Beginning on October 25th, 2016, Persona will no longer be an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 758846 - "Assertion failure: p.found()" with gczeal and chrome-content interaction
: "Assertion failure: p.found()" with gczeal and chrome-content interaction
: assertion, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: x86_64 Mac OS X
: -- critical (vote)
: mozilla16
Assigned To: Bill McCloskey (:billm)
: Jason Orendorff [:jorendorff]
Depends on:
  Show dependency treegraph
Reported: 2012-05-25 18:44 PDT by Jesse Ruderman
Modified: 2012-06-19 01:18 PDT (History)
5 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

testcase (requires extension) (205 bytes, text/html)
2012-05-25 18:44 PDT, Jesse Ruderman
no flags Details
stack trace (17.75 KB, text/plain)
2012-05-25 18:45 PDT, Jesse Ruderman
no flags Details
fix (3.51 KB, patch)
2012-06-14 14:27 PDT, Bill McCloskey (:billm)
luke: review+
Details | Diff | Splinter Review

Description Jesse Ruderman 2012-05-25 18:44:56 PDT
Created attachment 627423 [details]
testcase (requires extension)

1. Install (version 2012-05-25 or higher)

2. Load the testcase.


Assertion failure: p.found(), at js/src/jsproxy.cpp:1474
Comment 1 Jesse Ruderman 2012-05-25 18:45:20 PDT
Created attachment 627425 [details]
stack trace
Comment 2 Bob Clary [:bc:] 2012-06-01 10:33:00 PDT
fwiw, I hit this on nightly winxp once at but it is not reproducible.
pseudo stack: proxy_TraceObject js::GCMarker::processMarkStackTop(js::SliceBudget&) js::GCMarker::drainMarkStack(js::SliceBudget&) NonIncrementalMark GCCycle
Comment 3 Bill McCloskey (:billm) 2012-06-14 14:27:55 PDT
Created attachment 633277 [details] [diff] [review]

The assertion is saying that every cross-compartment wrapper should be registered in the wrapper map. This invariant is temporarily violated when creating the wrapper. We can GC during the period when it's violated.

I don't think this is a problem. The object being wrapped should always be on the stack during the violation, so any GC at that time is guaranteed to scan the wrapped object. That's all we really care about, so I think we're safe.

This patch just keeps a count of how many invocations of JSCompartment::wrap are on the stack. If this number is non-zero, then we don't do the assertion.
Comment 4 Bill McCloskey (:billm) 2012-06-18 17:06:58 PDT

Also, this is not sensitive.
Comment 5 Ed Morley [:emorley] 2012-06-19 01:18:40 PDT

Note You need to log in before you can comment on or make changes to this bug.