Closed
Bug 884099
Opened 11 years ago
Closed 11 years ago
[MMS] Compartment mismatch during sending MMS
Categories
(Core :: DOM: Device Interfaces, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox24 | --- | unaffected |
| b2g18 | --- | fixed |
| b2g18-v1.0.0 | --- | wontfix |
| b2g18-v1.0.1 | --- | wontfix |
| b2g-v1.1hd | --- | fixed |
People
(Reporter: gwagner, Assigned: gwagner)
Details
Attachments
(1 file, 1 obsolete file)
|
938 bytes,
patch
|
bent.mozilla
:
review+
|
Details | Diff | Splinter Review |
On b2g18 when sending a wallpaper as mms:
*** Compartment mismatch 0x42418800 vs. 0x44a11800
Program received signal SIGSEGV, Segmentation fault.
0x413ff154 in js::CompartmentChecker::fail (this=<value optimized out>,
c=<value optimized out>)
at /Volumes/mac/moz/b2g18/js/src/jscntxtinlines.h:204
204 JS_NOT_REACHED("compartment mismatched");
(gdb) bt
#0 0x413ff154 in js::CompartmentChecker::fail (this=<value optimized out>,
c=<value optimized out>)
at /Volumes/mac/moz/b2g18/js/src/jscntxtinlines.h:204
#1 js::CompartmentChecker::check (this=<value optimized out>,
c=<value optimized out>)
at /Volumes/mac/moz/b2g18/js/src/jscntxtinlines.h:220
#2 0x41407fa8 in js::CompartmentChecker::check (cx=0x42582290,
objArg=<value optimized out>, lengthp=0xbebaf01c)
at /Volumes/mac/moz/b2g18/js/src/jscntxtinlines.h:226
#3 assertSameCompartment<js::RootedObject> (cx=0x42582290,
objArg=<value optimized out>, lengthp=0xbebaf01c)
at /Volumes/mac/moz/b2g18/js/src/jscntxtinlines.h:302
#4 JS_GetArrayLength (cx=0x42582290, objArg=<value optimized out>,
lengthp=0xbebaf01c) at /Volumes/mac/moz/b2g18/js/src/jsapi.cpp:4750
#5 0x40a137de in GetSendMmsMessageRequestFromParams (aParam=..., request=...)
at /Volumes/mac/moz/b2g18/dom/mobilemessage/src/ipc/SmsIPCService.cpp:190
#6 0x40a13bac in mozilla::dom::mobilemessage::SmsIPCService::Send (
this=<value optimized out>, aParameters=..., aRequest=0x447de520)
at /Volumes/mac/moz/b2g18/dom/mobilemessage/src/ipc/SmsIPCService.cpp:257
#7 0x40a11b82 in mozilla::dom::MobileMessageManager::SendMMS (
this=<value optimized out>, aParams=..., aRequest=0xbebaf438)
at /Volumes/mac/moz/b2g18/dom/mobilemessage/src/MobileMessageManager.cpp:206
---Type <return> to continue, or q <return> to quit---
#8 0x411aab36 in NS_InvokeByIndex_P (that=0x44757900, methodIndex=19,
paramCount=<value optimized out>, params=<value optimized out>)
at /Volumes/mac/moz/b2g18/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_arm.cpp:160
#9 0x40cfd25c in CallMethodHelper::Invoke (this=0xbebaf400)
at /Volumes/mac/moz/b2g18/js/xpconnect/src/XPCWrappedNative.cpp:3084
#10 CallMethodHelper::Call (this=0xbebaf400)
at /Volumes/mac/moz/b2g18/js/xpconnect/src/XPCWrappedNative.cpp:2418
#11 0x40cfe4b8 in XPCWrappedNative::CallMethod (ccx=...,
mode=<value optimized out>)
at /Volumes/mac/moz/b2g18/js/xpconnect/src/XPCWrappedNative.cpp:2384
#12 0x40d05696 in XPC_WN_CallMethod (cx=0x42582a70, argc=1,
vp=<value optimized out>)
at /Volumes/mac/moz/b2g18/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1469
#13 0x414b8710 in js::CallJSNative (cx=0x42582a70,
native=0x40d055e1 <XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*)>, args=...) at /Volumes/mac/moz/b2g18/js/src/jscntxtinlines.h:364
#14 0x414cc960 in js::InvokeKernel (cx=0x42582a70, args=...,
construct=js::NO_CONSTRUCT)
at /Volumes/mac/moz/b2g18/js/src/jsinterp.cpp:367
#15 0x414c5cca in js::Interpret (cx=0x42582a70,
entryFrame=<value optimized out>, interpMode=<value optimized out>)
at /Volumes/mac/moz/b2g18/js/src/jsinterp.cpp:2475
|
Assignee | |
Updated•11 years ago
|
status-b2g18:
--- → affected
|
|
Assignee | |
Comment 1•11 years ago
|
||
Assignee: nobody → anygregor
|
|
Assignee | |
Updated•11 years ago
|
Attachment #763874 -
Flags: review?(vyang)
Attachment #763874 -
Flags: review?(mrbkap)
|
||
Comment 2•11 years ago
|
||
Comment on attachment 763874 [details] [diff] [review] patch Review of attachment 763874 [details] [diff] [review]: ----------------------------------------------------------------- I think I still have no enough knowledge to review this. Sorry.
