Open
Bug 1882000
Opened 1 year ago
Updated 6 months ago
Assertion failure: !result.IsVoid(), at /builds/worker/checkouts/gecko/dom/localstorage/LSSnapshot.cpp:789
Categories
(Core :: Storage: localStorage & sessionStorage, defect, P3)
Core
Storage: localStorage & sessionStorage
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox125 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug, )
Details
(Keywords: assertion, pernosco, Whiteboard: dom-lws-bugdash-triage)
Found with m-c 20240224-dba8ff89abb9 (--enable-debug --enable-fuzzing)
This was found by visiting a live website with a debug build.
STR:
- Launch browser and visit site
This issue was triggered by visiting http://www.gpfans.com/.
Assertion failure: !result.IsVoid(), at /builds/worker/checkouts/gecko/dom/localstorage/LSSnapshot.cpp:789
0|0|xul.dll|mozilla::dom::LSSnapshot::GetItemInternal(nsTSubstring<char16_t> const&, mozilla::dom::Optional<nsTString<char16_t> > const&, nsTSubstring<char16_t>&)|hg:hg.mozilla.org/mozilla-central:dom/localstorage/LSSnapshot.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|789|0x5b2
0|1|xul.dll|mozilla::dom::LSSnapshot::GetItem(nsTSubstring<char16_t> const&, nsTSubstring<char16_t>&)|hg:hg.mozilla.org/mozilla-central:dom/localstorage/LSSnapshot.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|299|0xdc
0|2|xul.dll|mozilla::dom::LSDatabase::GetItem(mozilla::dom::LSObject*, nsTSubstring<char16_t> const&, nsTSubstring<char16_t>&)|hg:hg.mozilla.org/mozilla-central:dom/localstorage/LSDatabase.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|201|0x6a
0|3|xul.dll|mozilla::dom::LSObject::GetItem(nsTSubstring<char16_t> const&, nsTSubstring<char16_t>&, nsIPrincipal&, mozilla::ErrorResult&)|hg:hg.mozilla.org/mozilla-central:dom/localstorage/LSObject.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|570|0xa3
0|4|xul.dll|mozilla::dom::Storage_Binding::getItem(JSContext*, JS::Handle<JSObject *>, void*, JSJitMethodCallArgs const&)|s3:gecko-generated-sources:5a0f8e009c908197b2a7120f7fc6089c04174c87bac4b92701c4eb883edb9b50683a681e43dc4e91ec4c7dafa0d3721494c09dc73707997e58419244d83ba7a7/dom/bindings/StorageBinding.cpp:|168|0x1fe
0|5|xul.dll|mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy,mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*)|hg:hg.mozilla.org/mozilla-central:dom/bindings/BindingUtils.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|3258|0x1e6
0|6|xul.dll|CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|480|0xf2
0|7|xul.dll|js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|574|0x2cf
0|8|xul.dll|js::Interpret(JSContext*, js::RunState&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|3061|0xb09c
0|9|xul.dll|js::RunScript(JSContext*, js::RunState&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|452|0x235
0|10|xul.dll|js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|606|0x2f1
0|11|xul.dll|js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|673|0x122
0|12|xul.dll|js::jit::InvokeFunction(JSContext*, JS::Handle<JSObject *>, bool, bool, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>)|hg:hg.mozilla.org/mozilla-central:js/src/jit/VMFunctions.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|545|0x6c8
0|13|xul.dll|js::jit::InvokeFromInterpreterStub(JSContext*, js::jit::InterpreterStubExitFrameLayout*)|hg:hg.mozilla.org/mozilla-central:js/src/jit/VMFunctions.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|569|0x116
0|14|||||
0|15|xul.dll|js::SharedShape::slotSpan() const|hg:hg.mozilla.org/mozilla-central:js/src/vm/Shape.h:dba8ff89abb9be706021b6ff359c87e58dda45ce|581|0x1f
0|16|||||
0|17|xul.dll|js::NativeObject::getReservedSlotRef(unsigned int) const|hg:hg.mozilla.org/mozilla-central:js/src/vm/NativeObject.h:dba8ff89abb9be706021b6ff359c87e58dda45ce|1312|0x43
0|18|xul.dll|js::BaseScript::scriptSource() const|hg:hg.mozilla.org/mozilla-central:js/src/vm/JSScript.h:dba8ff89abb9be706021b6ff359c87e58dda45ce|1526|0xe
0|19|||||
0|20|xul.dll|js::jit::MaybeEnterJit(JSContext*, js::RunState&)|hg:hg.mozilla.org/mozilla-central:js/src/jit/Jit.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|261|0x53d
0|21|xul.dll|js::Interpret(JSContext*, js::RunState&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|3100|0xb209
0|22|xul.dll|js::RunScript(JSContext*, js::RunState&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|452|0x235
0|23|xul.dll|js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|606|0x2f1
0|24|xul.dll|js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|673|0x122
0|25|xul.dll|js::fun_apply(JSContext*, unsigned int, JS::Value*)|hg:hg.mozilla.org/mozilla-central:js/src/vm/JSFunction.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|1105|0x413
0|26|xul.dll|CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|480|0xf2
0|27|xul.dll|js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|574|0x2cf
0|28|xul.dll|js::Interpret(JSContext*, js::RunState&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|3061|0xb09c
0|29|xul.dll|js::RunScript(JSContext*, js::RunState&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|452|0x235
0|30|xul.dll|js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|606|0x2f1
0|31|xul.dll|js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|673|0x122
0|32|xul.dll|js::jit::InvokeFunction(JSContext*, JS::Handle<JSObject *>, bool, bool, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>)|hg:hg.mozilla.org/mozilla-central:js/src/jit/VMFunctions.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|545|0x6c8
0|33|xul.dll|js::jit::InvokeFromInterpreterStub(JSContext*, js::jit::InterpreterStubExitFrameLayout*)|hg:hg.mozilla.org/mozilla-central:js/src/jit/VMFunctions.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|569|0x116
0|34|||||
0|35|xul.dll|JS::AutoAssertNoGC::reset()|hg:hg.mozilla.org/mozilla-central:js/src/gc/GCAPI.cpp:dba8ff89abb9be706021b6ff359c87e58dda45ce|165|0x48
0|36|xul.dll|js::PropMapTable::lookup(js::PropMap*, unsigned int, JS::PropertyKey, unsigned int*)|hg:hg.mozilla.org/mozilla-central:js/src/vm/PropMap-inl.h:dba8ff89abb9be706021b6ff359c87e58dda45ce|109|0x15b
|
Reporter | |
Comment 1•1 year ago
|
||
A Pernosco session is available here: https://pernos.co/debug/MdP1o2eQAae20WKfX70dxw/index.html
Keywords: pernosco
|
||
Comment 2•1 year ago
|
||
It looks like we have some edge case that saves a key with a void string in LSSnapshot::mValues.
Jan, could you help to look at it? Thank you.
Severity: -- → S3
Flags: needinfo?(jvarga)
Priority: -- → P3
|
||
Comment 3•1 year ago
|
||
I'll take a look when I have a bit more time.
Assignee: nobody → jvarga
Flags: needinfo?(jvarga)
|
||
Updated•6 months ago
|
Whiteboard: dom-lws-bugdash-triage
|
|
||
Updated•6 months ago
|
Assignee: jan.varga → nobody
You need to log in
before you can comment on or make changes to this bug.
Description
•