Closed Bug 851418 Opened 7 years ago Closed 7 years ago

"Assertion failure: XPCJSRuntime::Get()->GetJSContextStack()->Peek() == cx"

Categories

(Core :: XPConnect, defect, critical)

x86_64
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla22
Tracking Status
firefox22 --- fixed
firefox35 --- fixed
firefox-esr17 --- wontfix
b2g18 --- wontfix

People

(Reporter: jruderman, Assigned: bholley)

References

(Blocks 2 open bugs)

Details

(Keywords: assertion, sec-moderate, testcase, Whiteboard: [adv-main22+][adv-main35-])

Attachments

(4 files)

Assertion failure: XPCJSRuntime::Get()->GetJSContextStack()->Peek() == cx, at js/xpconnect/wrappers/WrapperFactory.cpp:346

bholley added this assertion in one of the patches in bug 834732,
http://hg.mozilla.org/mozilla-central/rev/a38bbae7a53b
Attached file stack (gdb)
Attachment #725652 - Flags: review+
Flags: in-testsuite?
Sec high?
Keywords: sec-high
Given that bug 834732 has been marked sec-moderate, any bugs such as this one must be sec-moderate as well.
Keywords: sec-highsec-moderate
Comment on attachment 725651 [details] [diff] [review]
Unscope the pusher in CompileEventHandlerInternal. v1

I don't actually know what are the new requirements for nsCxPusher and 
JSAutoRequest usage. Also, I don't know why you're changing the cx you give as a
parameter to JSAutoRequest.
Attachment #725651 - Flags: review?(bugs) → review?(mrbkap)
Comment on attachment 725651 [details] [diff] [review]
Unscope the pusher in CompileEventHandlerInternal. v1

It's a little weird to see us entering a request without entering a compartment, but given the lack of compartment mismatches, I'm assuming it's all right.

Olli, the patch here doesn't actually change which context we're passing anywhere, cx is set to context->GetNativeContext(); bholley just made it more explicit that we were passing the right context.
Attachment #725651 - Flags: review?(mrbkap) → review+
https://hg.mozilla.org/mozilla-central/rev/a1f3efbbe97a
Assignee: nobody → bobbyholley+bmo
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla22
Whiteboard: [adv-main22+]
Group: core-security
Whiteboard: [adv-main22+] → [adv-main22+][adv-main35-]
You need to log in before you can comment on or make changes to this bug.