Closed Bug 754156 Opened 8 years ago Closed 7 years ago
"Assertion failure: principals == JS
_Get Compartment Principals((js::Get Context Compartment(cx)))" with view-source, push State
1. Save imgTag.html and c.html in the same directory. 2. Set security.fileuri.strict_origin_policy to false. 3. Load c.html 4. Push the big red button. Result: Assertion failure: principals == JS_GetCompartmentPrincipals((js::GetContextCompartment(cx))), at caps/src/nsScriptSecurityManager.cpp:208 This is a regression from cpg (ac00c792933e is ok, 400c2b30015d asserts).
I'm not too worried about this. It looks like the compartment principal here doesn't match the result of doGetObjectPrincipal. Probably some edge case with view-source, which tends not to be a problem in practice. Unless the real issue here is that the compartment principal is incorrect, this will just go away when we rip out this code in bug 754202.
Just a note that i ran into this same assertion when opening the web console to try and debug some tests i was adding to iframe sandbox - see bug 341604 comment 144 and comment 149 for more details.
(In reply to Ian Melven :imelven from comment #4) > Just a note that i ran into this same assertion when opening the web console > to try and debug some tests i was adding to iframe sandbox - see bug 341604 > comment 144 and comment 149 for more details. also in this case, there's a crash with a null pointer deref after the assertion.
What about other nested URI types, like jar: ?
This is reproducible on Aurora/15, Nighltly/16 but not Beta/14? on OSX with http://lcamtuf.coredump.cx/cross_fuzz/cross_fuzz_msie_randomized_seed.html#-2043396143 http://lcamtuf.coredump.cx/cross_fuzz/cross_fuzz_msie_randomized_seed.html#-1281939812
I'm guessing that this will be fixed by bug 764389.
(In reply to Bobby Holley (:bholley) from comment #8) > I'm guessing that this will be fixed by bug 764389. I can not reproduce the assertion with the urls in comment 7 on this morning's debug Nightly/16 but still can with Aurora/15 so at least as far as cross_fuzz is concerned it does look like this was fixed.
Can somebody check this on 15? Bobby landed 764389 since comment 9. It would probably also be good to check Jesse's original test case.
(In reply to Bobby Holley (:bholley) from comment #8) > I'm guessing that this will be fixed by bug 764389. So is this bug fixed?
I'd think so. Jesse, can you confirm?
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.