Closed Bug 672251 Opened 13 years ago Closed 6 years ago

content/base/test/test_bug431701.html hits ###!!! ASSERTION: Principal mismatch. Expect bad things to happen: '!objPrin || objPrin->GetPrincipal() == principal', file ../../../../../js/src/xpconnect/src/xpcwrappednative.cpp, line 3157

Categories

(Core :: XPConnect, defect)

x86
Linux
defect
Not set
normal

Tracking

()

RESOLVED INACTIVE

People

(Reporter: khuey, Unassigned)

Details

(Keywords: regression)

bz says this is related to using a system XHR: ###!!! ASSERTION: Principal mismatch. Expect bad things to happen: '!objPrin || objPrin->GetPrincipal() == principal', file ../../../../../js/src/xpconnect/src/xpcwrappednative.cpp, line 3157 XPCWrappedNative::GetObjectPrincipal [xpcwrappednative.cpp:3159] nsXPConnect::GetPrincipal [nsXPConnect.cpp:2687] nsScriptSecurityManager::doGetObjectPrincipal [nsScriptSecurityManager.cpp:2455] nsScriptSecurityManager::CheckPropertyAccessImpl [nsScriptSecurityManager.cpp:788] nsScriptSecurityManager::CanAccess [nsScriptSecurityManager.cpp:3172] XPCWrappedNative::CallMethod [xpcwrappednative.cpp:2326] XPCWrappedNative::GetAttribute [xpcprivate.h:2591] XPC_WN_GetterSetter [xpcwrappednativejsops.cpp:1642] js::CallJSNative [jscntxtinlines.h:281] js::Invoke [jsinterp.cpp:656] js::Invoke [jsinterp.h:169] js::ExternalInvoke [jsinterp.cpp:805] js::ExternalGetOrSet [jsinterp.cpp:846] js::Shape::get [jsscopeinlines.h:270] js_NativeGetInline [jsobj.cpp:5151] js_GetPropertyHelperWithShapeInline [jsobj.cpp:5333] js_GetPropertyHelperInline [jsobj.cpp:5354] js_GetPropertyHelper [jsobj.cpp:5361] js::Interpret [jsinterp.cpp:3583] js::RunScript [jsinterp.cpp:614] js::Invoke [jsinterp.cpp:686] js::Invoke [jsinterp.h:169] js_fun_apply [jsfun.cpp:1905] js::CallJSNative [jscntxtinlines.h:281] js::Invoke [jsinterp.cpp:656] js::Interpret [jsinterp.cpp:4076] js::RunScript [jsinterp.cpp:614] js::Invoke [jsinterp.cpp:686] js::Invoke [jsinterp.h:169] js::ExternalInvoke [jsinterp.cpp:805] JS_CallFunctionValue [jsapi.cpp:5064] nsJSContext::CallEventHandler [nsJSEnvironment.cpp:1906] nsJSEventListener::HandleEvent [nsJSEventListener.cpp:224] nsEventListenerManager::HandleEventSubType [nsEventListenerManager.cpp:1080] nsEventListenerManager::HandleEventInternal [nsEventListenerManager.cpp:1177] nsEventListenerManager::HandleEvent [nsEventListenerManager.h:155] nsEventTargetChainItem::HandleEvent [nsEventDispatcher.cpp:216] nsEventTargetChainItem::HandleEventTargetChain [nsEventDispatcher.cpp:346] nsEventDispatcher::Dispatch [nsEventDispatcher.cpp:672] DocumentViewerImpl::LoadComplete [nsDocumentViewer.cpp:1067] nsDocShell::EndPageLoad [nsDocShell.cpp:6155] nsDocShell::OnStateChange [nsDocShell.cpp:5989] nsDocLoader::FireOnStateChange [nsDocLoader.cpp:1339] nsDocLoader::doStopDocumentLoad [nsDocLoader.cpp:958] nsDocLoader::DocLoaderIsEmpty [nsDocLoader.cpp:825] nsDocLoader::ChildDoneWithOnload [nsDocLoader.h:205] nsDocLoader::DocLoaderIsEmpty [nsDocLoader.cpp:813] nsDocLoader::OnStopRequest [nsDocLoader.cpp:710] nsLoadGroup::RemoveRequest [nsLoadGroup.cpp:734] nsDocument::DoUnblockOnload [nsDocument.cpp:7213] nsDocument::UnblockOnload [nsDocument.cpp:7157] nsDocument::DispatchContentLoadedEvents [nsDocument.cpp:4141] nsRunnableMethodImpl<void (nsDocument::*)(), true>::Run [nsThreadUtils.h:342] nsThread::ProcessNextEvent [nsThread.cpp:617] NS_ProcessNextEvent_P [nsThreadUtils.cpp:245] mozilla::ipc::MessagePump::Run [MessagePump.cpp:110] MessageLoop::RunInternal [message_loop.cc:219] MessageLoop::RunHandler [message_loop.cc:203] MessageLoop::Run [message_loop.cc:175] nsBaseAppShell::Run [nsBaseAppShell.cpp:191] nsAppStartup::Run [nsAppStartup.cpp:224] XRE_main [nsAppRunner.cpp:3571] do_main [nsBrowserApp.cpp:198] main [nsBrowserApp.cpp:281] libc.so.6 + 0x16bb6 ###!!! ASSERTION: Principal mismatch. Not good: 'strcmp(jsClass->name, "Location") == 0 ? NS_SUCCEEDED(CheckSameOriginPrincipal(result, principal)) : result == principal', file ../../../caps/src/nsScriptSecurityManager.cpp, line 2504 nsScriptSecurityManager::doGetObjectPrincipal [nsScriptSecurityManager.cpp:2508] nsScriptSecurityManager::CheckPropertyAccessImpl [nsScriptSecurityManager.cpp:788] nsScriptSecurityManager::CanAccess [nsScriptSecurityManager.cpp:3172] XPCWrappedNative::CallMethod [xpcwrappednative.cpp:2326] XPCWrappedNative::GetAttribute [xpcprivate.h:2591] XPC_WN_GetterSetter [xpcwrappednativejsops.cpp:1642] js::CallJSNative [jscntxtinlines.h:281] js::Invoke [jsinterp.cpp:656] js::Invoke [jsinterp.h:169] js::ExternalInvoke [jsinterp.cpp:805] js::ExternalGetOrSet [jsinterp.cpp:846] js::Shape::get [jsscopeinlines.h:270] js_NativeGetInline [jsobj.cpp:5151] js_GetPropertyHelperWithShapeInline [jsobj.cpp:5333] js_GetPropertyHelperInline [jsobj.cpp:5354] js_GetPropertyHelper [jsobj.cpp:5361] js::Interpret [jsinterp.cpp:3583] js::RunScript [jsinterp.cpp:614] js::Invoke [jsinterp.cpp:686] js::Invoke [jsinterp.h:169] js_fun_apply [jsfun.cpp:1905] js::CallJSNative [jscntxtinlines.h:281] js::Invoke [jsinterp.cpp:656] js::Interpret [jsinterp.cpp:4076] js::RunScript [jsinterp.cpp:614] js::Invoke [jsinterp.cpp:686] js::Invoke [jsinterp.h:169] js::ExternalInvoke [jsinterp.cpp:805] JS_CallFunctionValue [jsapi.cpp:5064] nsJSContext::CallEventHandler [nsJSEnvironment.cpp:1906] nsJSEventListener::HandleEvent [nsJSEventListener.cpp:224] nsEventListenerManager::HandleEventSubType [nsEventListenerManager.cpp:1080] nsEventListenerManager::HandleEventInternal [nsEventListenerManager.cpp:1177] nsEventListenerManager::HandleEvent [nsEventListenerManager.h:155] nsEventTargetChainItem::HandleEvent [nsEventDispatcher.cpp:216] nsEventTargetChainItem::HandleEventTargetChain [nsEventDispatcher.cpp:346] nsEventDispatcher::Dispatch [nsEventDispatcher.cpp:672] DocumentViewerImpl::LoadComplete [nsDocumentViewer.cpp:1067] nsDocShell::EndPageLoad [nsDocShell.cpp:6155] nsDocShell::OnStateChange [nsDocShell.cpp:5989] nsDocLoader::FireOnStateChange [nsDocLoader.cpp:1339] nsDocLoader::doStopDocumentLoad [nsDocLoader.cpp:958] nsDocLoader::DocLoaderIsEmpty [nsDocLoader.cpp:825] nsDocLoader::ChildDoneWithOnload [nsDocLoader.h:205] nsDocLoader::DocLoaderIsEmpty [nsDocLoader.cpp:813] nsDocLoader::OnStopRequest [nsDocLoader.cpp:710] nsLoadGroup::RemoveRequest [nsLoadGroup.cpp:734] nsDocument::DoUnblockOnload [nsDocument.cpp:7213] nsDocument::UnblockOnload [nsDocument.cpp:7157] nsDocument::DispatchContentLoadedEvents [nsDocument.cpp:4141] nsRunnableMethodImpl<void (nsDocument::*)(), true>::Run [nsThreadUtils.h:342] nsThread::ProcessNextEvent [nsThread.cpp:617] NS_ProcessNextEvent_P [nsThreadUtils.cpp:245] mozilla::ipc::MessagePump::Run [MessagePump.cpp:110] MessageLoop::RunInternal [message_loop.cc:219] MessageLoop::RunHandler [message_loop.cc:203] MessageLoop::Run [message_loop.cc:175] nsBaseAppShell::Run [nsBaseAppShell.cpp:191] nsAppStartup::Run [nsAppStartup.cpp:224] XRE_main [nsAppRunner.cpp:3571] do_main [nsBrowserApp.cpp:198] main [nsBrowserApp.cpp:281] libc.so.6 + 0x16bb6 This appears to have regressed between Gecko 2 and Gecko 5.
So what happens here is that system-principal code (SpecialPowers to be exact) does an XHR. This stamps the null principal, not the caller principal, on the XHR document. But the actual JS objects are created with the page's principal (not the system one from SpecialPowers; dunno what the wrapper situation is there). So now the principal reported by the XHR doc in its capacity as an nsIScriptObjectPrincipal is a null principal, while the principal hanging off the JS object is http://mochi.test:8888/tests/content/base/test/test_bug431701.html Blake, is this all a-ok somehow? If so, can we figure out how to adjust the assert accordingly?
What are the STR here? I don't seem to be able to reproduce this.
They were "run the test, see the assertion". It's been 14 months, so the test may have changed, the code may have changed ...
Well, this code mostly went away when we started pulling principals off the compartment. But we still call into the old code to double-check: http://mxr.mozilla.org/mozilla-central/source/caps/src/nsScriptSecurityManager.cpp?rev=b03eca299005#2340 So I'm not sure exactly what changed here, but I'd think it's not a super high priority. It's about time to rip out the old codepath anyhow.
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.