Closed Bug 944854 Opened 7 years ago Closed 7 years ago

"ASSERTION: You can't dereference a NULL nsRefPtr with operator*()." with RTC, GC/CC

Categories

(Core :: WebRTC, defect)

x86_64
macOS
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla28

People

(Reporter: jruderman, Assigned: jib)

Details

(Keywords: assertion, testcase, Whiteboard: [qa-])

Attachments

(1 file)

When I follow the steps in bug 928221, I get this assertion, but it is NOT followed by a crash. Maybe it's a bogus assertion!?

I can only reproduce with a Tinderbox debug build, not with a local debug build. I'm not sure why. (Both are from mozilla-central.)

###!!! ASSERTION: You can't dereference a NULL nsRefPtr with operator*().: 'mRawPtr != 0', file ../../../../../media/webrtc/signaling/../../../xpcom/base/nsAutoPtr.h, line 1072

sipcc::PeerConnectionImpl::IceGatheringStateChange_m(mozilla::dom::PCImplIceGatheringState) [media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp:1777]
See bug 933447 comment 39 to 42.
Assignee: nobody → jib
I don't think this needs to be a sec bug, since the assert appears harmless.  The code takes the address of a deference (&* operators used in conjunction), i.e. it takes the nullptr out of an nsRefPtr for casting purposes but doesn't use it for anything. Furthermore, the NS_PRECONDITION() macro used here to generate the assertion message doesn't appear to throw in debug builds AFAICT.

So the remaining issue is the misleading log junk, which this patch fixes.
Attachment #8341705 - Flags: review?(adam)
Comment on attachment 8341705 [details] [diff] [review]
Avoid triggering harmless assertion on PeerConnectionObserver weakref

Review of attachment 8341705 [details] [diff] [review]:
-----------------------------------------------------------------

Looks reasonable to me.
Attachment #8341705 - Flags: review?(adam) → review+
This is ready to land as soon as we agree it is not a security bug.
Flags: needinfo?(rjesup)
I agree this is not a sec issue (and even if it were an opt-build crash, it would be a null-deref).  Let's land it.
Flags: needinfo?(rjesup)
Group: core-security
https://hg.mozilla.org/mozilla-central/rev/aa4d322d811f
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
Whiteboard: [qa-]
You need to log in before you can comment on or make changes to this bug.