Open Bug 1872412 Opened 11 months ago Updated 1 month ago

Assertion failure: mOverriddenFingerprintingSettingsIsSet, at /builds/worker/checkouts/gecko/netwerk/base/LoadInfo.cpp:1159

Categories

(Core :: Privacy: Anti-Tracking, defect, P3)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox123 --- affected

People

(Reporter: tsmith, Assigned: timhuang)

References

(Blocks 2 open bugs,
URL
)

Details

(Keywords: assertion, testcase)

Attachments

(1 file)

testcase.html
297 bytes, text/html
Details
Attached file testcase.html

Found while fuzzing m-c 20231228-33e8ab93d31d (--enable-debug --enable-fuzzing)

To reproduce via Grizzly Replay:

$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay.bugzilla ./firefox/firefox <bugid>

Assertion failure: mOverriddenFingerprintingSettingsIsSet, at /builds/worker/checkouts/gecko/netwerk/base/LoadInfo.cpp:1159

#0 0x7f4cc8e15f5b in mozilla::net::LoadInfo::GetOverriddenFingerprintingSettings() /builds/worker/checkouts/gecko/netwerk/base/LoadInfo.cpp:1157:3
#1 0x7f4cc98e6196 in mozilla::ipc::LoadInfoToParentLoadInfoForwarder(nsILoadInfo*, mozilla::net::ParentLoadInfoForwarderArgs*) /builds/worker/checkouts/gecko/ipc/glue/BackgroundUtils.cpp:946:18
#2 0x7f4cc93f464f in mozilla::net::HttpChannelParent::OnStartRequest(nsIRequest*) /builds/worker/checkouts/gecko/netwerk/protocol/http/HttpChannelParent.cpp:1250:3
#3 0x7f4cc94712d7 in mozilla::net::ParentChannelListener::OnStartRequest(nsIRequest*) /builds/worker/checkouts/gecko/netwerk/protocol/http/ParentChannelListener.cpp:87:25
#4 0x7f4cc93b71f5 in mozilla::net::HttpBaseChannel::DoNotifyListener() /builds/worker/checkouts/gecko/netwerk/protocol/http/HttpBaseChannel.cpp:4408:15
#5 0x7f4cc94e78b1 in mozilla::net::HttpAsyncAborter<mozilla::net::nsHttpChannel>::HandleAsyncAbort() /builds/worker/checkouts/gecko/netwerk/protocol/http/HttpBaseChannel.h:1144:10
#6 0x7f4cc957e059 in operator()<> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1164:18
#7 0x7f4cc957e059 in __invoke_impl<void, (lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9)> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/invoke.h:60:14
#8 0x7f4cc957e059 in __invoke<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9)> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/invoke.h:95:14
#9 0x7f4cc957e059 in __apply_impl<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9), std::tuple<> &> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/tuple:1678:14
#10 0x7f4cc957e059 in apply<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9), std::tuple<> &> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/tuple:1687:14
#11 0x7f4cc957e059 in apply<mozilla::net::nsHttpChannel, void (mozilla::net::nsHttpChannel::*)()> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1162:12
#12 0x7f4cc957e059 in mozilla::detail::RunnableMethodImpl<mozilla::net::nsHttpChannel*, void (mozilla::net::nsHttpChannel::*)(), true, (mozilla::RunnableKind)0>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1213:13
#13 0x7f4cc8c49337 in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:568:16
#14 0x7f4cc8c3eaa6 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:895:26
#15 0x7f4cc8c3d287 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:718:15
#16 0x7f4cc8c3d705 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:504:36
#17 0x7f4cc8c4d2d6 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:222:37
#18 0x7f4cc8c4d2d6 in mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.h:548:5
#19 0x7f4cc8c62642 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1199:16
#20 0x7f4cc8c6978d in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:480:10
#21 0x7f4cc993c9a5 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85:21
#22 0x7f4cc9856471 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:363:3
#23 0x7f4cc9856471 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:345:3
#24 0x7f4cce1815b8 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:148:27
#25 0x7f4cce23e588 in nsAppShell::Run() /builds/worker/checkouts/gecko/widget/gtk/nsAppShell.cpp:470:33
#26 0x7f4ccff02fe4 in nsAppStartup::Run() /builds/worker/checkouts/gecko/toolkit/components/startup/nsAppStartup.cpp:296:30
#27 0x7f4cd006d5e5 in XREMain::XRE_mainRun() /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5709:22
#28 0x7f4cd006ed56 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5918:8
#29 0x7f4cd006f972 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5974:21
#30 0x55e2c12cc067 in do_main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:227:22
#31 0x55e2c12cc067 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:445:16
#32 0x7f4cdd229d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#33 0x7f4cdd229e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#34 0x55e2c12a1e88 in _start (/home/user/workspace/browsers/m-c-20231229205714-fuzzing-debug/firefox-bin+0x58e88) (BuildId: 5f307722611ed43ee5f9e3e1fd0314e185bd83a6)
Flags: in-testsuite?

Unable to reproduce bug 1872412 using build mozilla-central 20231228041217-33e8ab93d31d. Without a baseline, bugmon is unable to analyze this bug.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.

Keywords: bugmon

This member looks like it is purely used in debug scenarios for the privacy team. I'm not totally clear on the entry point of this assert, but kind of looks like an asyncOpen (and abort) without without proper init. Might be able to workaround with an early None return, but that might be an abuse of the intention of this assert and I'm not clear of the implications.

Moving to privacy team.

Component: Networking → Privacy: Anti-Tracking
Assignee: nobody → tihuang
Severity: -- → S3
Priority: -- → P3

This has also been reported while live site testing.

Blocks: site-scout
URL: fast.com/
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: