Closed Bug 758577 Opened 12 years ago Closed 8 years ago

"ASSERTION: Failed to get script global and holder" with nearNativeStackLimit, window.open, iframe

Categories

(Core :: DOM: Navigation, defect)

Product:
Core
Component:
DOM: Navigation
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jruderman, Unassigned, NeedInfo)

References

Details

(4 keywords, Whiteboard: [fuzzblocker])

Attachments

(2 files, 1 obsolete file)

testcase (must be local) (fragile)
818 bytes, text/html
Details
stack traces
13.47 KB, text/plain
Details 
1. Save the testcase
2. Load it from a file: URL
3. Click the button.

###!!! ASSERTION: This is not supposed to fail!: 'Error', file js/xpconnect/src/nsXPConnect.cpp, line 958

###!!! ASSERTION: Failed to get script global and holder: 'NS_SUCCEEDED(rv) && newInnerWindow->mJSObject && holder', file dom/base/nsGlobalWindow.cpp, line 1829

4. Close the page.

###!!! ASSERTION: bad param: 'aScope', file js/xpconnect/src/nsXPConnect.cpp, line 1274

Crash in JSAutoEnterCompartment::enter



The testcase is about as fragile as it looks.  I can reproduce with https://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-central-macosx64-debug/1337940322/ but not with a local debug build.  If you want the testcase to not be fragile, please fix bug 735082 or write me a better nearNativeStackLimit gadget ;)
Attached file crash stack trace (obsolete) — 

    
    

    
  
This might be related to bug 714566.

    
    

    
  

      
      
      
      

        Attached file
          
        stack traces
      

    


  
By manually applying the patch in bug 758986 to a Tinderbox build, I was able to get stack traces for the assertions.

        Attachment #627188 -
        Attachment is obsolete: true

    
    

    
  
guessing sec-moderate simply due to fragility, but I really don't know how bad this assertion is.
Keywords: sec-moderate
Depends on: 735090

    
  
Whiteboard: [fuzzblocker]

    
    

    
  
Jesse, I believe that this should be fixed by bug 1053999. Can you confirm?
Flags: needinfo?(jruderman)

    
  
Group: core-security → dom-core-security

    
    

    
  
I'll just assume this is fixed, per comment 5. Feel free to reopen.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
Group: dom-core-security

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: