: 0x000000011728cb3a XUL`js::InternalCallOrConstruct(cx=0x0000000108c26400, args=0x00007ff7bfefb328, construct=NO_CONSTRUCT, reason=Call) at Interpreter.cpp:598:13 [opt]
    frame #45: 0x000000011728d044 XUL`js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) [inlined] InternalCall(cx=0x0000000108c26400, args=0x00007ff7bfefb328, reason=Call) at Interpreter.cpp:633:10 [opt]
    frame #46: 0x000000011728d034 XUL`js::Call(cx=0x0000000108c26400, fval=JS::HandleValue @ scalar, thisv=JS::HandleValue @ scalar, args=0x00007ff7bfefb328, rval=JS::MutableHandleValue @ r13, reason=Call) at Interpreter.cpp:665:8 [opt]
    frame #47: 0x000000011731eca2 XUL`JS::Call(cx=0x0000000108c26400, thisv=Handle<JS::Value> @ 0x00007ff7bfefb308, fval=Handle<JS::Value> @ 0x00007ff7bfefb310, args=0x00007ff7bfefb400, rval=MutableHandle<JS::Value> @ r15) at CallAndConstruct.cpp:119:10 [opt]
    frame #48: 0x00000001144432d3 XUL`mozilla::dom::EventListener::HandleEvent(this=0x00000001116ab2c0, cx=0x00007ff7bfefb708, aThisVal=Handle<JS::Value> @ 0x00007ff7bfefb3f0, event=<unavailable>, aRv=0x00007ff7bfefb538) at EventListenerBinding.cpp:62:8 [opt]
    frame #49: 0x00000001149dc1a8 XUL`mozilla::EventListenerManager::HandleEventSingleListener(mozilla::EventListenerManager::Listener*, nsAtom*, mozilla::WidgetEvent*, mozilla::dom::Event*, mozilla::dom::EventTarget*, bool) [inlined] void mozilla::dom::EventListener::HandleEvent<mozilla::dom::EventTarget*>(thisVal=0x00007ff7bfefb548, event=0x0000000146ff5380, aRv=0x00007ff7bfefb538, aExecutionReason=<unavailable>, aExceptionHandling=eReportExceptions, aRealm=0x0000000000000000) at EventListenerBinding.h:65:12 [opt]
    frame #50: 0x00000001149dc0ff XUL`mozilla::EventListenerManager::HandleEventSingleListener(this=0x000000013d7b2510, aListener=<unavailable>, aTypeAtom=0x0000000133023040, aEvent=0x00000001440aa9d0, aDOMEvent=0x0000000146ff5380, aCurrentTarget=0x0000000108bb2300, aItemInShadowTree=<unavailable>) at EventListenerManager.cpp:1342:43 [opt]
    frame #51: 0x00000001149dcfe9 XUL`mozilla::EventListenerManager::HandleEventWithListenerArray(this=0x000000013d7b2510, aListeners=0x00000001116fb300, aTypeAtom=0x0000000133023040, aEventMessage=eUnidentifiedEvent, aPresContext=0x000000013f175000, aEvent=0x00000001440aa9d0, aDOMEvent=<unavailable>, aCurrentTarget=0x0000000108bb2300, aItemInShadowTree=<unavailable>) at EventListenerManager.cpp:1663:12 [opt]
    frame #52: 0x00000001149dc7db XUL`mozilla::EventListenerManager::HandleEventInternal(this=0x000000013d7b2510, aPresContext=0x000000013f175000, aEvent=0x00000001440aa9d0, aDOMEvent=0x00007ff7bfefbb00, aCurrentTarget=0x0000000108bb2300, aEventStatus=0x00007ff7bfefbb08, aItemInShadowTree=<unavailable>) at EventListenerManager.cpp:1560:35 [opt]
    frame #53: 0x00000001149d4098 XUL`mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) [inlined] mozilla::EventListenerManager::HandleEvent(this=<unavailable>, aPresContext=<unavailable>, aEvent=<unavailable>, aDOMEvent=<unavailable>, aCurrentTarget=<unavailable>, aEventStatus=<unavailable>) at EventListenerManager.h:465:5 [opt]
