Closed Bug 1878773 Opened 3 months ago Closed 2 months ago

Assertion failure: !aSpan.IsEmpty(), at /builds/worker/checkouts/gecko/dom/ipc/JSValidatorChild.cpp:182

Tracking

()

Status:

RESOLVED FIXED

Milestone:

125 Branch

Tracking Flags:

Tracking

Status

firefox-esr115

---

wontfix

firefox123

---

wontfix

firefox124

---

wontfix

firefox125

---

fixed

People

(Reporter: tsmith, Assigned: sefeng)

References

(Blocks 2 open bugs,
URL
)

Details

(Keywords: assertion, pernosco)

Attachments

(1 file)

Bug 1878773 - Make JSValidatorChild to validate empty spans as failures 2 months ago Sean Feng [:sefeng] 48 bytes, text/x-phabricator-request		Details \| Review

Tyson Smith [:tsmith]

Reporter

Description

•

3 months ago

Found with m-c 20240205-9ca12d444230 (--enable-debug --enable-fuzzing)

This was found by visiting a live website with a debug build.

STR:

Launch browser and visit site

This issue was triggered by visiting http://www.kurir.rs/.

Assertion failure: !aSpan.IsEmpty(), at /builds/worker/checkouts/gecko/dom/ipc/JSValidatorChild.cpp:182

0|0|xul.dll|mozilla::dom::JSValidatorChild::ShouldAllowJS(mozilla::Span<const char,4294967295> const&) const|hg:hg.mozilla.org/mozilla-central:dom/ipc/JSValidatorChild.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|182|0x368
0|1|xul.dll|mozilla::dom::JSValidatorChild::RecvOnStopRequest(nsresult const&, nsTSubstring<char> const&, nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&)|hg:hg.mozilla.org/mozilla-central:dom/ipc/JSValidatorChild.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|117|0x13d
0|2|xul.dll|mozilla::dom::PJSValidatorChild::OnMessageReceived(IPC::Message const&)|s3:gecko-generated-sources:bc7fe9677bcf875b48ae339eb267d87328fdfa2c5c1ce4d5634671dfae445019d9bbc40976549b6af84ecb045252c16a6aa280fb19942614cd57796f5437a9ab/ipc/ipdl/PJSValidatorChild.cpp:|264|0xa1e
0|3|xul.dll|mozilla::dom::PJSOracleChild::OnMessageReceived(IPC::Message const&)|s3:gecko-generated-sources:4974dc67e183b52c4243f14791cdf7f985885fe9ca22ae9901344a697f6df86004c40b264f43d732a2533493473162df17e4dc2af7e4dbda107c2bf0c377e384/ipc/ipdl/PJSOracleChild.cpp:|169|0x2f2
0|4|xul.dll|mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|1813|0x128
0|5|xul.dll|mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::UniquePtr<IPC::Message,mozilla::DefaultDelete<IPC::Message> >)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|1732|0x1f3
0|6|xul.dll|mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|1525|0x155
0|7|xul.dll|mozilla::ipc::MessageChannel::MessageTask::Run()|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|1623|0xba
0|8|xul.dll|mozilla::RunnableTask::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskController.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|578|0x1b
0|9|xul.dll|mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex &> const&)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskController.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|905|0xa9b
0|10|xul.dll|mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex &> const&)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskController.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|728|0x56
0|11|xul.dll|mozilla::TaskController::ProcessPendingMTTask(bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskController.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|514|0x51
0|12|xul.dll|mozilla::detail::RunnableFunction<`lambda at /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:232:7'>::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.h:9ca12d444230411e2168420a584a7f95e90c1f97|548|0x13
0|13|xul.dll|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|1199|0x772
0|14|xul.dll|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|480|0x41
0|15|xul.dll|mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|85|0xc4
0|16|xul.dll|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:9ca12d444230411e2168420a584a7f95e90c1f97|370|0x82
0|17|xul.dll|MessageLoop::RunHandler()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:9ca12d444230411e2168420a584a7f95e90c1f97|363|0x72
0|18|xul.dll|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:9ca12d444230411e2168420a584a7f95e90c1f97|345|0x55
0|19|xul.dll|nsBaseAppShell::Run()|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|148|0x24
0|20|xul.dll|nsAppShell::Run()|hg:hg.mozilla.org/mozilla-central:widget/windows/nsAppShell.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|822|0x15e
0|21|xul.dll|XRE_RunAppShell()|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|721|0x60
0|22|xul.dll|mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|235|0x37
0|23|xul.dll|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:9ca12d444230411e2168420a584a7f95e90c1f97|370|0x82
0|24|xul.dll|MessageLoop::RunHandler()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:9ca12d444230411e2168420a584a7f95e90c1f97|363|0x72
0|25|xul.dll|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:9ca12d444230411e2168420a584a7f95e90c1f97|345|0x55
0|26|xul.dll|XRE_InitChildProcess(int, char**, XREChildData const*)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|656|0x841
0|27|xul.dll|mozilla::BootstrapImpl::XRE_InitChildProcess(int, char**, XREChildData const*)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/Bootstrap.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|67|0x10
0|28|firefox.exe|NS_internal_main(int, char**, char**)|hg:hg.mozilla.org/mozilla-central:browser/app/nsBrowserApp.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|375|0x293
0|29|firefox.exe|wmain(int, wchar_t**)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsWindowsWMain.cpp:9ca12d444230411e2168420a584a7f95e90c1f97|151|0x1d4
0|30|firefox.exe|__scrt_common_main_seh()|/builds/worker/workspace/obj-build/browser/app/D:/a/_work/1/s/src/vctools/crt/vcstartup/src/startup/exe_common.inl|288|0xf9
0|31|kernel32.dll||||
0|32|ntdll.dll||||
0|33|ntdll.dll||||

