XHR in worker to bogus URI leads to Assertion failure: foundIndex != size_t(-1), at c:/dev/mozilla-central/dom/workers/Exceptions.cpp:259

RESOLVED FIXED in Firefox 9

Status

()

Product:
Core
Component:
DOM
RESOLVED FIXED
Reported:
6 years ago
Modified:
6 years ago

People

(Reporter: khuey, Assigned: Ben Turner (not reading bugmail, use the needinfo flag!))

Tracking

({regression})

Version:
unspecified
Target:
mozilla10
Keywords:
regression
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox7 unaffected, firefox8+ affected, firefox9+ fixed, firefox10 fixed)

Details

(Whiteboard: [inbound][qa-])

Attachments

(1 attachment)

Patch, v1
2.01 KB, patch
sicking
: review+
christian
: approval-mozilla-aurora+
christian
: approval-mozilla-beta-
Details | Diff | Splinter Review
(Reporter)

Description

6 years ago 
Page:

<!DOCTYPE HTML>
<html>
<body>
<script type="text/javascript">

var worker = new Worker("boom.js");
worker.postMessage("abcd");

</script>
</body>
</html>

Worker:

var xhr = new XMLHttpRequest();

onmessage = function(event) {
  xhr.open("POST", event.data);
  xhr.send(null);
}

Result (when run locally):
Assertion failure: foundIndex != size_t(-1), at c:/dev/mozilla-central/dom/worke
rs/Exceptions.cpp:259

On an opt build we print an exception to the error console that has random garbage for text.

Note that I can only reproduce this with a local testcase.
Blocks: 687221

Updated

6 years ago
tracking-firefox8: ? → +
tracking-firefox9: ? → +
 (Assignee)

Comment 1

6 years ago 
Created attachment 572054 [details] [diff] [review]
Patch, v1

We need to safeguard against unknown error codes.
Assignee: nobody → bent.mozilla
Status: NEW → ASSIGNED
Attachment #572054 - Flags: review?(jonas)
Attachment #572054 - Flags: review?(jonas) → review+
 (Assignee)

Comment 2

6 years ago 
https://hg.mozilla.org/integration/mozilla-inbound/rev/6b3cde4cec7f
Whiteboard: [inbound]
status-firefox10: --- → fixed
 (Assignee)

Comment 3

6 years ago 
Comment on attachment 572054 [details] [diff] [review]
Patch, v1

I'd love to get this into the branches before we merge, it's a tiny fix that avoids a JS_ASSERT and a (harmless) undefined memory access.
Attachment #572054 - Flags: approval-mozilla-beta?
Attachment #572054 - Flags: approval-mozilla-aurora?

Comment 4

6 years ago 
https://hg.mozilla.org/mozilla-central/rev/6b3cde4cec7f
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla10

Comment 5

6 years ago 
Comment on attachment 572054 [details] [diff] [review]
Patch, v1

[triage comment]
We're wiling to take this on aurora as the risk looks low (even if the reward is low). Please land today. It's too late for beta.
Attachment #572054 - Flags: approval-mozilla-beta?
Attachment #572054 - Flags: approval-mozilla-beta-
Attachment #572054 - Flags: approval-mozilla-aurora?
Attachment #572054 - Flags: approval-mozilla-aurora+
 (Assignee)

Comment 6

6 years ago 
https://hg.mozilla.org/releases/mozilla-aurora/rev/66f33a0dc393
status-firefox9: affected → fixed

Comment 7

6 years ago 
Is there something QA can do to verify this fix?
Whiteboard: [inbound] → [inbound][qa?]
 (Reporter)

Comment 8

6 years ago 
You can verify that

(In reply to Kyle Huey [:khuey] (khuey@mozilla.com) from comment #0)
> On an opt build we print an exception to the error console that has random
> garbage for text.

does not happen.

Comment 9

6 years ago 
qa- for someone who is already set up to test this bug to verify the fix.
Whiteboard: [inbound][qa?] → [inbound][qa-]
You need to log in before you can comment on or make changes to this bug.