    frame #54: 0x00000001149d408d XUL`mozilla::EventTargetChainItem::HandleEvent(this=0x000000014889e0a8, aVisitor=0x00007ff7bfefbaf0, aCd=0x00007ff7bfefbb28) at EventDispatcher.cpp:364:17 [opt]
    frame #55: 0x00000001149d3aa4 XUL`mozilla::EventTargetChainItem::HandleEventTargetChain(aChain=0x00007ff7bfefbb20, aVisitor=0x00007ff7bfefbaf0, aCallback=0x0000000000000000, aCd=0x00007ff7bfefbb28) at EventDispatcher.cpp:652:14 [opt]
    frame #56: 0x00000001149d5b4e XUL`mozilla::EventDispatcher::Dispatch(aTarget=<unavailable>, aPresContext=0x000000013f175000, aEvent=0x00000001440aa9d0, aDOMEvent=0x0000000146ff5380, aEventStatus=0x00007ff7bfefbe9c, aCallback=0x0000000000000000, aTargets=0x0000000000000000) at EventDispatcher.cpp:1232:11 [opt]
    frame #57: 0x00000001149d838b XUL`mozilla::EventDispatcher::DispatchDOMEvent(aTarget=0x000000012a036780, aEvent=<unavailable>, aDOMEvent=0x0000000146ff5380, aPresContext=0x000000013f175000, aEventStatus=0x00007ff7bfefbe9c) at EventDispatcher.cpp:0 [opt]
    frame #58: 0x0000000113ba9b16 XUL`nsINode::DispatchEvent(this=0x000000012a036780, aEvent=0x0000000146ff5380, aCallerType=System, aRv=0x00007ff7bfefbee8) at nsINode.cpp:1401:17 [opt]
    frame #59: 0x0000000114489c50 XUL`mozilla::dom::EventTarget_Binding::dispatchEvent(cx_=0x0000000108c26400, obj=<unavailable>, void_self=0x000000012a036780, args=0x00007ff7bfefbf80) at EventTargetBinding.cpp:1104:36 [opt]
    frame #60: 0x0000000114610776 XUL`bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::MaybeCrossOriginObjectThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(cx=0x0000000108c26400, argc=1, vp=<unavailable>) at BindingUtils.cpp:3330:13 [opt]
    frame #61: 0x000000011728c883 XUL`js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) [inlined] CallJSNative(cx=0x0000000108c26400, native=<unavailable>, reason=<unavailable>, args=0x00007ff7bfefc3f0)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&) at Interpreter.cpp:472:13 [opt]
    frame #62: 0x000000011728c7b4 XUL`js::InternalCallOrConstruct(cx=0x0000000108c26400, args=0x00007ff7bfefc3f0, construct=NO_CONSTRUCT, reason=<unavailable>) at Interpreter.cpp:566:12 [opt]
    frame #63: 0x0000000117297832 XUL`js::Interpret(JSContext*, js::RunState&) [inlined] InternalCall(cx=0x0000000108c26400, args=0x00007ff7bfefc3f0) at Interpreter.cpp:633:10 [opt]
    frame #64: 0x0000000117297828 XUL`js::Interpret(JSContext*, js::RunState&) [inlined] js::CallFromStack(cx=0x0000000108c26400, args=0x00007ff7bfefc3f0) at Interpreter.cpp:638:10 [opt]
    frame #65: 0x0000000117297828 XUL`js::Interpret(cx=0x0000000108c26400, state=0x00007ff7bfefc530) at Interpreter.cpp:3053:16 [opt]
    frame #66: 0x000000011728c4e7 XUL`js::RunScript(JSContext*, js::RunState&) [inlined] MaybeEnterInterpreterTrampoline(cx=0x0000000108c26400, state=0x00007ff7bfefc530) at Interpreter.cpp:386:10 [opt]
