Closed Bug 503697 Opened 15 years ago Closed 14 years ago

"Assertion failure: !cx->throwing" with QI getter that throws

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jruderman, Unassigned)

Details

(Keywords: assertion, testcase)

Attachments

(2 files)

testcase (crashes debug Firefox when loaded)
212 bytes, text/html
Details
stack trace for the assertion
9.30 KB, text/plain
Details 
Assertion failure: !cx->throwing, at /Users/jruderman/central/js/src/jsinterp.cpp:6702

Brendan once fixed another bug involving this assertion, in bug 455973.  That bug also involved a throwing getter, but it involved leaving trace rather than XPConnect.

It seems sketchy that a page-defined QI is called as part of nsContentUtils::CanCallerAccess!  In a non-debug build, I get:

Error: uncaught exception: [Exception... "Security error"  code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)"  location: "file:///Users/jruderman/fuzzing/lithium/a.html Line: 2"]

    
    

    
  
WFM.

Probably fixed by bug 503926, in which case chrome JS might still be able to trigger the assertion failure. Do we care?

    
  
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: