Closed
Bug 322683
Opened 19 years ago
Closed 19 years ago
[FIX] Yahoo Beta Mail related crash [@ nsScriptSecurityManager::CheckSameOriginPrincipalInternal()]
Categories
(Core :: XSLT, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: Peter6, Assigned: bzbarsky)
References
Details
(4 keywords, Whiteboard: required for 317380 [rft-dl])
Crash Data
Attachments
(1 file)
5.01 KB,
patch
|
sicking
:
review+
bryner
:
superreview+
peterv
:
approval-branch-1.8.1+
dveditz
:
approval1.8.0.2+
|
Details | Diff | Splinter Review |
There is no clear regressionwindow/cause found for this bug but it is too critical to wait reporting reported on Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060106 Firefox/1.5 ID:2006010603 TB13674807W and Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8) Gecko/20060106 Firefox/1.5 ID:2006010603 TB13673645G Incident ID: 13674807 Stack Signature nsScriptSecurityManager::CheckSameOriginPrincipalInternal b86a7215 Product ID Firefox2 Build ID 2006010603 Trigger Time 2006-01-07 07:25:35.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module firefox.exe + (0009fcca) URL visited Yahoo! Beta Mail User Comments Since Last Crash 3730 sec Total Uptime 3730 sec Trigger Reason Access violation Source File, Line No. c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/caps/src/nsScriptSecurityManager.cpp, line 849 Stack Trace nsScriptSecurityManager::CheckSameOriginPrincipalInternal [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/caps/src/nsScriptSecurityManager.cpp, line 849] nsScriptSecurityManager::CheckSameOriginPrincipal [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/caps/src/nsScriptSecurityManager.cpp, line 596] nsGenericElement::doReplaceChild [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsGenericElement.cpp, line 3583] nsDocument::ReplaceChild [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsDocument.cpp, line 3526] XPCWrappedNative::CallMethod [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2139] XPC_WN_CallMethod [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1444] js_Invoke [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177] js_Interpret [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3523] js_Invoke [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197] js_Interpret [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3523] js_Invoke [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197] fun_apply [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsfun.c, line 1606] js_Invoke [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177] js_Interpret [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3523] js_Invoke [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197] nsXPCWrappedJSClass::CallMethod [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp, line 1369] nsXPCWrappedJS::CallMethod [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp, line 462] SharedStub [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 147] nsXMLHttpRequest::ChangeState [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp, line 1857] nsXMLHttpRequest::RequestCompleted [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp, line 1411] nsXMLHttpRequest::OnStopRequest [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp, line 1359] nsMultipartProxyListener::OnStopRequest [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp, line 202]
Updated•19 years ago
|
Assignee: nobody → dveditz
Component: General → Security: CAPS
Product: Firefox → Core
QA Contact: general
Version: 1.5 Branch → 1.8 Branch
*** Bug 322684 has been marked as a duplicate of this bug. ***
Reporter | ||
Comment 2•19 years ago
|
||
note: on trunk this is Bug 322480 with a completely different trace ,[@ js3250.dll]
Reporter | ||
Comment 3•19 years ago
|
||
This is reported NOT to crash in Firefox 1.5.0.1 Mac -> http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2006-01-06-03-mozilla1.8.0/
Confirmed crash on: New Profile and No Exts... Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060106 Firefox/1.5 ID:2006010603 TB13680380W *** However upon advice from Peter's Official Win32 20060108 Thread: can you both try this build, Firefox 1.5.0.1 Windows -> http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2006-01-06-05-mozilla1.8.0/ Does not produce a crash
Two crashes today; it does NOT happen every time I login/return. Talkback IDs: TB13684357E TB13682156Y Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060107 Firefox/1.5
Peter(6) wrote: Just to get things straight, it works in the 20060105 nighty branch build it crashes in the 20060106 nighty branch build correct ?[/quote] No crash reported on: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060105 Firefox/1.5 Although the FF script pop-up comes on (but evenually it continues), more then likely coding @Yahoo! Mail Beta, but at least this will now give Devs a definite regression period...
Reporter | ||
Comment 7•19 years ago
|
||
regressionwindow works in 20060105 0420pst build fails in 20060106 0415pst build http://tinderbox.mozilla.org/bonsai/cvsquery.cgi?treeid=default&module=AviarySuiteBranchTinderbox&branch=MOZILLA_1_8_BRANCH&branchtype=match&filetype=match&whotype=match&sortby=Date&hours=2&date=explicit&mindate=20060105+0330&maxdate=20060106+0415&cvsroot=%2Fcvsroot
Reporter | ||
Comment 8•19 years ago
|
||
Ria, do you have any branch builds between these 2 nightlies ?
Comment 9•19 years ago
|
||
(In reply to comment #8) No. Another Yahoo beta mail crash: Bug 322722.
Comment 10•19 years ago
|
||
After binary searching throught the relevant commits, backing this out allows me to use Yahoo Mail 2.0Beta again on FC4/i686: http://tinderbox.mozilla.org/bonsai/cvsquery.cgi?treeid=default&module=AviarySuiteBranchTinderbox&branch=MOZILLA_1_8_BRANCH&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=20060105+1320&maxdate=20060105+1322&cvsroot=%2Fcvsroot
Assignee | ||
Comment 11•19 years ago
|
||
Greg, what are the steps to reproduce this crash? I don't see any in this bug...
Flags: blocking1.9a1?
Flags: blocking1.8.1?