    frame #67: 0x000000011728c3bd XUL`js::RunScript(cx=<unavailable>, state=0x00007ff7bfefc530) at Interpreter.cpp:444:13 [opt]
    frame #68: 0x000000011728cb3a XUL`js::InternalCallOrConstruct(cx=0x0000000108c26400, args=0x00007ff7bfefc648, construct=NO_CONSTRUCT, reason=Call) at Interpreter.cpp:598:13 [opt]
    frame #69: 0x000000011728d044 XUL`js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) [inlined] InternalCall(cx=0x0000000108c26400, args=0x00007ff7bfefc648, reason=Call) at Interpreter.cpp:633:10 [opt]
    frame #70: 0x000000011728d034 XUL`js::Call(cx=0x0000000108c26400, fval=<unavailable>, thisv=<unavailable>, args=0x00007ff7bfefc648, rval=JS::MutableHandleValue @ r13, reason=Call) at Interpreter.cpp:665:8 [opt]
    frame #71: 0x0000000117316ad3 XUL`js::BoundFunctionObject::call(cx=0x0000000108c26400, argc=1, vp=0x00007ff7bfefc870) at BoundFunctionObject.cpp:72:10 [opt]
    frame #72: 0x000000011728ccc6 XUL`js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) [inlined] CallJSNative(cx=0x0000000108c26400, native=(XUL`js::BoundFunctionObject::call(JSContext*, unsigned int, JS::Value*) at BoundFunctionObject.cpp:52), reason=Call, args=0x00007ff7bfefc828)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&) at Interpreter.cpp:472:13 [opt]
    frame #73: 0x000000011728cc13 XUL`js::InternalCallOrConstruct(cx=0x0000000108c26400, args=0x00007ff7bfefc828, construct=NO_CONSTRUCT, reason=Call) at Interpreter.cpp:552:12 [opt]
    frame #74: 0x000000011728d044 XUL`js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) [inlined] InternalCall(cx=0x0000000108c26400, args=0x00007ff7bfefc828, reason=Call) at Interpreter.cpp:633:10 [opt]
    frame #75: 0x000000011728d034 XUL`js::Call(cx=0x0000000108c26400, fval=JS::HandleValue @ scalar, thisv=JS::HandleValue @ scalar, args=0x00007ff7bfefc828, rval=JS::MutableHandleValue @ r13, reason=Call) at Interpreter.cpp:665:8 [opt]
    frame #76: 0x000000011731eca2 XUL`JS::Call(cx=0x0000000108c26400, thisv=Handle<JS::Value> @ 0x00007ff7bfefc808, fval=Handle<JS::Value> @ 0x00007ff7bfefc810, args=0x00007ff7bfefc900, rval=MutableHandle<JS::Value> @ r15) at CallAndConstruct.cpp:119:10 [opt]
    frame #77: 0x00000001144432d3 XUL`mozilla::dom::EventListener::HandleEvent(this=0x0000000132e30f80, cx=0x00007ff7bfefcc08, aThisVal=Handle<JS::Value> @ 0x00007ff7bfefc8f0, event=<unavailable>, aRv=0x00007ff7bfefca38) at EventListenerBinding.cpp:62:8 [opt]
    frame #78: 0x00000001149dc1a8 XUL`mozilla::EventListenerManager::HandleEventSingleListener(mozilla::EventListenerManager::Listener*, nsAtom*, mozilla::WidgetEvent*, mozilla::dom::Event*, mozilla::dom::EventTarget*, bool) [inlined] void mozilla::dom::EventListener::HandleEvent<mozilla::dom::EventTarget*>(thisVal=0x00007ff7bfefca48, event=0x00000001424e61a0, aRv=0x00007ff7bfefca38, aExecutionReason=<unavailable>, aExceptionHandling=eReportExceptions, aRealm=0x0000000000000000) at EventListenerBinding.h:65:12 [opt]