Attachment #763874 -
Flags: review?(vyang)
Comment on attachment 763874 [details] [diff] [review] patch Review of attachment 763874 [details] [diff] [review]: ----------------------------------------------------------------- Stealing. r=me with this fixed: ::: dom/mobilemessage/src/ipc/SmsIPCService.cpp @@ +174,5 @@ > if (aParam.isUndefined() || aParam.isNull() || !aParam.isObject()) { > return false; > } > > + JSContext* cx = nsContentUtils::GetCurrentJSContext(); There's AutoJSContext now.
Attachment #763874 -
Flags: review?(mrbkap) → review+
|
|
Assignee | |
Comment 4•11 years ago
|
||
(In reply to ben turner [:bent] from comment #3) > Comment on attachment 763874 [details] [diff] [review] > patch > > Review of attachment 763874 [details] [diff] [review]: > ----------------------------------------------------------------- > > Stealing. > > r=me with this fixed: > > ::: dom/mobilemessage/src/ipc/SmsIPCService.cpp > @@ +174,5 @@ > > if (aParam.isUndefined() || aParam.isNull() || !aParam.isObject()) { > > return false; > > } > > > > + JSContext* cx = nsContentUtils::GetCurrentJSContext(); > > There's AutoJSContext now. There is no AutoJSContext on b2g18 and that's b2g18 only.
|
|
Assignee | |
Updated•11 years ago
|
blocking-b2g: --- → leo?
|
|
Assignee | |
Comment 5•11 years ago
|
||
> > }
> >
> > + JSContext* cx = nsContentUtils::GetCurrentJSContext();
>
> There's AutoJSContext now.
bholley, does GetCurrentJSContext return null if there is no current one? Do I have to check for this case and get the safe one or is there a better way on b2g18.Flags: needinfo?(bobbyholley+bmo)
|
||
Comment 6•11 years ago
|
||
(In reply to Gregor Wagner [:gwagner] from comment #5) > > > } > > > > > > + JSContext* cx = nsContentUtils::GetCurrentJSContext(); > > > > There's AutoJSContext now. > > bholley, does GetCurrentJSContext return null if there is no current one? Do > I have to check for this case and get the safe one or is there a better way > on b2g18. GetCurrentJSContext will return null if the stack-top cx is null. This happens when there's no script on the stack, or a caller up the call tree wants to say "caller is C++". If that's a possibility, and you need a cx, you should null-check and then fall back on nsContentUtils::GetSafeJSContext().
Flags: needinfo?(bobbyholley+bmo)
|
|
Assignee | |
Comment 7•11 years ago
|
||
Attachment #763874 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•11 years ago
|
Attachment #764472 -
Flags: review?(bent.mozilla)
Comment on attachment 764472 [details] [diff] [review] patch Review of attachment 764472 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/mobilemessage/src/ipc/SmsIPCService.cpp @@ +176,5 @@ > } > > + JSContext* cx = nsContentUtils::GetCurrentJSContext(); > + if (!cx) { > + cx = nsContentUtils::GetSafeJSContext(); You might as well assert cx here.
Attachment #764472 -
Flags: review?(bent.mozilla) → review+
|
||
Comment 9•11 years ago
|
||
Gregor, could you describe the user impact of this bug? It is not clear to the triagers.
Flags: needinfo?(anygregor)
|
|
Assignee | |
Comment 10•11 years ago
|
||
(In reply to Peter Dolanjski [:pdol] from comment #9) > Gregor, could you describe the user impact of this bug? It is not clear to > the triagers. Can lead to gc hazards and crashes.
Flags: needinfo?(anygregor)
|
||
Comment 11•11 years ago
|
||
Triage- partner agrees to take this based on comment 10
blocking-b2g: leo? → leo+
|
|
Assignee | |
Comment 12•11 years ago
|
||
https://hg.mozilla.org/releases/mozilla-b2g18/rev/5df2cf873861
|
|
Assignee | |
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
||
Comment 13•11 years ago
|
||
https://hg.mozilla.org/releases/mozilla-b2g18_v1_1_0_hd/rev/5df2cf873861 I'm assuming this didn't affect trunk then.
status-b2g18-v1.0.0:
--- → wontfix
status-b2g18-v1.0.1:
--- → wontfix
status-b2g-v1.1hd:
--- → fixed
status-firefox24:
--- → unaffected
Target Milestone: --- → 1.1 QE3 (24jun)
You need to log in
before you can comment on or make changes to this bug.
Description
•