Tyson Smith [:tsmith]

Reporter

Comment 1

•

3 months ago

A Pernosco session is available here: https://pernos.co/debug/h7L4PhCBawMWUUcETk7M9A/index.html

Keywords: pernosco

Andrew McCreight [:mccr8]

Comment 2

•

3 months ago

Sean, do you know where issues in this code should go?

Component: DOM: Content Processes → JavaScript Engine

Flags: needinfo?(sefeng)

Nicolas B. Pierron [:nbp]

Updated

•

3 months ago

Blocks: orb

Severity: -- → S4

Priority: -- → P2

Sean Feng [:sefeng]

Assignee

Comment 3

•

2 months ago

Attached file Bug 1878773 - Make JSValidatorChild to validate empty spans as failures — Details

Phabricator Automation

Updated

•

2 months ago

Assignee: nobody → sefeng

Status: NEW → ASSIGNED

Sean Feng [:sefeng]

Assignee

Updated

•

2 months ago

Flags: needinfo?(sefeng)

Pulsebot

Comment 4

•

2 months ago

Pushed by sefeng@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b2da2141db25
Make JSValidatorChild to validate empty spans as failures r=farre,dom-core

pstanciu

Comment 5

•

2 months ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/b2da2141db25

Status: ASSIGNED → RESOLVED

Closed: 2 months ago

status-firefox125: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → 125 Branch

Dianna Smith [:diannaS] - on Leave, back on August 9th

Updated

•

2 months ago

status-firefox124: affected → fix-optional

BugBot [:suhaib / :marco/ :calixte]

Comment 6

•

2 months ago

The patch landed in nightly and beta is affected.
:sefeng, is this bug important enough to require an uplift?

If yes, please nominate the patch for beta approval.
If no, please set status-firefox124 to wontfix.

For more information, please visit BugBot documentation.

Flags: needinfo?(sefeng)

Sean Feng [:sefeng]

Assignee

Comment 7

•

2 months ago

Not important enough to require an uplift.

status-firefox124: fix-optional → wontfix

Flags: needinfo?(sefeng)

Ryan VanderMeulen [:RyanVM]

Updated

•

2 months ago

status-firefox123: --- → wontfix

status-firefox-esr115: --- → wontfix

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Assertion failure: !aSpan.IsEmpty(), at /builds/worker/checkouts/gecko/dom/ipc/JSValidatorChild.cpp:182

Categories

(Core :: JavaScript Engine, defect, P2)

Tracking

()

People

(Reporter: tsmith, Assigned: sefeng)

References

(Blocks 2 open bugs,
URL
)

Details

(Keywords: assertion, pernosco)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Updated

Comment 3

Updated

Updated

Comment 4

Comment 5

Updated

Comment 6

Comment 7

Updated

Attachment

General

Description

File Name

Content Type