    frame #79: 0x00000001149dc0ff XUL`mozilla::EventListenerManager::HandleEventSingleListener(this=0x0000000140b9ed80, aListener=<unavailable>, aTypeAtom=0x000000011941eac0, aEvent=0x00000001424e6240, aDOMEvent=0x00000001424e61a0, aCurrentTarget=0x000000012a09ede0, aItemInShadowTree=<unavailable>) at EventListenerManager.cpp:1342:43 [opt]
    frame #80: 0x00000001149dcfe9 XUL`mozilla::EventListenerManager::HandleEventWithListenerArray(this=0x0000000140b9ed80, aListeners=0x0000000132e30d80, aTypeAtom=0x000000011941eac0, aEventMessage=eXULCommand, aPresContext=0x000000013f175000, aEvent=0x00000001424e6240, aDOMEvent=<unavailable>, aCurrentTarget=0x000000012a09ede0, aItemInShadowTree=<unavailable>) at EventListenerManager.cpp:1663:12 [opt]
    frame #81: 0x00000001149dc7db XUL`mozilla::EventListenerManager::HandleEventInternal(this=0x0000000140b9ed80, aPresContext=0x000000013f175000, aEvent=0x00000001424e6240, aDOMEvent=0x00007ff7bfefd000, aCurrentTarget=0x000000012a09ede0, aEventStatus=0x00007ff7bfefd008, aItemInShadowTree=<unavailable>) at EventListenerManager.cpp:1560:35 [opt]
    frame #82: 0x00000001149d4098 XUL`mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) [inlined] mozilla::EventListenerManager::HandleEvent(this=<unavailable>, aPresContext=<unavailable>, aEvent=<unavailable>, aDOMEvent=<unavailable>, aCurrentTarget=<unavailable>, aEventStatus=<unavailable>) at EventListenerManager.h:465:5 [opt]
    frame #83: 0x00000001149d408d XUL`mozilla::EventTargetChainItem::HandleEvent(this=0x0000000140b9f008, aVisitor=0x00007ff7bfefcff0, aCd=0x00007ff7bfefd028) at EventDispatcher.cpp:364:17 [opt]
    frame #84: 0x00000001149d389f XUL`mozilla::EventTargetChainItem::HandleEventTargetChain(aChain=0x00007ff7bfefd020, aVisitor=0x00007ff7bfefcff0, aCallback=0x0000000000000000, aCd=0x00007ff7bfefd028) at EventDispatcher.cpp:603:16 [opt]
    frame #85: 0x00000001149d5b4e XUL`mozilla::EventDispatcher::Dispatch(aTarget=<unavailable>, aPresContext=0x000000013f175000, aEvent=0x00000001424e6240, aDOMEvent=0x00000001424e61a0, aEventStatus=0x00007ff7bfefd3f0, aCallback=0x0000000000000000, aTargets=0x0000000000000000) at EventDispatcher.cpp:1232:11 [opt]
    frame #86: 0x00000001149d838b XUL`mozilla::EventDispatcher::DispatchDOMEvent(aTarget=0x000000012a09ede0, aEvent=<unavailable>, aDOMEvent=0x00000001424e61a0, aPresContext=0x000000013f175000, aEventStatus=0x00007ff7bfefd3f0) at EventDispatcher.cpp:0 [opt]
    frame #87: 0x0000000115cc5682 XUL`mozilla::PresShell::HandleDOMEventWithTarget(this=0x000000013d834000, aTargetContent=0x000000012a09ede0, aEvent=0x00000001424e61a0, aStatus=0x00007ff7bfefd3f0) at PresShell.cpp:8838:10 [opt]
    frame #88: 0x0000000113972742 XUL`nsContentUtils::DispatchXULCommand(aTarget=0x000000012a09ede0, aTrusted=<unavailable>, aSourceEvent=0x0000000000000000, aPresShell=0x000000013d834000, aCtrl=false, aAlt=false, aShift=<unavailable>, aMeta=<unavailable>, aInputSource=1, aButton=0) at nsContentUtils.cpp:6656:24 [opt]
