1876034 - Crash [@ mozilla::dom::WindowGlobalChild::SetDocumentURI ]

Status: RESOLVED FIXED

(Core :: DOM: Content Processes, defect)

Description

[Artur Iunusov]

0 mozilla::dom::WindowGlobalChild::SetDocumentURI(nsIURI*) dom/ipc/WindowGlobalChild.cpp:609 context
1 xul.dll mozilla::dom::Document::SetDocumentURI(nsIURI*) dom/base/Document.cpp:4124 cfi
2 xul.dll nsEditingSession::OnLocationChange(nsIWebProgress*, nsIRequest*, nsIURI*, unsigned int) editor/composer/nsEditingSession.cpp:719 cfi
3 xul.dll nsDocLoader::FireOnLocationChange(nsIWebProgress*, nsIRequest*, nsIURI*, unsigned int) uriloader/base/nsDocLoader.cpp:1364 cfi
4 xul.dll nsDocShell::SetCurrentURI(nsIURI*, nsIRequest*, bool, bool, unsigned int) docshell/base/nsDocShell.cpp:1561 cfi
5 xul.dll nsDocShell::SetCurrentURIForSessionStore(nsIURI*) docshell/base/nsDocShell.cpp:1508 cfi
6 xul.dll mozilla::dom::SessionStoreUtils::RestoreDocShellState(nsIDocShell*, mozilla::dom::sessionstore::DocShellRestoreState const&) toolkit/components/sessionstore/SessionStoreUtils.cpp:1681 cfi
7 xul.dll mozilla::dom::WindowGlobalChild::RecvRestoreDocShellState(mozilla::dom::sessionstore::DocShellRestoreState const&, std::function<void (const bool&)>&&) dom/ipc/WindowGlobalChild.cpp:526 cfi
8 xul.dll mozilla::dom::PWindowGlobalChild::OnMessageReceived(IPC::Message const&) ipc/ipdl/PWindowGlobalChild.cpp:1577 cfi
9 xul.dll mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) ipc/ipdl/PContentChild.cpp:8321 cfi
10 xul.dll mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) ipc/glue/MessageChannel.cpp:1813 inlined
10 xul.dll mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::UniquePtr<IPC::Message, mozilla::DefaultDelete<IPC::Message> >) ipc/glue/MessageChannel.cpp:1732 inlined
10 xul.dll mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&) ipc/glue/MessageChannel.cpp:1525 inlined
10 xul.dll mozilla::ipc::MessageChannel::MessageTask::Run() ipc/glue/MessageChannel.cpp:1623 cfi
11 xul.dll mozilla::RunnableTask::Run()

Comment 1

[Artur Iunusov]

Attachment: Bug 1876034 - don't bother to restore current uri, if there is another uri already, r=smaug

• caused by inconsistent mCurrentURI state in SetCurrentURIForSessionStore

Comment 2

[Andrew McCreight [:mccr8]]

Is the crash itself a security issue or did you hide it because the regressor is a security bug?

Comment 3

[Olli Pettay [:smaug][bugs@pettay.fi]]

The latter, this itself isn't really a security bug. But we need to fix this before we can enabled the other stuff on release.
The regressor was sec-moderate, so I think this can land

Comment 5

[Pulsebot]

Pushed by opettay@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/cca55ff9e811
don't bother to restore current uri, if there is another uri already, r=smaug

Comment 6

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

Backed out
https://hg.mozilla.org/integration/autoland/rev/015918f6142338b13a563f44b9e7d80077aeb80b

Push with failures
Failure log

toolkit/components/sessionstore/SessionStoreUtils.cpp(1681,5): error: incomplete type 'nsDocShell' named in nested name specifier

Comment 7

[Pulsebot]

Pushed by opettay@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a57b2ca28758
don't bother to restore current uri, if there is another uri already, r=smaug

Comment 8

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

https://hg.mozilla.org/mozilla-central/rev/a57b2ca28758

Comment 9

[BugBot [:suhaib / :marco/ :calixte]]

The patch landed in nightly and beta is affected.
:aiunusov, is this bug important enough to require an uplift?

• If yes, please nominate the patch for beta approval.
• If no, please set status-firefox123 to wontfix.

For more information, please visit BugBot documentation.

Comment 10

[Artur Iunusov]

Testing on Nightly looks good
So, I would nominate for Beta

(but it seems I have no enough right for that. And currently I am in PTO till the end of this week)

Comment 11

[Andrew McCreight [:mccr8]]

I added canconfirm and editbugs for you just now. I'm not sure why you didn't have those.

Maybe Olli can do the uplift as you are out this week.

Comment 12

[Artur Iunusov]

I figured it out, and can create uplift request by myself

Comment 13

[Artur Iunusov]

Comment on attachment 9375984 [details]
Bug 1876034 - don't bother to restore current uri, if there is another uri already, r=smaug

Beta/Release Uplift Approval Request

• User impact if declined: Small amount of the startup crashes. Like 1 or two crash reports on https://crash-stats.mozilla.org
• Is this code covered by automated tests?: No
• Has the fix been verified in Nightly?: Yes
• Needs manual test from QE?: No
• If yes, steps to reproduce:
• List of other uplifts needed: None
• Risk to taking this patch: Low
• Why is the change risky/not risky? (and alternatives if risky): Only affects SetCurrentURIForSessionStore call. So, not very risky
• String changes made/needed:
• Is Android affected?: Yes

Comment 14

[Pascal Chevrel:pascalc]

Comment on attachment 9375984 [details]
Bug 1876034 - don't bother to restore current uri, if there is another uri already, r=smaug

Approved for 123 beta 6, thanks.

Comment 15

[Pulsebot]

https://hg.mozilla.org/releases/mozilla-beta/rev/d1cc1c2b240e