Crash in [@ nsContentUtils::ObjectPrincipal]
Categories
(Core :: Privacy: Anti-Tracking, defect, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox-esr128 | --- | unaffected |
| firefox128 | --- | unaffected |
| firefox129 | --- | fixed |
| firefox130 | --- | fixed |
People
(Reporter: gsvelto, Assigned: fkilic)
References
(Regression)
Details
(Keywords: crash, regression, topcrash)
Crash Data
Attachments
(1 obsolete file)
Crash report: https://crash-stats.mozilla.org/report/index/4857fe4e-3b99-400e-ac44-3baa90240706
MOZ_CRASH Reason: MOZ_DIAGNOSTIC_ASSERT(!js::IsCrossCompartmentWrapper(aObj))
Top 10 frames:
0 xul.dll nsContentUtils::ObjectPrincipal(JSObject*) dom/base/nsContentUtils.cpp:3675
1 xul.dll mozilla::nsRFPService::IsSoftwareRenderingOptionExposed(JSContext*, JSObject*) toolkit/components/resistfingerprinting/nsRFPService.cpp:1898
2 xul.dll mozilla::dom::CanvasRenderingContext2DSettings::Init(mozilla::dom::BindingCal... dom/bindings/CanvasRenderingContext2DBinding.cpp:463
3 xul.dll mozilla::dom::CanvasRenderingContext2DSettings::Init(JSContext*, JS::Handle<J... dom/bindings/CanvasRenderingContext2DBinding.cpp:502
3 xul.dll mozilla::dom::CanvasRenderingContext2D::SetContextOptions(JSContext*, JS::Han... dom/canvas/CanvasRenderingContext2D.cpp:2025
4 xul.dll mozilla::dom::CanvasRenderingContextHelper::UpdateContext(JSContext*, JS::Han... dom/canvas/CanvasRenderingContextHelper.cpp:275
5 xul.dll mozilla::dom::HTMLCanvasElement::UpdateContext(JSContext*, JS::Handle<JS::Val... dom/html/HTMLCanvasElement.cpp:558
6 xul.dll mozilla::dom::CanvasRenderingContextHelper::GetOrCreateContext(JSContext*, mo... dom/canvas/CanvasRenderingContextHelper.cpp:234
7 xul.dll mozilla::dom::CanvasRenderingContextHelper::GetOrCreateContext(JSContext*, ns... dom/canvas/CanvasRenderingContextHelper.cpp:200
7 xul.dll mozilla::dom::HTMLCanvasElement::GetContext(JSContext*, nsTSubstring<char16_t... dom/html/HTMLCanvasElement.cpp:1086
This appears to be a regression introduced by bug 1899874. I'm not NI?ing the author because he's on PTO so someone else will have to take care of this.
|
||
Comment 1•7 months ago
|
||
:fkilic, since you are the author of the regressor, bug 1899874, could you take a look? Also, could you set the severity field?
For more information, please visit BugBot documentation.
|
Assignee | |
Comment 2•7 months ago
•
|
||
Oh, Tom initialized the bug but then I changed it almost completely. So, I think I can take a look at this instead. I can set the severity but I'm not sure how it happened. Normal canvases seem fine, and the "privileged" canvases we have are also working. I'm not sure what caused it or how often it may happen. So, I'm going to mark it as S3 for now, but there's a chance that I introduced a canvas breaking change.
|
Reporter | |
Comment 3•7 months ago
|
||
All the crashes are in content processes, with the remote type being set to webIsolated. There's no URL but looking for URL-looking strings in the minidumps indicates a handful of different sites. https://outlook.office.com/ comes up a couple of times, so maybe we could start by looking if we can reproduce there.
|
|
||
Comment 4•7 months ago
|
||
Set release status flags based on info from the regressing bug 1899874
|
|
Assignee | |
Comment 5•7 months ago
|
||
|
||
Updated•7 months ago
|
|
||
Comment 6•7 months ago
|
||
Setting Fx130 and Fx129 as Fixed since the regressor Bug 1899874 was backed out of central and beta.
See https://bugzilla.mozilla.org/show_bug.cgi?id=1899874#c8 and https://bugzilla.mozilla.org/show_bug.cgi?id=1899874#c10
|
|
||
Comment 7•7 months ago
|
||
The bug is linked to a topcrash signature, which matches the following criterion:
- Top 10 content process crashes on beta
:fkilic, could you consider increasing the severity of this top-crash bug?
For more information, please visit BugBot documentation.
|
|
Assignee | |
Comment 8•7 months ago
|
||
Sure, we already backed out, but I can increase the severity.
|
||
Updated•7 months ago
|
|
||
Comment 9•7 months ago
|
||
Should we close this and track it via the re-opened regressor since it has been fixed by a backout?
|
|
Assignee | |
Comment 10•7 months ago
|
||
I don't know if this question is directed to me, but I think yes. We can close this issue as we already backed out and the crashes seem to be no longer happening.
|
||
Updated•7 months ago
|
|
|
||
Comment 11•7 months ago
|
||
(In reply to Fatih Kilic from comment #10)
I don't know if this question is directed to me, but I think yes. We can close this issue as we already backed out and the crashes seem to be no longer happening.
It was for anyone :) Thank you!
Description
•