content/base/test/test_bug431701.html hits ###!!! ASSERTION: Principal mismatch. Expect bad things to happen: '!objPrin || objPrin->GetPrincipal() == principal', file ../../../../../js/src/xpconnect/src/xpcwrappednative.cpp, line 3157

NEW
Unassigned

Status

()

Core
XPConnect
7 years ago
6 years ago

People

(Reporter: khuey, Unassigned)

Tracking

({regression})

Firefox Tracking Flags

(Not tracked)

Details

bz says this is related to using a system XHR:

###!!! ASSERTION: Principal mismatch.  Expect bad things to happen: '!objPrin || objPrin->GetPrincipal() == principal', file ../../../../../js/src/xpconnect/src/xpcwrappednative.cpp, line 3157
XPCWrappedNative::GetObjectPrincipal [xpcwrappednative.cpp:3159]
nsXPConnect::GetPrincipal [nsXPConnect.cpp:2687]
nsScriptSecurityManager::doGetObjectPrincipal [nsScriptSecurityManager.cpp:2455]
nsScriptSecurityManager::CheckPropertyAccessImpl [nsScriptSecurityManager.cpp:788]
nsScriptSecurityManager::CanAccess [nsScriptSecurityManager.cpp:3172]
XPCWrappedNative::CallMethod [xpcwrappednative.cpp:2326]
XPCWrappedNative::GetAttribute [xpcprivate.h:2591]
XPC_WN_GetterSetter [xpcwrappednativejsops.cpp:1642]
js::CallJSNative [jscntxtinlines.h:281]
js::Invoke [jsinterp.cpp:656]
js::Invoke [jsinterp.h:169]
js::ExternalInvoke [jsinterp.cpp:805]
js::ExternalGetOrSet [jsinterp.cpp:846]
js::Shape::get [jsscopeinlines.h:270]
js_NativeGetInline [jsobj.cpp:5151]
js_GetPropertyHelperWithShapeInline [jsobj.cpp:5333]
js_GetPropertyHelperInline [jsobj.cpp:5354]
js_GetPropertyHelper [jsobj.cpp:5361]
js::Interpret [jsinterp.cpp:3583]
js::RunScript [jsinterp.cpp:614]
js::Invoke [jsinterp.cpp:686]
js::Invoke [jsinterp.h:169]
js_fun_apply [jsfun.cpp:1905]
js::CallJSNative [jscntxtinlines.h:281]
js::Invoke [jsinterp.cpp:656]
js::Interpret [jsinterp.cpp:4076]
js::RunScript [jsinterp.cpp:614]
js::Invoke [jsinterp.cpp:686]
js::Invoke [jsinterp.h:169]
js::ExternalInvoke [jsinterp.cpp:805]
JS_CallFunctionValue [jsapi.cpp:5064]
nsJSContext::CallEventHandler [nsJSEnvironment.cpp:1906]
nsJSEventListener::HandleEvent [nsJSEventListener.cpp:224]
nsEventListenerManager::HandleEventSubType [nsEventListenerManager.cpp:1080]
nsEventListenerManager::HandleEventInternal [nsEventListenerManager.cpp:1177]
nsEventListenerManager::HandleEvent [nsEventListenerManager.h:155]
nsEventTargetChainItem::HandleEvent [nsEventDispatcher.cpp:216]
nsEventTargetChainItem::HandleEventTargetChain [nsEventDispatcher.cpp:346]
nsEventDispatcher::Dispatch [nsEventDispatcher.cpp:672]
DocumentViewerImpl::LoadComplete [nsDocumentViewer.cpp:1067]
nsDocShell::EndPageLoad [nsDocShell.cpp:6155]
nsDocShell::OnStateChange [nsDocShell.cpp:5989]
nsDocLoader::FireOnStateChange [nsDocLoader.cpp:1339]
nsDocLoader::doStopDocumentLoad [nsDocLoader.cpp:958]
nsDocLoader::DocLoaderIsEmpty [nsDocLoader.cpp:825]
nsDocLoader::ChildDoneWithOnload [nsDocLoader.h:205]
nsDocLoader::DocLoaderIsEmpty [nsDocLoader.cpp:813]
nsDocLoader::OnStopRequest [nsDocLoader.cpp:710]
nsLoadGroup::RemoveRequest [nsLoadGroup.cpp:734]
nsDocument::DoUnblockOnload [nsDocument.cpp:7213]
nsDocument::UnblockOnload [nsDocument.cpp:7157]
nsDocument::DispatchContentLoadedEvents [nsDocument.cpp:4141]
nsRunnableMethodImpl<void (nsDocument::*)(), true>::Run [nsThreadUtils.h:342]
nsThread::ProcessNextEvent [nsThread.cpp:617]
NS_ProcessNextEvent_P [nsThreadUtils.cpp:245]
mozilla::ipc::MessagePump::Run [MessagePump.cpp:110]
MessageLoop::RunInternal [message_loop.cc:219]
MessageLoop::RunHandler [message_loop.cc:203]
MessageLoop::Run [message_loop.cc:175]
nsBaseAppShell::Run [nsBaseAppShell.cpp:191]
nsAppStartup::Run [nsAppStartup.cpp:224]
XRE_main [nsAppRunner.cpp:3571]
do_main [nsBrowserApp.cpp:198]
main [nsBrowserApp.cpp:281]
libc.so.6 + 0x16bb6
###!!! ASSERTION: Principal mismatch.  Not good: 'strcmp(jsClass->name, "Location") == 0 ? NS_SUCCEEDED(CheckSameOriginPrincipal(result, principal)) : result == principal', file ../../../caps/src/nsScriptSecurityManager.cpp, line 2504
nsScriptSecurityManager::doGetObjectPrincipal [nsScriptSecurityManager.cpp:2508]
nsScriptSecurityManager::CheckPropertyAccessImpl [nsScriptSecurityManager.cpp:788]
