Closed
Bug 898939
Opened 12 years ago
Closed 12 years ago
"Assertion failure: !js::IsCrossCompartmentWrapper(obj)" adopting marquee
Categories
(Core :: XBL, defect)
Tracking
()
RESOLVED
FIXED
mozilla25
People
(Reporter: jruderman, Unassigned)
Details
(Keywords: assertion, testcase)
Attachments
(4 files)
|
344 bytes,
text/html
|
Details | |
|
9.77 KB,
text/plain
|
Details | |
|
1.83 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
|
2.84 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
Assertion failure: !js::IsCrossCompartmentWrapper(obj), at js/xpconnect/wrappers/XrayWrapper.cpp:1281
|
Reporter | |
Comment 1•12 years ago
|
||
|
||
Updated•12 years ago
|
Flags: needinfo?(bobbyholley+bmo)
|
||
Comment 2•12 years ago
|
||
I noticed this while making the crashtest here.
This was done before we flipped the default to make reftests always run with
dom.use_xbl_scopes_for_remote_xul=false (see reftest-cmdline.js). So to get
the full test coverage we're looking for here, we need to force the opposite
pref.
Attachment #782670 -
Flags: review?(bzbarsky)
|
|
||
Comment 3•12 years ago
|
||
This is just an overzealous assertion, rather than a security issue. But Jesse's
testcase here has interesting implications - it runs XBL code that uses
setTimeout, and then adopts the bound node into another compartment, which
rejiggers its prototype chain to correspond to a new XBL scope. I think we
should handle this all well, but I want to give Boris a chance to brainstorm
potential issues before opening this bug up.
Attachment #782676 -
Flags: review?(bzbarsky)
|
|
||
Comment 4•12 years ago
|
||
Comment on attachment 782670 [details] [diff] [review]
Bonus Fix - Flip custom scope automtion prefs for 449149-1{a,b}.html. v1
>automtion
automation.
r=me
Attachment #782670 -
Flags: review?(bzbarsky) → review+
|
|
||
Comment 5•12 years ago
|
||
Comment on attachment 782676 [details] [diff] [review]
Loosen assertion. v1
r=me
Attachment #782676 -
Flags: review?(bzbarsky) → review+
|
|
||
Comment 6•12 years ago
|
||
I think we agree at this point that this isn't a security issue.
Group: core-security
|
|
||
Comment 7•12 years ago
|
||
remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/6cfe97defc64
remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/be1be387ce59
remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/d41299f47cb0
Flags: needinfo?(bobbyholley+bmo)
|
|
||
Comment 8•12 years ago
|
||
So, the reftest harness borks because it doesn't recognize the pref (which is in all.js). jgriffin says we could fix this by adding the pref to http://mxr.mozilla.org/mozilla-central/source/layout/tools/reftest/bootstrap.js, but it's probably easier to just disable the test on android.
https://hg.mozilla.org/integration/mozilla-inbound/rev/33c659c7b3b0
|
||
Comment 9•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/6cfe97defc64
https://hg.mozilla.org/mozilla-central/rev/be1be387ce59
https://hg.mozilla.org/mozilla-central/rev/d41299f47cb0
https://hg.mozilla.org/mozilla-central/rev/33c659c7b3b0
Status: NEW → RESOLVED
Closed: 12 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla25
You need to log in
before you can comment on or make changes to this bug.
Description
•