Closed
Bug 905364
Opened 11 years ago
Closed 11 years ago
Startup crash when operation callback fires under nsScriptSecurityManager::Init
Categories
(Core :: XPConnect, defect)
Tracking
()
RESOLVED
FIXED
mozilla26
Tracking | Status | |
---|---|---|
firefox25 | --- | unaffected |
firefox26 | + | fixed |
People
(Reporter: bent.mozilla, Assigned: bholley)
References
Details
(Keywords: crash, regression, topcrash, Whiteboard: [startupcrash])
Crash Data
Attachments
(3 files)
4.99 KB,
patch
|
mrbkap
:
review+
|
Details | Diff | Splinter Review |
6.01 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
1.26 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
xul.dll!GetSubjectPrincipal - nscontentutils.cpp:2342 xul.dll!OperationCallback - xpcjsruntime.cpp:1249 mozjs.dll!js_InvokeOperationCallback - jscntxt.cpp:1032 mozjs.dll!js_HandleExecutionInterrupt - jscntxt.cpp:1039 mozjs.dll!Interpret - interpreter.cpp:1672 mozjs.dll!RunScript - interpreter.cpp:446 mozjs.dll!Invoke - interpreter.cpp:508 mozjs.dll!Interpret - interpreter.cpp:2484 mozjs.dll!RunScript - interpreter.cpp:446 mozjs.dll!ExecuteKernel - interpreter.cpp:630 mozjs.dll!Execute - interpreter.cpp:667 mozjs.dll!Evaluate - jsapi.cpp:5156 mozjs.dll!Evaluate - jsapi.cpp:5186 mozjs.dll!initSelfHosting - selfhosting.cpp:762 mozjs.dll!NewContext - jscntxt.cpp:201 xul.dll!GetSafeJSContext - xpcjscontextstack.cpp:150 xul.dll!Init - nsscriptsecuritymanager.cpp:2332 xul.dll!GetScriptSecurityManager - nsscriptsecuritymanager.cpp:2413 xul.dll!Init - nscontentutils.cpp:372 xul.dll!Initialize - nslayoutstatics.cpp:165 xul.dll!Initialize - nslayoutmodule.cpp:405 xul.dll!Load - nscomponentmanager.cpp:770 xul.dll!GetFactory - nscomponentmanager.cpp:1778 xul.dll!CreateInstanceByContractID - nscomponentmanager.cpp:1093 xul.dll!GetServiceByContractID - nscomponentmanager.cpp:1453 xul.dll!CallGetService - nscomponentmanagerutils.cpp:62 xul.dll!operator() - nscomponentmanagerutils.cpp:246 xul.dll!assign_from_gs_contractid - nscomptr.cpp:92 xul.dll!NS_InitXPCOM2 - nsxpcominit.cpp:559 xul.dll!Initialize - nsapprunner.cpp:1191 xul.dll!XRE_main - nsapprunner.cpp:3919 We die in GetSubjectPrincipal() because the script security manager has not yet been initialized.
Assignee | ||
Comment 1•11 years ago
|
||
As noted on IRC, we should avoid the AutoSafeJSContext in nsScriptSecurityManager::Init, and intern the string lazily.
Assignee: nobody → bobbyholley+bmo
Summary: Startup crash on slow machines → Startup crash when operation callback fires under nsScriptSecurityManager::Init
Assignee | ||
Comment 2•11 years ago
|
||
With this patch, I've confirmed that we instantiate the SafeJSContext much later in startup, during nsAppStartupNotifier::Observe (which ends up invoking an XPCWrappedJS). As such, this should solve a number of our startup ordering woes.
Attachment #790434 -
Flags: review?(bent.mozilla)
Assignee | ||
Updated•11 years ago
|
Attachment #790434 -
Flags: review?(bent.mozilla) → review?(mrbkap)
Comment 3•11 years ago
|
||
Comment on attachment 790434 [details] [diff] [review] Part 3 - Stop using the SafeJSContext in nsScriptSecurityManager::Init. v1 This patch is amazing.
Attachment #790434 -
Flags: review?(mrbkap) → review+
Assignee | ||
Comment 4•11 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&rev=2330b28a9e22
Comment 5•11 years ago
|
||
Reports at: https://crash-stats.mozilla.com/report/list?product=Firefox&signature=nsContentUtils%3A%3AGetSubjectPrincipal%28%29
Severity: normal → critical
Crash Signature: [@ nsContentUtils::GetSubjectPrincipal() ]
status-firefox25:
--- → unaffected
status-firefox26:
--- → affected
Keywords: crash,
regression
Whiteboard: [startupcrash]
Version: unspecified → 26 Branch
Assignee | ||
Comment 6•11 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&rev=9f119cf83935
Assignee | ||
Comment 7•11 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&rev=859b471cadd8
Assignee | ||
Comment 8•11 years ago
|
||
Scoobidiver, how bad are the crashes? This patch is ready, but needs the dependent bug as well, which I would estimate will land on tuesday or wednesday. If it's important, I have a workaround that would allow this patch to land without the dependent bug (just access the SafeJSContext from xpcshell).