nsScriptSecurityManager::CanAccess [nsScriptSecurityManager.cpp:3172]
XPCWrappedNative::CallMethod [xpcwrappednative.cpp:2326]
XPCWrappedNative::GetAttribute [xpcprivate.h:2591]
XPC_WN_GetterSetter [xpcwrappednativejsops.cpp:1642]
js::CallJSNative [jscntxtinlines.h:281]
js::Invoke [jsinterp.cpp:656]
js::Invoke [jsinterp.h:169]
js::ExternalInvoke [jsinterp.cpp:805]
js::ExternalGetOrSet [jsinterp.cpp:846]
js::Shape::get [jsscopeinlines.h:270]
js_NativeGetInline [jsobj.cpp:5151]
js_GetPropertyHelperWithShapeInline [jsobj.cpp:5333]
js_GetPropertyHelperInline [jsobj.cpp:5354]
js_GetPropertyHelper [jsobj.cpp:5361]
js::Interpret [jsinterp.cpp:3583]
js::RunScript [jsinterp.cpp:614]
js::Invoke [jsinterp.cpp:686]
js::Invoke [jsinterp.h:169]
js_fun_apply [jsfun.cpp:1905]
js::CallJSNative [jscntxtinlines.h:281]
js::Invoke [jsinterp.cpp:656]
js::Interpret [jsinterp.cpp:4076]
js::RunScript [jsinterp.cpp:614]
js::Invoke [jsinterp.cpp:686]
js::Invoke [jsinterp.h:169]
js::ExternalInvoke [jsinterp.cpp:805]
JS_CallFunctionValue [jsapi.cpp:5064]
nsJSContext::CallEventHandler [nsJSEnvironment.cpp:1906]
nsJSEventListener::HandleEvent [nsJSEventListener.cpp:224]
nsEventListenerManager::HandleEventSubType [nsEventListenerManager.cpp:1080]
nsEventListenerManager::HandleEventInternal [nsEventListenerManager.cpp:1177]
nsEventListenerManager::HandleEvent [nsEventListenerManager.h:155]
nsEventTargetChainItem::HandleEvent [nsEventDispatcher.cpp:216]
nsEventTargetChainItem::HandleEventTargetChain [nsEventDispatcher.cpp:346]
nsEventDispatcher::Dispatch [nsEventDispatcher.cpp:672]
DocumentViewerImpl::LoadComplete [nsDocumentViewer.cpp:1067]
nsDocShell::EndPageLoad [nsDocShell.cpp:6155]
nsDocShell::OnStateChange [nsDocShell.cpp:5989]
nsDocLoader::FireOnStateChange [nsDocLoader.cpp:1339]
nsDocLoader::doStopDocumentLoad [nsDocLoader.cpp:958]
nsDocLoader::DocLoaderIsEmpty [nsDocLoader.cpp:825]
nsDocLoader::ChildDoneWithOnload [nsDocLoader.h:205]
nsDocLoader::DocLoaderIsEmpty [nsDocLoader.cpp:813]
nsDocLoader::OnStopRequest [nsDocLoader.cpp:710]
nsLoadGroup::RemoveRequest [nsLoadGroup.cpp:734]
nsDocument::DoUnblockOnload [nsDocument.cpp:7213]
nsDocument::UnblockOnload [nsDocument.cpp:7157]
nsDocument::DispatchContentLoadedEvents [nsDocument.cpp:4141]
nsRunnableMethodImpl<void (nsDocument::*)(), true>::Run [nsThreadUtils.h:342]
nsThread::ProcessNextEvent [nsThread.cpp:617]
NS_ProcessNextEvent_P [nsThreadUtils.cpp:245]
mozilla::ipc::MessagePump::Run [MessagePump.cpp:110]
MessageLoop::RunInternal [message_loop.cc:219]
MessageLoop::RunHandler [message_loop.cc:203]
MessageLoop::Run [message_loop.cc:175]
nsBaseAppShell::Run [nsBaseAppShell.cpp:191]
nsAppStartup::Run [nsAppStartup.cpp:224]
XRE_main [nsAppRunner.cpp:3571]
do_main [nsBrowserApp.cpp:198]
main [nsBrowserApp.cpp:281]
libc.so.6 + 0x16bb6

This appears to have regressed between Gecko 2 and Gecko 5.
So what happens here is that system-principal code (SpecialPowers to be exact) does an XHR.  This stamps the null principal, not the caller principal, on the XHR document.  But the actual JS objects are created with the page's principal (not the system one from SpecialPowers; dunno what the wrapper situation is there).

So now the principal reported by the XHR doc in its capacity as an nsIScriptObjectPrincipal is a null principal, while the principal hanging off the JS object is http://mochi.test:8888/tests/content/base/test/test_bug431701.html

Blake, is this all a-ok somehow?  If so, can we figure out how to adjust the assert accordingly?
What are the STR here? I don't seem to be able to reproduce this.
They were "run the test, see the assertion".  It's been 14 months, so the test may have changed, the code may have changed ...
Well, this code mostly went away when we started pulling principals off the compartment. But we still call into the old code to double-check:

http://mxr.mozilla.org/mozilla-central/source/caps/src/nsScriptSecurityManager.cpp?rev=b03eca299005#2340

So I'm not sure exactly what changed here, but I'd think it's not a super high priority. It's about time to rip out the old codepath anyhow.
You need to log in before you can comment on or make changes to this bug.