Closed
Bug 623850
Opened 14 years ago
Closed 13 years ago
"ASSERTION: Why are we being called with a pending exception?" in nsJSContext::CompileEventHandler after pushState
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 637116
People
(Reporter: jruderman, Assigned: mrbkap)
Details
(Keywords: assertion, testcase)
Attachments
(4 files)
###!!! ASSERTION: Why are we being called with a pending exception?: '!::JS_IsExceptionPending(mContext)', file dom/base/nsJSEnvironment.cpp, line 2014
Reporter | ||
Updated•14 years ago
|
Group: core-security
Reporter | ||
Updated•14 years ago
|
Attachment #501938 -
Attachment is private: false
Reporter | ||
Comment 1•14 years ago
|
||
Reporter | ||
Comment 2•14 years ago
|
||
Triggers the same assertion as testcase 1, plus this fatal assertion: Assertion failure: compartment mismatched, at js/src/jscntxtinlines.h:542 (JS_SetPendingException)
Reporter | ||
Comment 3•14 years ago
|
||
Comment 4•14 years ago
|
||
Make mismatches always blocking 2.0
Updated•14 years ago
|
Comment 5•14 years ago
|
||
Are you sure this is TM tip/m-c? I think I fixed this bug (the mismatch part).
Reporter | ||
Comment 6•14 years ago
|
||
The "compartment mismatch" part seems to be gone (mozilla-central badef0f336d2).
Comment 7•14 years ago
|
||
I can't judge the severity of the rest of the bug. jst?
Updated•14 years ago
|
Assignee: nobody → jst
Whiteboard: [sg:needinfo]
Reporter | ||
Updated•14 years ago
|
Whiteboard: [sg:needinfo]
Comment 8•14 years ago
|
||
This is not a security bug. Per mrbkap's debugging the problem here is that we call pushState() on an iframe, running on the calling window's context, then pushState() does its JSON serialization on the iframe's context and ends up leaving a pending exception hanging on that context. Then, next time we end up doing things on the iframe's context we see the pending exception and assert. While this is wrong, it's effectively harmless. Opening this bug up. mrbkap will look at this once Firefox 4 is out the door.
Assignee: jst → mrbkap
Group: core-security
This has been fixed, presumably by Bug 637116.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•