This bug was filed from the Socorro interface and is report bp-c4c2e4e1-954d-444a-84b5-e6ec32161014. ============================================================= STR: Open https://upload.wikimedia.org/wikipedia/commons/9/9f/BayeuxTapestryScene39.jpg Drag image with mouse pointer, results in crash.

Here is the regression range: INFO: Last good revision: 3e9a2031152fa07b088d0cb5e168eb53a2c882c0 INFO: First bad revision: c838d2546cadd65bf8d5579db20a268c8b6e4b87 INFO: Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=3e9a2031152fa07b088d0cb5e168eb53a2c882c0&tochange=c838d2546cadd65bf8d5579db20a268c8b6e4b87 INFO: Looks like the following bug has the changes which introduced the regression: https://bugzilla.mozilla.org/show_bug.cgi?id=1289718

[Tracking Requested - why for this release]: Regression

This is waitpid(), which we never whitelisted (because it can't clone/fork() anything to wait on anyway). Not clear why file brokering makes this show up, I remember we had a discussion about wait4 with a similar useless stack in NSPR.

Tracking 52+, recent security sandboxing crash regression.

(In reply to Gian-Carlo Pascutto [:gcp] from comment #3) > I remember we had a discussion about wait4 with a similar useless stack in NSPR. Bug 1299581, which also explains why the crash signature is wrong/unhelpful here — the crash is really in WaitPidDaemonThread[*] and the actual root cause is bug 227246. [*] http://searchfox.org/mozilla-central/rev/d96317a351af8aa78ab9847e7feed964bbaac7d7/nsprpub/pr/src/md/unix/uxproces.c#648

I can't reproduce this, though. Tried loading that URL, dragging, dragging outside the window... Reporter, does this also happen on a clean profile?

Yes, this happens on a clean profile.

Which distribution are you using? (The exact libc version/build is of interest)

Jed point out this is specific to 32-bit: wait4 is whitelisted: http://searchfox.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp#721 but waitpid isn't, which may be used by 32-bit libc.

https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/waitpid.c;h=9de9ce1d51e873838a7c1f491ed819d7a72e82a1;hb=HEAD waitpid() uses the waitpid syscall if it exists, but it doesn't exist on x86_64 because it's a subset of wait4 (and x86_64 is new enough that wait4 has always existed, or something like that). If we'd had a test that tries to do nsIProcess or something in a content process we would've caught this… but I'm also a little surprised that nothing in our entire test suite managed to hit this via invoking the MIME service or whatever is going on in the STR in comment #0.

From the crash reports this happens on different versions of libc. I am on Ubuntu 16.10.

