Assertion failure: mSearchesOngoing > 0 && mSearches.Contains(aSearch), at /builds/worker/checkouts/gecko/toolkit/components/autocomplete/nsAutoCompleteController.cpp:808
Categories
(Toolkit :: Autocomplete, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox-esr128 | --- | fix-optional |
| firefox128 | --- | wontfix |
| firefox129 | --- | wontfix |
| firefox130 | --- | wontfix |
People
(Reporter: tsmith, Unassigned, NeedInfo)
References
(Blocks 1 open bug, Regression)
Details
(4 keywords, Whiteboard: [bugmon:bisected,confirmed])
Attachments
(1 file)
|
298 bytes,
text/html
|
Details |
Found while fuzzing m-c 20240515-f5fee6066c60 (--enable-debug --enable-fuzzing)
To reproduce via Grizzly Replay:
$ pip install fuzzfetch grizzly-framework --upgrade
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay.bugzilla ./firefox/firefox <bugid>
Assertion failure: mSearchesOngoing > 0 && mSearches.Contains(aSearch), at /builds/worker/checkouts/gecko/toolkit/components/autocomplete/nsAutoCompleteController.cpp:808
#0 0x7f4ee21c22b8 in nsAutoCompleteController::OnSearchResult(nsIAutoCompleteSearch*, nsIAutoCompleteResult*) /builds/worker/checkouts/gecko/toolkit/components/autocomplete/nsAutoCompleteController.cpp:808:3
#1 0x7f4ee21c294c in non-virtual thunk to nsAutoCompleteController::OnSearchResult(nsIAutoCompleteSearch*, nsIAutoCompleteResult*) /builds/worker/checkouts/gecko/toolkit/components/autocomplete/nsAutoCompleteController.cpp
#2 0x7f4ee21ca0eb in nsFormFillController::OnSearchCompletion(nsIAutoCompleteResult*) /builds/worker/checkouts/gecko/toolkit/components/satchel/nsFormFillController.cpp:674:19
#3 0x7f4ee21ca18c in non-virtual thunk to nsFormFillController::OnSearchCompletion(nsIAutoCompleteResult*) /builds/worker/checkouts/gecko/toolkit/components/satchel/nsFormFillController.cpp
#4 0x7f4edc014581 in NS_InvokeByIndex /builds/worker/checkouts/gecko/xpcom/reflect/xptcall/md/unix/xptcinvoke_asm_x86_64_unix.S:101
#5 0x7f4edccfabad in Invoke /builds/worker/checkouts/gecko/js/xpconnect/src/XPCWrappedNative.cpp:1620:10
#6 0x7f4edccfabad in CallMethodHelper::Call() /builds/worker/checkouts/gecko/js/xpconnect/src/XPCWrappedNative.cpp:1174:19
#7 0x7f4edccfa8a7 in XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) /builds/worker/checkouts/gecko/js/xpconnect/src/XPCWrappedNative.cpp:1120:23
#8 0x7f4edccfc7a5 in XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:966:10
#9 0x1a370f465be2 ([anon:js-executable-memory]+0x6be2)
|
||
Comment 1•7 months ago
|
||
Verified bug as reproducible on mozilla-central 20240712041551-a52fa2f14d1d.
The bug appears to have been introduced in the following build range:
Start: 8817b19391096abc4d12af946fb59f2867e3d087 (20240415181618)
End: d49ecc17e4ae83fbccee8ffbe50a119039d1e408 (20240415181839)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=8817b19391096abc4d12af946fb59f2867e3d087&tochange=d49ecc17e4ae83fbccee8ffbe50a119039d1e408
|
||
Comment 2•7 months ago
|
||
Based on comment #1, this bug contains a bisection range found by bugmon. However, the Regressed by field is still not filled.
:dimi and :zombie, since you are the authors of the changes in the range, if possible, could you fill the Regressed by field and investigate this regression?
For more information, please visit BugBot documentation.
|
||
Updated•7 months ago
|
|
|
||
Comment 3•7 months ago
|
||
Set release status flags based on info from the regressing bug 1887007
:dimi, since you are the author of the regressor, bug 1887007, could you take a look? Also, could you set the severity field?
For more information, please visit BugBot documentation.
|
||
Updated•7 months ago
|
|
||
Updated•7 months ago
|
|
|
||
Updated•6 months ago
|
Description
•