758577 - "ASSERTION: Failed to get script global and holder" with nearNativeStackLimit, window.open, iframe

Status: RESOLVED WORKSFORME

(Core :: DOM: Navigation, defect)

Description

[Jesse Ruderman]

Attachment: testcase (must be local) (fragile)

1. Save the testcase
2. Load it from a file: URL
3. Click the button.

###!!! ASSERTION: This is not supposed to fail!: 'Error', file js/xpconnect/src/nsXPConnect.cpp, line 958

###!!! ASSERTION: Failed to get script global and holder: 'NS_SUCCEEDED(rv) && newInnerWindow->mJSObject && holder', file dom/base/nsGlobalWindow.cpp, line 1829

4. Close the page.

###!!! ASSERTION: bad param: 'aScope', file js/xpconnect/src/nsXPConnect.cpp, line 1274

Crash in JSAutoEnterCompartment::enter



The testcase is about as fragile as it looks.  I can reproduce with https://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-central-macosx64-debug/1337940322/ but not with a local debug build.  If you want the testcase to not be fragile, please fix bug 735082 or write me a better nearNativeStackLimit gadget ;)

Comment 1

[Jesse Ruderman]

Attachment: crash stack trace

Comment 2

[Jesse Ruderman]

This might be related to bug 714566.

Comment 3

[Jesse Ruderman]

Attachment: stack traces

By manually applying the patch in bug 758986 to a Tinderbox build, I was able to get stack traces for the assertions.

Comment 4

[Daniel Veditz [:dveditz]]

guessing sec-moderate simply due to fragility, but I really don't know how bad this assertion is.

Comment 5

[Bobby Holley (:bholley)]

Jesse, I believe that this should be fixed by bug 1053999. Can you confirm?

Comment 6

[Andrew McCreight [:mccr8]]

I'll just assume this is fixed, per comment 5. Feel free to reopen.