Closed
Bug 884099
Opened 11 years ago
Closed 11 years ago
[MMS] Compartment mismatch during sending MMS
Categories
(Core :: DOM: Device Interfaces, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox24 | --- | unaffected |
b2g18 | --- | fixed |
b2g18-v1.0.0 | --- | wontfix |
b2g18-v1.0.1 | --- | wontfix |
b2g-v1.1hd | --- | fixed |
People
(Reporter: gwagner, Assigned: gwagner)
Details
Attachments
(1 file, 1 obsolete file)
938 bytes,
patch
|
bent.mozilla
:
review+
|
Details | Diff | Splinter Review |
On b2g18 when sending a wallpaper as mms: *** Compartment mismatch 0x42418800 vs. 0x44a11800 Program received signal SIGSEGV, Segmentation fault. 0x413ff154 in js::CompartmentChecker::fail (this=<value optimized out>, c=<value optimized out>) at /Volumes/mac/moz/b2g18/js/src/jscntxtinlines.h:204 204 JS_NOT_REACHED("compartment mismatched"); (gdb) bt #0 0x413ff154 in js::CompartmentChecker::fail (this=<value optimized out>, c=<value optimized out>) at /Volumes/mac/moz/b2g18/js/src/jscntxtinlines.h:204 #1 js::CompartmentChecker::check (this=<value optimized out>, c=<value optimized out>) at /Volumes/mac/moz/b2g18/js/src/jscntxtinlines.h:220 #2 0x41407fa8 in js::CompartmentChecker::check (cx=0x42582290, objArg=<value optimized out>, lengthp=0xbebaf01c) at /Volumes/mac/moz/b2g18/js/src/jscntxtinlines.h:226 #3 assertSameCompartment<js::RootedObject> (cx=0x42582290, objArg=<value optimized out>, lengthp=0xbebaf01c) at /Volumes/mac/moz/b2g18/js/src/jscntxtinlines.h:302 #4 JS_GetArrayLength (cx=0x42582290, objArg=<value optimized out>, lengthp=0xbebaf01c) at /Volumes/mac/moz/b2g18/js/src/jsapi.cpp:4750 #5 0x40a137de in GetSendMmsMessageRequestFromParams (aParam=..., request=...) at /Volumes/mac/moz/b2g18/dom/mobilemessage/src/ipc/SmsIPCService.cpp:190 #6 0x40a13bac in mozilla::dom::mobilemessage::SmsIPCService::Send ( this=<value optimized out>, aParameters=..., aRequest=0x447de520) at /Volumes/mac/moz/b2g18/dom/mobilemessage/src/ipc/SmsIPCService.cpp:257 #7 0x40a11b82 in mozilla::dom::MobileMessageManager::SendMMS ( this=<value optimized out>, aParams=..., aRequest=0xbebaf438) at /Volumes/mac/moz/b2g18/dom/mobilemessage/src/MobileMessageManager.cpp:206 ---Type <return> to continue, or q <return> to quit--- #8 0x411aab36 in NS_InvokeByIndex_P (that=0x44757900, methodIndex=19, paramCount=<value optimized out>, params=<value optimized out>) at /Volumes/mac/moz/b2g18/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_arm.cpp:160 #9 0x40cfd25c in CallMethodHelper::Invoke (this=0xbebaf400) at /Volumes/mac/moz/b2g18/js/xpconnect/src/XPCWrappedNative.cpp:3084 #10 CallMethodHelper::Call (this=0xbebaf400) at /Volumes/mac/moz/b2g18/js/xpconnect/src/XPCWrappedNative.cpp:2418 #11 0x40cfe4b8 in XPCWrappedNative::CallMethod (ccx=..., mode=<value optimized out>) at /Volumes/mac/moz/b2g18/js/xpconnect/src/XPCWrappedNative.cpp:2384 #12 0x40d05696 in XPC_WN_CallMethod (cx=0x42582a70, argc=1, vp=<value optimized out>) at /Volumes/mac/moz/b2g18/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1469 #13 0x414b8710 in js::CallJSNative (cx=0x42582a70, native=0x40d055e1 <XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*)>, args=...) at /Volumes/mac/moz/b2g18/js/src/jscntxtinlines.h:364 #14 0x414cc960 in js::InvokeKernel (cx=0x42582a70, args=..., construct=js::NO_CONSTRUCT) at /Volumes/mac/moz/b2g18/js/src/jsinterp.cpp:367 #15 0x414c5cca in js::Interpret (cx=0x42582a70, entryFrame=<value optimized out>, interpMode=<value optimized out>) at /Volumes/mac/moz/b2g18/js/src/jsinterp.cpp:2475
Assignee | ||
Updated•11 years ago
|
status-b2g18:
--- → affected
Assignee | ||
Comment 1•11 years ago
|
||
Assignee: nobody → anygregor
Assignee | ||
Updated•11 years ago
|
Attachment #763874 -
Flags: review?(vyang)
Attachment #763874 -
Flags: review?(mrbkap)
Comment 2•11 years ago
|
||
Comment on attachment 763874 [details] [diff] [review] patch Review of attachment 763874 [details] [diff] [review]: ----------------------------------------------------------------- I think I still have no enough knowledge to review this. Sorry.
