Closed Bug 825401 Opened 12 years ago Closed 12 years ago

Abort when print-previewing bugzilla page in debug build w/ Ghostery add-on installed, with *** Compartment mismatch 0x2e7e8f0 vs. 0x3d39110 Assertion failure: compartment mismatched, at js/src/jscntxtinlines.h:268

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 817342

People

(Reporter: dholbert, Assigned: mccr8)

Details

(Keywords: assertion)

Same STR as bug 825380, but **using a debug build** (e.g. one of the mozilla-central-debug nightly builds from https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/ ): > 1. Install Ghostery from > https://addons.mozilla.org/en-us/firefox/addon/ghostery/ > (Restart Firefox to complete the install) > 2. Click "Skip wizard" on the ghostery config page > 3. Log in to https://www.bugzilla.mozilla.org/ > 4. Visit e.g. bug 700000 > 4. File | Print-preview > (on Linux or Windows; the Mac print-to-PDF preview probably doesn't > trigger this) ACTUAL RESULTS: Immediate abort on entering print preview, saying something like: *** Compartment mismatch 0x2e7e8f0 vs. 0x3d39110 Assertion failure: compartment mismatched, at /builds/slave/m-cen-lnx64-dbg/build/js/src/jscntxtinlines.h:268 This started long before bug 825380's regression range -- for this debug-build abort, I get a regression range of: GOOD: https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2012/05/2012-05-03-mozilla-central-debug/ BAD: https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2012/05/2012-05-04-mozilla-central-debug/ PUSHLOG: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=807403a04a6a&tochange=e1a40027dc7e ...which includes some compartment-related changes. (notably " Bug 650353 - Implement Compartment-Per-Global in XPConnect"... not sure if that's the cause, but seems like a good candidate)
Presumably still the same as bug 821842.
Depends on: 821842
Assignee: general → continuation
Yeah, I think this is the same, but it is nice to know that this is probably a regression from CPG.
Stack is different than 821842. Instead of having init class it looks like: 0 js::CompartmentChecker::fail(JSCompartment*, JSCompartment*) + 30 1 js::CompartmentChecker::check(JSObject*) + 83 2 JS_GetGlobalForObject(JSContext*, JSObject*) + 48 3 nsDocument::SetScriptGlobalObject(nsIScriptGlobalObject*) + 1106 (nsDocument.cpp:3872) 4 nsGlobalWindow::SetNewDocument(nsIDocument*, nsISupports*, bool) + 7837 (nsGlobalWindow.cpp:2073) 5 nsDocumentViewer::SetDocumentInternal(nsIDocument*, bool) + 500 (nsIDocument.h:1521) 6 nsDocumentViewer::SetDOMDocument(nsIDOMDocument*) + 119 (nsDocumentViewer.cpp:1734) 7 nsPrintObject::Init(nsIDocShell*, nsIDOMDocument*, bool) + 854 (nsPrintObject.cpp:94) 8 nsPrintEngine::DoCommonPrint(bool, nsIPrintSettings*, nsIWebProgressListener*, nsIDOMDocument*) + 1571 (nsPrintEngine.cpp:514) 9 nsPrintEngine::CommonPrint(bool, nsIPrintSettings*, nsIWebProgressListener*, nsIDOMDocument*) + 32 (nsPrintEngine.cpp:414) ...which is what the stack for the assert in bug 817342 looks like. I guess we could just be detecting the same problem at a different point.
This isn't fixed by my patch in bug 821842. I'm going to see what happens in a non-debug build with my patch to try to understand why we get such different behavior.
Looks like a dupe of 817342 to me. I was able to repro the crash, but with that bugs patch, I couldn't.
Status: NEW → RESOLVED
Closed: 12 years ago
No longer depends on: 821842
Resolution: --- → DUPLICATE
Group: core-security
You need to log in before you can comment on or make changes to this bug.