Crash in [@ nsContentUtils::ObjectPrincipal]
Categories
(Core :: Privacy: Anti-Tracking, defect, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox-esr128 | --- | unaffected |
| firefox128 | --- | unaffected |
| firefox129 | --- | fixed |
| firefox130 | --- | fixed |
People
(Reporter: gsvelto, Assigned: fkilic)
References
(Regression)
Details
(Keywords: crash, regression, topcrash)
Crash Data
Attachments
(1 obsolete file)
Crash report: https://crash-stats.mozilla.org/report/index/4857fe4e-3b99-400e-ac44-3baa90240706
MOZ_CRASH Reason: MOZ_DIAGNOSTIC_ASSERT(!js::IsCrossCompartmentWrapper(aObj))
Top 10 frames:
0 xul.dll nsContentUtils::ObjectPrincipal(JSObject*) dom/base/nsContentUtils.cpp:3675
1 xul.dll mozilla::nsRFPService::IsSoftwareRenderingOptionExposed(JSContext*, JSObject*) toolkit/components/resistfingerprinting/nsRFPService.cpp:1898
2 xul.dll mozilla::dom::CanvasRenderingContext2DSettings::Init(mozilla::dom::BindingCal... dom/bindings/CanvasRenderingContext2DBinding.cpp:463
3 xul.dll mozilla::dom::CanvasRenderingContext2DSettings::Init(JSContext*, JS::Handle<J... dom/bindings/CanvasRenderingContext2DBinding.cpp:502
3 xul.dll mozilla::dom::CanvasRenderingContext2D::SetContextOptions(JSContext*, JS::Han... dom/canvas/CanvasRenderingContext2D.cpp:2025
4 xul.dll mozilla::dom::CanvasRenderingContextHelper::UpdateContext(JSContext*, JS::Han... dom/canvas/CanvasRenderingContextHelper.cpp:275
5 xul.dll mozilla::dom::HTMLCanvasElement::UpdateContext(JSContext*, JS::Handle<JS::Val... dom/html/HTMLCanvasElement.cpp:558
6 xul.dll mozilla::dom::CanvasRenderingContextHelper::GetOrCreateContext(JSContext*, mo... dom/canvas/CanvasRenderingContextHelper.cpp:234
7 xul.dll mozilla::dom::CanvasRenderingContextHelper::GetOrCreateContext(JSContext*, ns... dom/canvas/CanvasRenderingContextHelper.cpp:200
7 xul.dll mozilla::dom::HTMLCanvasElement::GetContext(JSContext*, nsTSubstring<char16_t... dom/html/HTMLCanvasElement.cpp:1086
This appears to be a regression introduced by bug 1899874. I'm not NI?ing the author because he's on PTO so someone else will have to take care of this.
|
||
Comment 1•1 year ago
|
||
:fkilic, since you are the author of the regressor, bug 1899874, could you take a look? Also, could you set the severity field?
For more information, please visit BugBot documentation.
|
Assignee | |
Comment 2•1 year ago
•
|
||
Oh, Tom initialized the bug but then I changed it almost completely. So, I think I can take a look at this instead. I can set the severity but I'm not sure how it happened. Normal canvases seem fine, and the "privileged" canvases we have are also working. I'm not sure what caused it or how often it may happen. So, I'm going to mark it as S3 for now, but there's a chance that I introduced a canvas breaking change.
|
Reporter | |
Comment 3•1 year ago
|
||
All the crashes are in content processes, with the remote type being set to webIsolated. There's no URL but looking for URL-looking strings in the minidumps indicates a handful of different sites. https://outlook.office.com/ comes up a couple of times, so maybe we could start by looking if we can reproduce there.
|
|
||
Comment 4•1 year ago
|
||
Set release status flags based on info from the regressing bug 1899874
|
|
Assignee | |
Comment 5•1 year ago
|
||
|
||
Updated•1 year ago
|
|
||
Comment 6•1 year ago
|
||
Setting Fx130 and Fx129 as Fixed since the regressor Bug 1899874 was backed out of central and beta.
See https://bugzilla.mozilla.org/show_bug.cgi?id=1899874#c8 and https://bugzilla.mozilla.org/show_bug.cgi?id=1899874#c10
|
|
||
Comment 7•1 year ago
|
||
The bug is linked to a topcrash signature, which matches the following criterion:
- Top 10 content process crashes on beta
:fkilic, could you consider increasing the severity of this top-crash bug?
For more information, please visit BugBot documentation.
|
|
Assignee | |
Comment 8•1 year ago
|
||
Sure, we already backed out, but I can increase the severity.
|
||
Updated•1 year ago
|
|
||
Comment 9•1 year ago
|
||
Should we close this and track it via the re-opened regressor since it has been fixed by a backout?
|
|
Assignee | |
Comment 10•1 year ago
|
||
I don't know if this question is directed to me, but I think yes. We can close this issue as we already backed out and the crashes seem to be no longer happening.
|
||
Updated•1 year ago
|
|
|
||
Comment 11•1 year ago
|
||
(In reply to Fatih Kilic from comment #10)
I don't know if this question is directed to me, but I think yes. We can close this issue as we already backed out and the crashes seem to be no longer happening.
It was for anyone :) Thank you!
Description
•