    frame #89: 0x00000001157f5862 XUL`mozilla::dom::XULButtonElement::MouseClicked(this=0x000000012a09ede0, aEvent=<unavailable>) at XULButtonElement.cpp:653:3 [opt]
    frame #90: 0x00000001157f56f1 XUL`mozilla::dom::XULButtonElement::PostHandleEvent(this=0x000000012a09ede0, aVisitor=0x00007ff7bfefd790) at XULButtonElement.cpp:0 [opt]
    frame #91: 0x00000001149d3967 XUL`mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) [inlined] mozilla::EventTargetChainItem::PostHandleEvent(this=0x0000000133231008, aVisitor=0x00007ff7bfefd790) at EventDispatcher.cpp:486:12 [opt]
    frame #92: 0x00000001149d3923 XUL`mozilla::EventTargetChainItem::HandleEventTargetChain(aChain=0x00007ff7bfefd7c0, aVisitor=0x00007ff7bfefd790, aCallback=0x00007ff7bfefdb80, aCd=0x00007ff7bfefd7c8) at EventDispatcher.cpp:616:16 [opt]
    frame #93: 0x00000001149d3caf XUL`mozilla::EventTargetChainItem::HandleEventTargetChain(aChain=0x00007ff7bfefd7c0, aVisitor=0x00007ff7bfefd790, aCallback=0x00007ff7bfefdb80, aCd=0x00007ff7bfefd7c8) at EventDispatcher.cpp:696:5 [opt]
    frame #94: 0x00000001149d5b4e XUL`mozilla::EventDispatcher::Dispatch(aTarget=<unavailable>, aPresContext=0x000000013f175000, aEvent=0x00007ff7bfefdd18, aDOMEvent=0x0000000000000000, aEventStatus=0x00007ff7bfefdd04, aCallback=0x00007ff7bfefdb80, aTargets=0x0000000000000000) at EventDispatcher.cpp:1232:11 [opt]
    frame #95: 0x0000000115cc4d3f XUL`mozilla::PresShell::EventHandler::DispatchEventToDOM(this=0x00007ff7bfefdd08, aEvent=0x00007ff7bfefdd18, aEventStatus=0x00007ff7bfefdd04, aEventCB=0x00007ff7bfefdb80) at PresShell.cpp:8709:7 [opt]
    frame #96: 0x0000000115cc3e5e XUL`mozilla::PresShell::EventHandler::DispatchEvent(this=0x00007ff7bfefdd08, aEventStateManager=0x000000011239d020, aEvent=0x00007ff7bfefdd18, aTouchIsNew=false, aEventStatus=0x00007ff7bfefdd04, aOverrideClickTarget=0x0000000000000000) at PresShell.cpp:8298:7 [opt]
    frame #97: 0x0000000115cc1547 XUL`mozilla::PresShell::EventHandler::HandleEventWithCurrentEventInfo(this=0x00007ff7bfefdd08, aEvent=0x00007ff7bfefdd18, aEventStatus=0x00007ff7bfefdd04, aIsHandlingNativeEvent=false, aOverrideClickTarget=0x0000000000000000) at PresShell.cpp:8230:17 [opt]
    frame #98: 0x0000000115cc3284 XUL`mozilla::PresShell::EventHandler::HandleEventWithTarget(this=0x00007ff7bfefdd08, aEvent=0x00007ff7bfefdd18, aNewEventFrame=0x000000013eede420, aNewEventContent=0x000000012a09ede0, aEventStatus=0x00007ff7bfefdd04, aIsHandlingNativeEvent=<unavailable>, aTargetContent=0x0000000000000000, aOverrideClickTarget=0x0000000000000000) at PresShell.cpp:8136:17 [opt]
    frame #99: 0x000000011499d679 XUL`mozilla::EventStateManager::InitAndDispatchClickEvent(mozilla::WidgetMouseEvent*, nsEventStatus*, mozilla::EventMessage, mozilla::PresShell*, nsIContent*, AutoWeakFrame, bool, nsIContent*) [inlined] mozilla::PresShell::HandleEventWithTarget(this=0x000000013d834000, aEvent=0x00007ff7bfefdd18, aFrame=0x000000013eede420, aContent=0x000000012a09ede0, aEventStatus=0x00007ff7bfefdd04, aIsHandlingNativeEvent=false, aTargetContent=0x0000000000000000, aOverrideClickTarget=0x0000000000000000) at PresShell.h:674:25 [opt]
