Closed
Bug 922837
Opened 11 years ago
Closed 11 years ago
In IndexedDatabaseManager.cpp:235: Assertion failure: js::GetObjectClass(aGlobal)->flags & (1<<7) (Not a global object!)
Categories
(Core :: Storage: IndexedDB, defect)
Tracking
()
RESOLVED
FIXED
mozilla27
People
(Reporter: jgilbert, Assigned: janv)
References
Details
Attachments
(1 file)
|
1.49 KB,
patch
|
bholley
:
review+
|
Details | Diff | Splinter Review |
My local build of central started hitting this consistently:
F/MOZ_Assert(12226): Assertion failure: js::GetObjectClass(aGlobal)->flags & (1<<7) (Not a global object!), at mozilla/central/dom/indexedDB/IndexedDatabaseManager.cpp:235
I get this on my Galaxy Tab 10.1:
First, google "webgl test".
Choose your adventure:
1) Click "Testing/Conformance - WebGL Public Wiki".
2) Click another result on that page.
3) Just wait about 20s.
All three end with the browser asserting out.
|
Reporter | |
Comment 1•11 years ago
|
||
Any ideas? This also reproduces on my Nexus 10.
Flags: needinfo?(Jan.Varga)
|
|
Reporter | |
Comment 2•11 years ago
|
||
This also happens on etherpad.mozilla.org, apparently on any etherpad. (Either create a new one and wait, or access and old one, and wait)
|
|
Reporter | |
Comment 3•11 years ago
|
||
It also happens on:
https://www.khronos.org/registry/webgl/
https://www.khronos.org/registry/webgl/conformance-suites/
https://www.khronos.org/registry/webgl/conformance-suites/1.0.1/webgl-conformance-tests.html
At this point, it's notable that the only site I've tried which doesn't do this is slashdot.org's frontpage, and the one story page I tried.
This is making it impossible to do DEBUG testing against central.
|
|
Reporter | |
Updated•11 years ago
|
Severity: normal → major
Assignee: nobody → khuey
This code is clearly bogus, JS can apply the lazy getter to anything it wants, not just a global.
|
||
Comment 6•11 years ago
|
||
The lazy getter should just go away, and we should do bug 920553.
|
|
||
Comment 7•11 years ago
|
||
For the moment we probably just need to innerize in IndexedDBLazyGetter.
Jan is going to take this.
Assignee: khuey → Jan.Varga
Flags: needinfo?(Jan.Varga)
|
Assignee | |
Comment 9•11 years ago
|
||
|
|
||
Comment 10•11 years ago
|
||
1.38 + JS::RootedObject global(aCx, CheckedUnwrap(aGlobal, false));
Note that CheckedUnwrap can veto and return null, which may well happen if somebody applies the lazy getter to a security wrapper.
I think the most robust thing for now is to do:
JS::RootedObject global(aCx, CheckedUnwrap(aGlobal, false));
NS_ENSURE_TRUE(global, false);
NS_ENSURE_TRUE(js::GetObjectClass(global)->flags & JSCLASS_DOM_GLOBAL, false);
|
|
Assignee | |
Comment 11•11 years ago
|
||
Attachment #813084 -
Flags: review?(bobbyholley+bmo)
|
|
||
Comment 12•11 years ago
|
||
Comment on attachment 813084 [details] [diff] [review]
patch
Review of attachment 813084 [details] [diff] [review]:
-----------------------------------------------------------------
::: dom/indexedDB/IndexedDatabaseManager.cpp
@@ +234,5 @@
> MOZ_ASSERT(JSID_IS_STRING(aId), "Bad id!");
> MOZ_ASSERT(JS_FlatStringEqualsAscii(JSID_TO_FLAT_STRING(aId), IDB_STR),
> "Bad id!");
>
> + JS::RootedObject global(aCx, CheckedUnwrap(aGlobal, false));
Please add /* stopAtOuter = */ before the |false| parameter.
Attachment #813084 -
Flags: review?(bobbyholley+bmo) → review+
|
|
Assignee | |
Comment 13•11 years ago
|
||
|
||
Comment 14•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla27
You need to log in
before you can comment on or make changes to this bug.
Description
•