Attachment #763874 -
Flags: review?(vyang)
Comment on attachment 763874 [details] [diff] [review] patch Review of attachment 763874 [details] [diff] [review]: ----------------------------------------------------------------- Stealing. r=me with this fixed: ::: dom/mobilemessage/src/ipc/SmsIPCService.cpp @@ +174,5 @@ > if (aParam.isUndefined() || aParam.isNull() || !aParam.isObject()) { > return false; > } > > + JSContext* cx = nsContentUtils::GetCurrentJSContext(); There's AutoJSContext now.
Attachment #763874 -
Flags: review?(mrbkap) → review+
Assignee | ||
Comment 4•11 years ago
|
||
(In reply to ben turner [:bent] from comment #3) > Comment on attachment 763874 [details] [diff] [review] > patch > > Review of attachment 763874 [details] [diff] [review]: > ----------------------------------------------------------------- > > Stealing. > > r=me with this fixed: > > ::: dom/mobilemessage/src/ipc/SmsIPCService.cpp > @@ +174,5 @@ > > if (aParam.isUndefined() || aParam.isNull() || !aParam.isObject()) { > > return false; > > } > > > > + JSContext* cx = nsContentUtils::GetCurrentJSContext(); > > There's AutoJSContext now. There is no AutoJSContext on b2g18 and that's b2g18 only.
Assignee | ||
Updated•11 years ago
|
blocking-b2g: --- → leo?
Assignee | ||
Comment 5•11 years ago
|
||
> > }
> >
> > + JSContext* cx = nsContentUtils::GetCurrentJSContext();
>
> There's AutoJSContext now.
bholley, does GetCurrentJSContext return null if there is no current one? Do I have to check for this case and get the safe one or is there a better way on b2g18.
Flags: needinfo?(bobbyholley+bmo)
Comment 6•11 years ago
|
||
(In reply to Gregor Wagner [:gwagner] from comment #5) > > > } > > > > > > + JSContext* cx = nsContentUtils::GetCurrentJSContext(); > > > > There's AutoJSContext now. > > bholley, does GetCurrentJSContext return null if there is no current one? Do > I have to check for this case and get the safe one or is there a better way > on b2g18. GetCurrentJSContext will return null if the stack-top cx is null. This happens when there's no script on the stack, or a caller up the call tree wants to say "caller is C++". If that's a possibility, and you need a cx, you should null-check and then fall back on nsContentUtils::GetSafeJSContext().
Flags: needinfo?(bobbyholley+bmo)
Assignee | ||
Comment 7•11 years ago
|
||
Attachment #763874 -
Attachment is obsolete: true
Assignee | ||
Updated•11 years ago
|
Attachment #764472 -
Flags: review?(bent.mozilla)
Comment on attachment 764472 [details] [diff] [review] patch Review of attachment 764472 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/mobilemessage/src/ipc/SmsIPCService.cpp @@ +176,5 @@ > } > > + JSContext* cx = nsContentUtils::GetCurrentJSContext(); > + if (!cx) { > + cx = nsContentUtils::GetSafeJSContext(); You might as well assert cx here.
Attachment #764472 -
Flags: review?(bent.mozilla) → review+
Comment 9•11 years ago
|
||
Gregor, could you describe the user impact of this bug? It is not clear to the triagers.
Flags: needinfo?(anygregor)
Assignee | ||
Comment 10•11 years ago
|
||
(In reply to Peter Dolanjski [:pdol] from comment #9) > Gregor, could you describe the user impact of this bug? It is not clear to > the triagers. Can lead to gc hazards and crashes.
Flags: needinfo?(anygregor)
Comment 11•11 years ago
|
||
Triage- partner agrees to take this based on comment 10
blocking-b2g: leo? → leo+
Assignee | ||
Comment 12•11 years ago
|
||
https://hg.mozilla.org/releases/mozilla-b2g18/rev/5df2cf873861
Assignee | ||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Comment 13•11 years ago
|
||
https://hg.mozilla.org/releases/mozilla-b2g18_v1_1_0_hd/rev/5df2cf873861 I'm assuming this didn't affect trunk then.
status-b2g18-v1.0.0:
--- → wontfix
status-b2g18-v1.0.1:
--- → wontfix
status-b2g-v1.1hd:
--- → fixed
status-firefox24:
--- → unaffected
Target Milestone: --- → 1.1 QE3 (24jun)
You need to log in
before you can comment on or make changes to this bug.
Description
•