Crash in [@ IPCError-browser | RecvGetPageIconStream Wrong process type]
Categories
(Toolkit :: Places, defect)
Tracking
()
People
(Reporter: alice0775, Unassigned)
References
(Regression)
Details
(Keywords: crash, nightly-community, regression)
Crash Data
Steps to reproduce:
- Visit
page-icon:https://bugzilla.mozilla.org/from the address bar
Actual results:
Tab crashes.
Crash report: https://crash-stats.mozilla.org/report/index/c4dcaaff-1139-4815-ab40-dda700250318
Reason:
EXCEPTION_BREAKPOINT
Top 10 frames:
0 xul.dll icu_76::MaybeStackArray<char, 40>::getCapacity() const intl/icu/source/common/cmemory.h:376
0 xul.dll icu_76::CharString::ensureCapacity(int, int, UErrorCode&) intl/icu/source/common/charstr.cpp:225
0 xul.dll icu_76::CharString::append(char, UErrorCode&) intl/icu/source/common/charstr.cpp:105
0 xul.dll icu_76::UniqueCharStrings::add(char16_t const*, UErrorCode&) intl/icu/source/common/uniquecharstr.h:71
0 xul.dll icu_76::UniqueCharStrings::addByValue(icu_76::UnicodeString, UErrorCode&) intl/icu/source/common/uniquecharstr.h:97
1 xul.dll icu_76::LikelySubtagsData::readLSREncodedStrings(icu_76::ResourceTable const&... intl/icu/source/common/loclikelysubtags.cpp:330
2 xul.dll icu_76::LikelySubtagsData::load(UErrorCode&) intl/icu/source/common/loclikelysubtags.cpp:93
2 xul.dll icu_76::LikelySubtags::initLikelySubtags(UErrorCode&) intl/icu/source/common/loclikelysubtags.cpp:455
3 xul.dll icu_76::umtx_initOnce(icu_76::UInitOnce&, void (*)(UErrorCode&), UErrorCode&) intl/icu/source/common/umutex.h:170
3 xul.dll icu_76::LikelySubtags::getSingleton(UErrorCode&) intl/icu/source/common/loclikelysubtags.cpp:476
|
Reporter | |
Comment 1•1 month ago
|
||
Regression window:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=2a0b1bdc751f08e2c4e1df1ca95c4d4de68b1600&tochange=acf6d2bf1770a30b8021e75bf0cb9d763b29dfd7
Suspect: Bug 1354248
|
||
Comment 2•1 month ago
|
||
Set release status flags based on info from the regressing bug 1354248
:mconley, since you are the author of the regressor, bug 1354248, could you take a look? Also, could you set the severity field?
For more information, please visit BugBot documentation.
|
||
Comment 3•1 month ago
|
||
So I guess there's some mechanism somewhere that's looking at the URL being put into the address bar, decides to open a normal content process for it, and then when that content process attempts to use the page-icon protocol (which should only be used by the privileged about content process), the tab (intentionally) crashes.
Moving to the right component. I'm not sure if we'd ever want to support visiting page-icon: from the URL bar. Certainly the parent process can use the protocol, but I'm not sure it's worth adding logic to the URL bar to handle this case.
|
||
Updated•1 month ago
|
|
||
Comment 4•1 month ago
|
||
(In reply to Mike Conley (:mconley) (:⚙️) from comment #3)
So I guess there's some mechanism somewhere that's looking at the URL being put into the address bar, decides to open a normal content process for it, and then when that content process attempts to use the page-icon protocol (which should only be used by the privileged about content process), the tab (intentionally) crashes.
Yup, there's no special handling for the page-icon protocol in ProcessIsolation.cpp, so it will be allocated to load into a normal content process if it is directly loaded in the URL bar.
I think this check would effectively need to be added as a special case to IsolationBehaviorForURI which checks for page-icon and forces a document load with that URI to be loaded in the privileged about process.
|
||
Comment 5•28 days ago
|
||
We don't have a use-case for supporting page-icon loads directly, and the protocol is for internal use.
For now I'm resolving as WONTFIX, we can re-evaluate in the future if we find a need for it.
|
||
Updated•25 days ago
|
|
||
Updated•8 days ago
|
Description
•