Flags: needinfo?(scoobidiver)
Assignee | ||
Comment 9•11 years ago
|
||
I decided to just land with the workaround. The workaround locally fixes the try issues from comment 4 (which was the only push without the patches from the dependent bug), so hopefully it should do the trick, and fix the pain here. https://hg.mozilla.org/integration/mozilla-inbound/rev/c39d60483813
Flags: needinfo?(scoobidiver)
Comment 10•11 years ago
|
||
Still had two bits of failure, xpcshell like https://tbpl.mozilla.org/php/getParsedLog.php?id=26673704&tree=Mozilla-Inbound and b2g desktop make check like https://tbpl.mozilla.org/php/getParsedLog.php?id=26673058&tree=Mozilla-Inbound Backed out in https://hg.mozilla.org/integration/mozilla-inbound/rev/6b1496e690f9
Comment 11•11 years ago
|
||
This is still the #4 crash for trunk builds from the last 3 days. Bobby, where are we on this?
Flags: needinfo?(bobbyholley+bmo)
Updated•11 years ago
|
tracking-firefox26:
--- → ?
Assignee | ||
Comment 12•11 years ago
|
||
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #11) > This is still the #4 crash for trunk builds from the last 3 days. Bobby, > where are we on this? Yes. I'm really sorry it's taking so long. The dependent bug is turning out to be a lot trickier than we'd thought. This is now my top priority.
Flags: needinfo?(bobbyholley+bmo)
Assignee | ||
Comment 13•11 years ago
|
||
Let's try the workaround again without the dependencies: https://tbpl.mozilla.org/?tree=Try&rev=b5e23595c655
Assignee | ||
Comment 14•11 years ago
|
||
Alright, that looks green. I think we should land this with the workaround to fix the crashes, and then sort out bug 905926 on its own. Looks like mrbkap is on PTO, so I'll flag boris for these, who's already in the loop on the AllowXULXBLForPrincipal stuff.
Assignee | ||
Comment 15•11 years ago
|
||
In the old world, we'd be saved by initializing the SafeJSContext early enough that we'd short-circuit in the nsContentUtils::IsInitialized() check. That's not the case anymore, so let's hande this explicitly.
Attachment #800220 -
Flags: review?(bzbarsky)
Assignee | ||
Comment 16•11 years ago
|
||
Attachment #800221 -
Flags: review?(bzbarsky)
Assignee | ||
Updated•11 years ago
|
Attachment #790434 -
Attachment description: Stop using the SafeJSContext in nsScriptSecurityManager::Init. v1 → Part 3 - Stop using the SafeJSContext in nsScriptSecurityManager::Init. v1
Assignee | ||
Comment 17•11 years ago
|
||
Full try push: https://tbpl.mozilla.org/?tree=Try&rev=df316444aaf9
Comment 18•11 years ago
|
||
Comment on attachment 790434 [details] [diff] [review] Part 3 - Stop using the SafeJSContext in nsScriptSecurityManager::Init. v1 Review of attachment 790434 [details] [diff] [review]: ----------------------------------------------------------------- ::: caps/src/nsScriptSecurityManager.cpp @@ +76,5 @@ > JSRuntime *nsScriptSecurityManager::sRuntime = 0; > bool nsScriptSecurityManager::sStrictFileOriginPolicy = true; > > +// Lazily initialized. Use the getter below. > +static jsid sEnabledID = JSID_VOID; Should probably be JS::UndefinedValue() for static constructors @@ +84,5 @@ > + if (sEnabledID != JSID_VOID) > + return sEnabledID; > + AutoSafeJSContext cx; > + sEnabledID = INTERNED_STRING_TO_JSID(cx, JS_InternString(cx, "enabled")); > + return sEnabledID; I'd write it as if (sEnabledID.isUndefined()) { AutoSafeJSContext cx; sEnabledID = INTERNED_STRING_TO_JSID(cx, JS_InternString(cx, "enabled")); } return sEnabledID;
Assignee | ||
Comment 19•11 years ago
|
||
This is green. Let's get this pushed to fix the crashes.
Comment 20•11 years ago
|
||
Comment on attachment 800220 [details] [diff] [review] Part 1 - Don't call into AllowXULXBLForPrincipal during SafeJSContext initialization. v1 Name the class SafeJSContextGlobalClass, and r=me
Attachment #800220 -
Flags: review?(bzbarsky) → review+
Comment 21•11 years ago
|
||
Comment on attachment 800221 [details] [diff] [review] Part 2 - Force the SafeJSContext to fire up in xpcshell. v1 r=me
Attachment #800221 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Comment 22•11 years ago
|
||
Landing with the workaround to avoid the need to land the dependent bug. Full green try push in comment 17. remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/5b1ca7188e84 remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/56d1c3a7fd4e remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/e1b943e64032
Comment 23•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/5b1ca7188e84 https://hg.mozilla.org/mozilla-central/rev/56d1c3a7fd4e https://hg.mozilla.org/mozilla-central/rev/e1b943e64032
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla26
Updated•11 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•