    frame #100: 0x000000011499d635 XUL`mozilla::EventStateManager::InitAndDispatchClickEvent(aMouseUpEvent=0x00007ff7bfefe4c8, aStatus=0x00007ff7bfefdefc, aMessage=eMouseClick, aPresShell=0x000000013d834000, aMouseUpContent=0x000000012a09ede0, aCurrentTarget=<unavailable>, aNoContentDispatch=false, aOverrideClickTarget=0x0000000000000000) at EventStateManager.cpp:5452:29 [opt]
    frame #101: 0x000000011499d7a8 XUL`mozilla::EventStateManager::DispatchClickEvents(this=<unavailable>, aPresShell=0x000000013d834000, aMouseUpEvent=0x00007ff7bfefe4c8, aStatus=0x00007ff7bfefdefc, aClickTarget=0x000000012a09ede0, aOverrideClickTarget=0x0000000000000000) at EventStateManager.cpp:5554:17 [opt]
    frame #102: 0x000000011499b43a XUL`mozilla::EventStateManager::PostHandleMouseUp(this=<unavailable>, aMouseUpEvent=0x00007ff7bfefe4c8, aStatus=0x00007ff7bfefe2c4, aOverrideClickTarget=0x0000000000000000) at EventStateManager.cpp:5497:17 [opt]
    frame #103: 0x0000000114999fba XUL`mozilla::EventStateManager::PostHandleEvent(this=0x000000011239d020, aPresContext=0x000000013f175000, aEvent=<unavailable>, aTargetFrame=0x0000000000000000, aStatus=0x00007ff7bfefe2c4, aOverrideClickTarget=0x0000000000000000) at EventStateManager.cpp:3702:18 [opt]
    frame #104: 0x0000000115cc3f8e XUL`mozilla::PresShell::EventHandler::DispatchEvent(this=0x00007ff7bfefe180, aEventStateManager=0x000000011239d020, aEvent=0x00007ff7bfefe4c8, aTouchIsNew=false, aEventStatus=0x00007ff7bfefe2c4, aOverrideClickTarget=0x0000000000000000) at PresShell.cpp:8312:30 [opt]
    frame #105: 0x0000000115cc1547 XUL`mozilla::PresShell::EventHandler::HandleEventWithCurrentEventInfo(this=0x00007ff7bfefe180, aEvent=0x00007ff7bfefe4c8, aEventStatus=0x00007ff7bfefe2c4, aIsHandlingNativeEvent=true, aOverrideClickTarget=0x0000000000000000) at PresShell.cpp:8230:17 [opt]
    frame #106: 0x0000000115cc0fc3 XUL`mozilla::PresShell::EventHandler::HandleEventUsingCoordinates(this=0x00007ff7bfefe220, aFrameForPresShell=0x000000013ed73020, aGUIEvent=0x00007ff7bfefe4c8, aEventStatus=0x00007ff7bfefe2c4, aDontRetargetEvents=false) at PresShell.cpp:7149:30 [opt]
    frame #107: 0x0000000115cc0364 XUL`mozilla::PresShell::EventHandler::HandleEvent(this=<unavailable>, aFrameForPresShell=<unavailable>, aGUIEvent=<unavailable>, aDontRetargetEvents=<unavailable>, aEventStatus=<unavailable>) at PresShell.cpp:6947:12 [opt] [artificial]
    frame #108: 0x0000000115cbfc67 XUL`mozilla::PresShell::HandleEvent(this=0x000000013d834000, aFrameForPresShell=0x000000013ed73020, aGUIEvent=0x00007ff7bfefe4c8, aDontRetargetEvents=false, aEventStatus=0x00007ff7bfefe2c4) at PresShell.cpp:6890:23 [opt]