Crash is reproducible on a 32-bit system, as expected. I made nsProcess crash when invoked from content: Hit MOZ_CRASH(No RunProcess in content) at /home/morbo/hg/firefox/xpcom/threads/nsProcessCommon.cpp:435 #01: nsProcess::RunProcess(bool, char**, nsIObserver*, bool, bool) (/home/morbo/hg/firefox/xpcom/threads/nsProcessCommon.cpp:435) #02: nsProcess::CopyArgsAndRunProcess(bool, char const**, unsigned int, nsIObserver*, bool) (/home/morbo/hg/firefox/xpcom/threads/nsProcessCommon.cpp:379) #03: nsProcess::Run(bool, char const**, unsigned int) (/home/morbo/hg/firefox/xpcom/threads/nsProcessCommon.cpp:348) #04: nsOSHelperAppService::GetHandlerAndDescriptionFromMailcapFile(nsAString_internal const&, nsAString_internal const&, nsAString_internal const&, nsAString_internal&, nsAString_internal&, nsAString_internal&) (/home/morbo/hg/firefox/uriloader/exthandler/unix/nsOSHelperAppService.cpp:1091) #05: nsOSHelperAppService::DoLookUpHandlerAndDescription(nsAString_internal const&, nsAString_internal const&, nsAString_internal&, nsAString_internal&, nsAString_internal&, bool) (/home/morbo/hg/firefox/uriloader/exthandler/unix/nsOSHelperAppService.cpp:913) #06: nsOSHelperAppService::GetFromType(nsCString const&) (/home/morbo/hg/firefox/uriloader/exthandler/unix/nsOSHelperAppService.cpp:1399) #07: nsOSHelperAppService::GetMIMEInfoFromOS(nsACString_internal const&, nsACString_internal const&, bool*) (/home/morbo/hg/firefox/uriloader/exthandler/unix/nsOSHelperAppService.cpp:1466) #08: nsExternalHelperAppService::GetFromTypeAndExtension(nsACString_internal const&, nsACString_internal const&, nsIMIMEInfo**) (/home/morbo/hg/firefox/uriloader/exthandler/nsExternalHelperAppService.cpp:2636) #09: DragDataProducer::Produce(mozilla::dom::DataTransfer*, bool*, nsISelection**, nsIContent**) (/home/morbo/hg/firefox/dom/base/nsContentAreaDragDrop.cpp:588) #10: nsContentAreaDragDrop::GetDragData(nsPIDOMWindowOuter*, nsIContent*, nsIContent*, bool, mozilla::dom::DataTransfer*, bool*, nsISelection**, nsIContent**) (/home/morbo/hg/firefox/dom/base/nsContentAreaDragDrop.cpp:129) #11: mozilla::EventStateManager::DetermineDragTargetAndDefaultData(nsPIDOMWindowOuter*, nsIContent*, mozilla::dom::DataTransfer*, nsISelection**, nsIContent**) (/home/morbo/hg/firefox/dom/events/EventStateManager.cpp:1860) #12: mozilla::EventStateManager::GenerateDragGesture(nsPresContext*, mozilla::WidgetMouseEvent*) (/home/morbo/hg/firefox/dom/events/EventStateManager.cpp:1762) #13: mozilla::EventStateManager::PreHandleEvent(nsPresContext*, mozilla::WidgetEvent*, nsIFrame*, nsIContent*, nsEventStatus*) (/home/morbo/hg/firefox/dom/events/EventStateManager.cpp:711) #14: PresShell::HandleEventInternal(mozilla::WidgetEvent*, nsEventStatus*, bool) (/home/morbo/hg/firefox/layout/base/nsPresShell.cpp:8228) #15: PresShell::HandlePositionedEvent(nsIFrame*, mozilla::WidgetGUIEvent*, nsEventStatus*) (/home/morbo/hg/firefox/layout/base/nsPresShell.cpp:8069) #16: PresShell::HandleEvent(nsIFrame*, mozilla::WidgetGUIEvent*, bool, nsEventStatus*, nsIContent**) (/home/morbo/hg/firefox/layout/base/nsPresShell.cpp:7855) #17: nsViewManager::DispatchEvent(mozilla::WidgetGUIEvent*, nsView*, nsEventStatus*) (/home/morbo/hg/firefox/view/nsViewManager.cpp:815) #18: