Closed Bug 616076 Opened 9 years ago Closed 9 years ago

"ASSERTION: Wrong scope, this is really bad!" printing document with userdata handler

Categories

(Core :: XPConnect, defect)

x86_64
Linux
defect
Not set

Tracking

()

RESOLVED FIXED
Tracking Status
blocking2.0 --- betaN+

People

(Reporter: jruderman, Assigned: smaug)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase, Whiteboard: [sg:critical?])

Attachments

(3 files)

###!!! ASSERTION: Wrong scope, this is really bad!: 'JS_GetGlobalForObject(cx, obj) == newScope', file content/base/src/nsDocument.cpp, line 3786
Attached file stack trace
Got this just opening the Print dialog on the testcase, not actually printing.
If we can figure out how to not assert here so that the fuzzers can continue to work w/o ignoring this assertion then the severity of this would be lowered, but this assertion is a bad one. And the belief atm is that this can't be triggered w/o elevated privelileges. Either way, we should fix this for 2.0 IMO. Olli, can you have a look?
Assignee: nobody → Olli.Pettay
blocking2.0: --- → betaN+
Whiteboard: [sg:critical?]
Attached patch patchSplinter Review
The original document must not know about the print document.
Attachment #496142 - Flags: review?(jst)
Attachment #496142 - Flags: review?(jst) → review+
http://hg.mozilla.org/mozilla-central/rev/19b83d59edbf
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Group: core-security
You need to log in before you can comment on or make changes to this bug.