Closed
Bug 813655
Opened 12 years ago
Closed 12 years ago
"ASSERTION: Clearing a preserved wrapper!" with missing plugin, document.write
Categories
(Core :: XPConnect, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 794158
People
(Reporter: jruderman, Assigned: smaug)
Details
(Keywords: assertion, testcase)
Attachments
(2 files)
###!!! ASSERTION: Clearing a preserved wrapper!: '!PreservingWrapper()', file dom/base/nsWrapperCache.h, line 99
Reporter | ||
Comment 1•12 years ago
|
||
Comment 2•12 years ago
|
||
Here's where it is crashing, in setting the wrapper wrapper:
1668 wrapper->mFlatJSObject = flat;
1669 if (cache)
1670 cache->SetWrapper(flat);
The plugin thing is weird. Is this related to something you've been touching recently John? Do you think this is a recent regression, Jesse, or are you fuzzing something new now? It doesn't look like a very complex test acse.
Comment 3•12 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #2)
> Here's where it is crashing, in setting the wrapper wrapper:
The SetWrapper call here isn't XPCWrappedNative::SetWrapper (which is what we call the 'wrapper wrapper'). This is on nsWrapperCache.
> 1668 wrapper->mFlatJSObject = flat;
> 1669 if (cache)
> 1670 cache->SetWrapper(flat);
I would have thought this would have to do with bug 794158, but that hasn't landed yet...
Comment 4•12 years ago
|
||
(In reply to Bobby Holley (:bholley) from comment #3)
> The SetWrapper call here isn't XPCWrappedNative::SetWrapper (which is what
> we call the 'wrapper wrapper'). This is on nsWrapperCache.
Oh, right, sorry!
> I would have thought this would have to do with bug 794158, but that hasn't
> landed yet...
I had the same thought. I also haven't landed my cross-compartment-pointer munging patch yet, which could also have some problems in this area.
Comment 5•12 years ago
|
||
This test case doesn't look to be attempting to spawn a plugin or do anything that would touch the wrapper, so I don't think this would be a regression from any recent plugin changes.
Assignee | ||
Comment 6•12 years ago
|
||
(In reply to Bobby Holley (:bholley) from comment #3)
> I would have thought this would have to do with bug 794158, but that hasn't
> landed yet...
Yes, based on the stack trace, that bug might fix this one too.
Comment 7•12 years ago
|
||
Olli, could you confirm that this is a dupe of that? If it isn't, feel free to reassign to me for further investigation.
Assignee: nobody → bugs
Assignee | ||
Comment 8•12 years ago
|
||
Just about to land bug 794158.
I guess I need to compile a tree before and after that.
Assignee | ||
Comment 9•12 years ago
|
||
I can see the assertion without the patch for bug 794158, but not with.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Comment 10•12 years ago
|
||
It would be good to get this test case landed whenever this bug gets opened up.
Flags: in-testsuite?
Resolution: WORKSFORME → DUPLICATE
Updated•9 years ago
|
Group: core-security
Updated•7 years ago
|
Flags: in-testsuite?
You need to log in
before you can comment on or make changes to this bug.
Description
•