Closed Bug 648206 Opened 9 years ago Closed 9 years ago
"ASSERTION: bad this object in get" or crash [@ xpc::holder
_get] with Install Trigger
Symptoms are exactly the same as old bug 608963: Debug: ###!!! ASSERTION: bad this object in set: 'wrapper->isProxy()', file js/src/xpconnect/wrappers/XrayWrapper.cpp, line 207 Assertion failure: isProxy(), at jsproxy.h:193 Opt: Crash bp-8c6523b2-2b06-4848-9cbb-089062110406 [@ xpc::holder_set ] Filing as security-sensitive because InstallTrigger/wrappers is a sensitive area.
So, this is one fix for this bug. The other fix that I considered (albeit not for very long) was just to throw in this case. In other words, you wouldn't be allowed to use an Xray wrapper as the prototype of another object. I wasn't sure if there might be a use-case for that though, so I backed off.
Assignee: nobody → mrbkap
Status: NEW → ASSIGNED
Attachment #525190 - Flags: review?(gal)
Comment on attachment 525190 [details] [diff] [review] Proposed fix v1 Common out the code?
Attachment #525190 - Flags: review?(gal) → review+
This appears to have been merged to mozilla-central and is currently on Aurora(6) but not Beta(5). That's probably a fine state to be in since it's internally discovered and old supported releases don't have Xray wrappers. Taking a swag at a sg:critical rating.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Whiteboard: fixed-in-tracemonkey → [sg:critical?] fixed-in-tracemonkey
Target Milestone: --- → mozilla6
You need to log in before you can comment on or make changes to this bug.