    frame #109: 0x00000001159d6627 XUL`nsViewManager::DispatchEvent(this=<unavailable>, aEvent=0x00007ff7bfefe4c8, aView=<unavailable>, aStatus=0x00007ff7bfefe2c4) at nsViewManager.cpp:653:18 [opt]
    frame #110: 0x00000001159d6481 XUL`nsView::HandleEvent(this=<unavailable>, aEvent=0x00007ff7bfefe4c8, aUseAttachedEvents=<unavailable>) at nsView.cpp:1136:9 [opt]
    frame #111: 0x0000000115a54fda XUL`nsChildView::DispatchEvent(this=0x000000013f175900, event=0x00007ff7bfefe4c8, aStatus=0x00007ff7bfefe35c) at nsChildView.mm:1298:37 [opt]
    frame #112: 0x00000001159e0a7b XUL`nsBaseWidget::ProcessUntransformedAPZEvent(this=0x000000013f175900, aEvent=0x00007ff7bfefe4c8, aApzResult=0x00007ff7bfefe3f8) at nsBaseWidget.cpp:1091:3 [opt]
    frame #113: 0x00000001159e1406 XUL`nsBaseWidget::DispatchInputEvent(this=0x000000013f175900, aEvent=0x00007ff7bfefe4c8) at nsBaseWidget.cpp:1272:31 [opt]
    frame #114: 0x0000000115a5b1b9 XUL`-[ChildView mouseUp:](self=0x000000013f175f00, _cmd=<unavailable>, theEvent=0x00000001418f9940) at nsChildView.mm:2934:21 [opt]
    frame #115: 0x00007ff80ce6edb8 AppKit`-[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] + 2704
    frame #116: 0x00007ff80ce6e10e AppKit`-[NSWindow(NSEventRouting) sendEvent:] + 352
    frame #117: 0x0000000115aa329a XUL`-[ToolbarWindow sendEvent:](self=0x00000001123ea700, _cmd=<unavailable>, anEvent=0x00000001418f9940) at nsCocoaWindow.mm:4393:3 [opt]
    frame #118: 0x00007ff80ce6c4e4 AppKit`-[NSApplication(NSEvent) sendEvent:] + 352
    frame #119: 0x0000000115a8f2d4 XUL`-[GeckoNSApplication sendEvent:](self=0x0000000100672280, _cmd=<unavailable>, anEvent=<unavailable>) at nsAppShell.mm:185:3 [opt]
    frame #120: 0x00007ff80d12514b AppKit`-[NSApplication _handleEvent:] + 65
    frame #121: 0x00007ff80ccedcfe AppKit`-[NSApplication run] + 623
    frame #122: 0x0000000115a8f1e0 XUL`-[GeckoNSApplication run](self=<unavailable>, _cmd=<unavailable>) at nsAppShell.mm:174:3 [opt]
    frame #123: 0x0000000115a90430 XUL`nsAppShell::Run(this=0x0000000104339ba0) at nsAppShell.mm:871:5 [opt]
    frame #124: 0x00000001170caf6c XUL`nsAppStartup::Run(this=0x0000000108bfb6f0) at nsAppStartup.cpp:296:30 [opt]
    frame #125: 0x00000001171c22c3 XUL`XREMain::XRE_mainRun(this=0x00007ff7bfefefb0) at nsAppRunner.cpp:5673:22 [opt]
    frame #126: 0x00000001171c2a42 XUL`XREMain::XRE_main(this=0x00007ff7bfefefb0, argc=5, argv=0x00007ff7bfeff608, aConfig=0x00007ff7bfeff0a0) at nsAppRunner.cpp:5882:8 [opt]
    frame #127: 0x00000001171c2d73 XUL`XRE_main(argc=5, argv=0x00007ff7bfeff608, aConfig=0x00007ff7bfeff0a0) at nsAppRunner.cpp:5938:21 [opt]
    frame #128: 0x0000000100000c09 firefox`main [inlined] do_main(argc=<unavailable>, argv=<unavailable>, envp=0x00007ff7bfeff638) at nsBrowserApp.cpp:227:22 [opt]
    frame #129: 0x0000000100000a82 firefox`main(argc=<unavailable>, argv=<unavailable>, envp=0x00007ff7bfeff638) at nsBrowserApp.cpp:445:16 [opt]
    frame #130: 0x000000010000e52e dyld`start + 462