Comment 12•19 years ago
|
||
(In reply to comment #11) > Greg, what are the steps to reproduce this crash? I don't see any in this > bug... Login to Yahoo Mail Beta (http://mail.yahoo.com/, requires access to the beta program)... after authentication it partially loads, displays a "Loading Yahoo Mail" interstitial message, then the browser crashes before it ever renders the complete, normal mail user interface. I also rebuilt the tip of MOZILLA_1_8_BRANCH, verified it still fails, then backed out only the Bug 317380 changes and verified that no longer fails (FC4). This fails on Solaris SPARC as well, the recompile with the changes backed out hasn't finished yet.
Assignee | ||
Updated•19 years ago
|
Assignee | ||
Comment 13•19 years ago
|
||
So the problem here is that the patch for bug 317380 assumes that all documents have a channel. That's not the case. For example, a document created via DOMImplementation has no channel and can be a perfectly valid source document for XSLT. That said, the old code didn't handle principals right, in my opinion. That is, the result doc ended up with a principal based on the URI of the source doc, whereas I assume it should end up with the same principal. So perhaps this code needs an explicit SetPrincipal call?
Flags: blocking1.9a1? → blocking1.9a1+
Yes, very good point. We should absolutly do that.
Assignee | ||
Comment 15•19 years ago
|
||
This lets me log in to yahoo mail beta...
Attachment #208105 -
Flags: superreview?(bryner)
Attachment #208105 -
Flags: review?(bugmail)
Assignee | ||
Updated•19 years ago
|
Assignee: dveditz → bzbarsky
Component: Security: CAPS → XSLT
Priority: -- → P1
Target Milestone: --- → mozilla1.8.1
Version: 1.8 Branch → Trunk
Assignee | ||
Updated•19 years ago
|
Summary: Yahoo Beta Mail related crash [@ nsScriptSecurityManager::CheckSameOriginPrincipalInternal()] → [FIX] Yahoo Beta Mail related crash [@ nsScriptSecurityManager::CheckSameOriginPrincipalInternal()]
Attachment #208105 -
Flags: review?(bugmail) → review+
Updated•19 years ago
|
Attachment #208105 -
Flags: superreview?(bryner) → superreview+
Assignee | ||
Comment 16•19 years ago
|
||
Comment on attachment 208105 [details] [diff] [review] Proposed patch We need to fix this on the 1.8.x branch, since bug 317380 landed there.
Attachment #208105 -
Flags: approval1.8.1?
Assignee | ||
Comment 17•19 years ago
|
||
Fixed on trunk.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Target Milestone: mozilla1.8.1 → mozilla1.9alpha
Comment 18•19 years ago
|
||
Comment on attachment 208105 [details] [diff] [review] Proposed patch >Index: content/xslt/src/base/txURIUtils.cpp >=================================================================== >+ // XXXbz passing nsnull as the first arg to Reset is illegal > aNewDoc->Reset(nsnull, nsnull); >+ // XXXbz passing nsnull as the first arg to Reset is illegal > aNewDoc->Reset(nsnull, nsnull); Can you please file a bug on this? (It wasn't illegal when the code was written)
Assignee | ||
Comment 19•19 years ago
|
||
Filed bug 323554
Updated•19 years ago
|
Attachment #208105 -
Flags: approval1.8.1? → branch-1.8.1?(bugmail)
Attachment #208105 -
Flags: branch-1.8.1?(bugmail) → branch-1.8.1?(peterv)
Updated•18 years ago
|
Flags: blocking1.8.0.2+
Whiteboard: required for 317380
Assignee | ||
Updated•18 years ago
|
Attachment #208105 -
Flags: approval1.8.0.2?
Comment 20•18 years ago
|
||
Comment on attachment 208105 [details] [diff] [review] Proposed patch approved for 1.8.0 branch, a=dveditz for drivers
Attachment #208105 -
Flags: approval1.8.0.2? → approval1.8.0.2+
Comment 22•18 years ago
|
||
Marking [rft-dl] (ready for testing in Firefox 1.5.0.2 release candidates). Testing will consist of logging in to yahoo mail beta. Please comment if additional testing is recommended.
Whiteboard: required for 317380 → required for 317380 [rft-dl]
Comment 23•18 years ago
|
||
v.fixed on 1.8.0 branch with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060302 Firefox/1.5.0.1, I'm able to login and out of Yahoo! Mail Beta with no crashes... as well as actually use it without problems (although there are TONS of js warnings). ;-)
Keywords: fixed1.8.0.2 → verified1.8.0.2
Updated•18 years ago
|
Attachment #208105 -
Flags: approval-branch-1.8.1?(peterv) → approval-branch-1.8.1+
Comment 24•18 years ago
|
||
*** Bug 331975 has been marked as a duplicate of this bug. ***
Is there a chance that the patch in this bug never having landed on the 1.8(.1) branch (only on trunk and 1.8.0, at least as far as I can discover via keywords and bonsai) is causing Camino 1.8-branch builds and BonEcho nightlies to never finish loading the new Yahoo Mail Beta (bug 336708)?
Assignee | ||
Comment 26•18 years ago
|
||
Yeah, this never landed on 1.8 branch. Since I didn't request the approval, and there was no comment when it was granted, I never got bugmail about it... I'll try to get this checked in Sunday, I guess.
Boris, just checking to make sure that this is still on your radar for landing whenever 1.8 finally reopens....
Assignee | ||
Comment 28•18 years ago
|
||
It is, yes. Too bad there's no way to indicate this to others short of giving them access to my IMAP account. ;)
Assignee | ||
Updated•18 years ago
|
Flags: blocking1.8.1?
Updated•13 years ago
|
Crash Signature: [@ nsScriptSecurityManager::CheckSameOriginPrincipalInternal()]
You need to log in
before you can comment on or make changes to this bug.
Description
•