Comment 9

[Haik Aftandilian [:haik]]

(In reply to Steven Michaud [:smichaud] (Retired) from comment #7)

I've installed macOS 12.7.2 (build 21G1971) on an Intel Mac, and am able to reproduce these crashes. To trigger them, make Firefox (or some other app) load a file into an external application. It seems Safari and Chrome no longer have this capability -- so I can't get them to crash. Are there any other applications that can do this? If so please let me know. They'll probably also crash.

As you suspected, other applications are susceptible to the crash too. With Chrome, you can try an App Store link such as https://apps.apple.com/us/app/macos-sonoma/id6450717509 or itms-apps://itunes.apple.com. That gives me the option to open in the App Store application and doing so triggers the crash in Chrome, but not Safari. I haven't been able to get any Apple apps to crash.

Here's the crash message from Chrome hitting the same assertion failure as Firefox. I'll add this to FB13418311 and let our contact know.

$ /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome 
Assertion failed: (*src != '\0'), function macsafestring_decode, file utility.c, line 80.
[1128/215259.257907:WARNING:crash_report_exception_handler.cc(235)] UniversalExceptionRaise: (os/kern) failure (5)
Abort trap: 6

Comment 10

[Steven Michaud [:smichaud] (Retired)]

I've used HookCase to dig into this further.

Both Chrome and Safari use -[NSWorkspace openURL:(NSURL *)url], which calls LaunchServices' LSOpenFromURLSpec(). And both use exactly the same format for url. But Chrome crashes while Safari doesn't. This is because macsafestring_decode() is never called in Safari, which may be because it calls -[NSWorkspace openURL:(NSURL *)url] (on a secondary thread) via the undocumented -[ExternalURLNavigationHandler handleNavigationToExternalURL:withTabDialogPresenter:sourceFrame:userInitiatedAction:browsingMode:] method. (Chrome calls -[NSWorkspace openURL:(NSURL *)url] directly, on the main thread.)

The LSOpenFromRefSpec() call that Mozilla uses is deprecated, while -[NSWorkspace openURL:(NSURL *)url] and LSOpenFromURLSpec() aren't. So at some point Mozilla might want to switch to using -[NSWorkspace openURL:(NSURL *)url]. But that's a side issue for these crashes. Apple really needs to fix them.

Comment 11

[Steven Michaud [:smichaud] (Retired)]

Attachment: Hook library I tested with

Here's the HookCase hook library I tested with, as a diff on https://github.com/steven-michaud/HookCase/blob/v8.0.0/HookLibraryTemplate/hook.mm.

Comment 13

[Steven Michaud [:smichaud] (Retired)]

macOS 12.7.2 build 21G1974 has just been released (as a beta), which seems to fix these crashes in both Firefox and Chrome.

Comment 14

[Haik Aftandilian [:haik]]

(In reply to Steven Michaud [:smichaud] (Retired) from comment #13)

macOS 12.7.2 build 21G1974 has just been released (as a beta), which seems to fix these crashes in both Firefox and Chrome.

Thanks. Same results for me.

Closing this bug as works-for-me now that the latest beta build of 12.7.2 no longer exhibits this problem.

Comment 15

[Steven Michaud [:smichaud] (Retired)]

macOS 12.7.2 build 21G1974 was just (re)released as a regular (non-beta) update. I still can't reproduce these crashes in it.