nsView::HandleEvent(mozilla::WidgetGUIEvent*, bool) (/home/morbo/hg/firefox/view/nsView.cpp:1117) #19: mozilla::widget::PuppetWidget::DispatchEvent(mozilla::WidgetGUIEvent*, nsEventStatus&) (/home/morbo/hg/firefox/widget/PuppetWidget.cpp:357) #20: mozilla::layers::APZCCallbackHelper::DispatchWidgetEvent(mozilla::WidgetGUIEvent&) (/home/morbo/hg/firefox/gfx/layers/apz/util/APZCCallbackHelper.cpp:471) #21: mozilla::dom::TabChild::RecvRealMouseButtonEvent(mozilla::WidgetMouseEvent const&, mozilla::layers::ScrollableLayerGuid const&, unsigned long long const&) (/home/morbo/hg/firefox/dom/ipc/TabChild.cpp:1897) #22: mozilla::dom::TabChild::RecvRealMouseMoveEvent(mozilla::WidgetMouseEvent const&, mozilla::layers::ScrollableLayerGuid const&, unsigned long long const&) (/home/morbo/hg/firefox/dom/ipc/TabChild.cpp:1862) #23: mozilla::dom::PBrowserChild::OnMessageReceived(IPC::Message const&) (/home/morbo/hg/firefox/obj-i686-pc-linux-gnu/ipc/ipdl/PBrowserChild.cpp:3650) #24: mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) (/home/morbo/hg/firefox/obj-i686-pc-linux-gnu/ipc/ipdl/PContentChild.cpp:6398) #25: mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) (/home/morbo/hg/firefox/ipc/glue/MessageChannel.cpp:1672) #26: mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) (/home/morbo/hg/firefox/ipc/glue/MessageChannel.cpp:1610) #27: mozilla::ipc::MessageChannel::OnMaybeDequeueOne() (/home/morbo/hg/firefox/ipc/glue/MessageChannel.cpp:1577) #28: decltype (((*{parm#1}).*{parm#2})()) mozilla::detail::RunnableMethodArguments<>::applyImpl<mozilla::ipc::MessageChannel, bool (mozilla::ipc::MessageChannel::*)()>(mozilla::ipc::MessageChannel*, bool (mozilla::ipc::MessageChannel::*)(), mozilla::Tuple<>&, mozilla::IndexSequence<>) (/home/morbo/hg/firefox/obj-i686-pc-linux-gnu/dist/include/nsThreadUtils.h:729 (discriminator 4)) #29: decltype (applyImpl({parm#1}, {parm#2}, (*this).mArguments, (mozilla::IndexSequence<>)())) mozilla::detail::RunnableMethodArguments<>::apply<mozilla::ipc::MessageChannel, bool (mozilla::ipc::MessageChannel::*)()>(mozilla::ipc::MessageChannel*, bool (mozilla::ipc::MessageChannel::*)()) (/home/morbo/hg/firefox/obj-i686-pc-linux-gnu/dist/include/nsThreadUtils.h:736) #30: mozilla::detail::RunnableMethodImpl<bool (mozilla::ipc::MessageChannel::*)(), false, true>::Run() (/home/morbo/hg/firefox/obj-i686-pc-linux-gnu/dist/include/nsThreadUtils.h:764) #31: mozilla::ipc::MessageChannel::RefCountedTask::Run() (/home/morbo/hg/firefox/obj-i686-pc-linux-gnu/dist/include/mozilla/ipc/MessageChannel.h:540) #32: mozilla::ipc::MessageChannel::DequeueTask::Run() (/home/morbo/hg/firefox/obj-i686-pc-linux-gnu/dist/include/mozilla/ipc/MessageChannel.h:559) #33: nsThread::ProcessNextEvent(bool, bool*) (/home/morbo/hg/firefox/xpcom/threads/nsThread.cpp:1082) #34: NS_ProcessNextEvent(nsIThread*, bool) (/home/morbo/hg/firefox/xpcom/glue/nsThreadUtils.cpp:290) #35: mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) (/home/morbo/hg/firefox/ipc/glue/MessagePump.cpp:124) #36: mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) (/home/morbo/hg/firefox/ipc/glue/MessagePump.cpp:301) #37: MessageLoop::RunInternal() (/home/morbo/hg/firefox/ipc/chromium/src/base/message_loop.cc:232) #38: MessageLoop::RunHandler() (/home/morbo/hg/firefox/ipc/chromium/src/base/message_loop.cc:225) #39: MessageLoop::Run() (/home/morbo/hg/firefox/ipc/chromium/src/base/message_loop.cc:205) #40: nsBaseAppShell::Run() (/home/morbo/hg/firefox/widget/nsBaseAppShell.cpp:156) #41: XRE_RunAppShell (/home/morbo/hg/firefox/toolkit/xre/nsEmbedFunctions.cpp:869) #42: mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) (/home/morbo/hg/firefox/ipc/glue/MessagePump.cpp:269) #43: MessageLoop::RunInternal() (/home/morbo/hg/firefox/ipc/chromium/src/base/message_loop.cc:232) #44: MessageLoop::RunHandler() (/home/morbo/hg/firefox/ipc/chromium/src/base/message_loop.cc:225) #45: MessageLoop::Run() (/home/morbo/hg/firefox/ipc/chromium/src/base/message_loop.cc:205) #46: XRE_InitChildProcess (/home/morbo/hg/firefox/toolkit/xre/nsEmbedFunctions.cpp:701) #47: content_process_main(int, char**) (/home/morbo/hg/firefox/ipc/app/../contentproc/plugin-container.cpp:197) #48: main (/home/morbo/hg/firefox/ipc/app/MozillaRuntimeMain.cpp:18) Program /home/morbo/hg/firefox/obj-i686-pc-linux-gnu/dist/bin/plugin-container (pid = 12562) received signal 11. Stack: #01: js::UnixExceptionHandler(int, siginfo_t*, void*) (/home/morbo/hg/firefox/js/src/ds/MemoryProtectionExceptionHandler.cpp:256) #02: ??? (???:???) #03: nsProcess::CopyArgsAndRunProcess(bool, char const**, unsigned int, nsIObserver*, bool) (/home/morbo/hg/firefox/xpcom/threads/nsProcessCommon.cpp:379) #04: nsProcess::Run(bool, char const**, unsigned int) (/home/morbo/hg/firefox/xpcom/threads/nsProcessCommon.cpp:348) #05: nsOSHelperAppService::GetHandlerAndDescriptionFromMailcapFile(nsAString_internal const&, nsAString_internal const&, nsAString_internal const&, nsAString_internal&, nsAString_internal&, nsAString_internal&) (/home/morbo/hg/firefox/uriloader/exthandler/unix/nsOSHelperAppService.cpp:1091) #06: nsOSHelperAppService::DoLookUpHandlerAndDescription(nsAString_internal const&, nsAString_internal const&, nsAString_internal&, nsAString_internal&, nsAString_internal&, bool) (/home/morbo/hg/firefox/uriloader/exthandler/unix/nsOSHelperAppService.cpp:913) #07: nsOSHelperAppService::GetFromType(nsCString const&) (/home/morbo/hg/firefox/uriloader/exthandler/unix/nsOSHelperAppService.cpp:1399) #08: nsOSHelperAppService::GetMIMEInfoFromOS(nsACString_internal const&, nsACString_internal const&, bool*) (/home/morbo/hg/firefox/uriloader/exthandler/unix/nsOSHelperAppService.cpp:1466) ###!!! [Parent][MessageChannel] Error: (msgtype=0x300072,name=PBrowser::Msg_RealMouseMoveEvent) Channel error: cannot send/recv #09: nsExternalHelperAppService::GetFromTypeAndExtension(nsACString_internal const&, nsACString_internal const&, nsIMIMEInfo**) (/home/morbo/hg/firefox/uriloader/exthandler/nsExternalHelperAppService.cpp:2636) #10: DragDataProducer::Produce(mozilla::dom::DataTransfer*, bool*, nsISelection**, nsIContent**) (/home/morbo/hg/firefox/dom/base/nsContentAreaDragDrop.cpp:588) #11: nsContentAreaDragDrop::GetDragData(nsPIDOMWindowOuter*, nsIContent*, nsIContent*, bool, mozilla::dom::DataTransfer*, bool*, nsISelection**, nsIContent**) (/home/morbo/hg/firefox/dom/base/nsContentAreaDragDrop.cpp:129) #12: mozilla::EventStateManager::DetermineDragTargetAndDefaultData(nsPIDOMWindowOuter*, nsIContent*, mozilla::dom::DataTransfer*, nsISelection**, nsIContent**) (/home/morbo/hg/firefox/dom/events/EventStateManager.cpp:1860) #13: mozilla::EventStateManager::GenerateDragGesture(nsPresContext*, mozilla::WidgetMouseEvent*) (/home/morbo/hg/firefox/dom/events/EventStateManager.cpp:1762) #14: mozilla::EventStateManager::PreHandleEvent(nsPresContext*, mozilla::WidgetEvent*, nsIFrame*, nsIContent*, nsEventStatus*) (/home/morbo/hg/firefox/dom/events/EventStateManager.cpp:711) #15: PresShell::HandleEventInternal(mozilla::WidgetEvent*, nsEventStatus*, bool) (/home/morbo/hg/firefox/layout/base/nsPresShell.cpp:8228) #16: PresShell::HandlePositionedEvent(nsIFrame*, mozilla::WidgetGUIEvent*, nsEventStatus*) (/home/morbo/hg/firefox/layout/base/nsPresShell.cpp:8069) #17: PresShell::HandleEvent(nsIFrame*, mozilla::WidgetGUIEvent*, bool, nsEventStatus*, nsIContent**) (/home/morbo/hg/firefox/layout/base/nsPresShell.cpp:7855) #18: nsViewManager::DispatchEvent(mozilla::WidgetGUIEvent*, nsView*, nsEventStatus*) (/home/morbo/hg/firefox/view/nsViewManager.cpp:815) #19: nsView::HandleEvent(mozilla::WidgetGUIEvent*, bool) (/home/morbo/hg/firefox/view/nsView.cpp:1117) ###!!! [Parent][MessageChannel] Error: (msgtype=0x300072,name=PBrowser::Msg_RealMouseMoveEvent) Channel error: cannot send/recv #20: mozilla::widget::PuppetWidget::DispatchEvent(mozilla::WidgetGUIEvent*, nsEventStatus&) (/home/morbo/hg/firefox/widget/PuppetWidget.cpp:357) #21: mozilla::layers::APZCCallbackHelper::DispatchWidgetEvent(mozilla::WidgetGUIEvent&) (/home/morbo/hg/firefox/gfx/layers/apz/util/APZCCallbackHelper.cpp:471) #22: mozilla::dom::TabChild::RecvRealMouseButtonEvent(mozilla::WidgetMouseEvent const&, mozilla::layers::ScrollableLayerGuid const&, unsigned long long const&) (/home/morbo/hg/firefox/dom/ipc/TabChild.cpp:1897) #23: mozilla::dom::TabChild::RecvRealMouseMoveEvent(mozilla::WidgetMouseEvent const&, mozilla::layers::ScrollableLayerGuid const&, unsigned long long const&) (/home/morbo/hg/firefox/dom/ipc/TabChild.cpp:1862) #24: mozilla::dom::PBrowserChild::OnMessageReceived(IPC::Message const&) (/home/morbo/hg/firefox/obj-i686-pc-linux-gnu/ipc/ipdl/PBrowserChild.cpp:3650) #25: mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) (/home/morbo/hg/firefox/obj-i686-pc-linux-gnu/ipc/ipdl/PContentChild.cpp:6398) #26: mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) (/home/morbo/hg/firefox/ipc/glue/MessageChannel.cpp:1672) #27: mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) (/home/morbo/hg/firefox/ipc/glue/MessageChannel.cpp:1610) ###!!! [Parent][MessageChannel] Error: (msgtype=0x300072,name=PBrowser::Msg_RealMouseMoveEvent) Channel error: cannot send/recv #28: mozilla::ipc::MessageChannel::OnMaybeDequeueOne() (/home/morbo/hg/firefox/ipc/glue/MessageChannel.cpp:1577) #29: decltype (((*{parm#1}).*{parm#2})()) mozilla::detail::RunnableMethodArguments<>::applyImpl<mozilla::ipc::MessageChannel, bool (mozilla::ipc::MessageChannel::*)()>(mozilla::ipc::MessageChannel*, bool (mozilla::ipc::MessageChannel::*)(), mozilla::Tuple<>&, mozilla::IndexSequence<>) (/home/morbo/hg/firefox/obj-i686-pc-linux-gnu/dist/include/nsThreadUtils.h:729 (discriminator 4)) #30: decltype (applyImpl({parm#1}, {parm#2}, (*this).mArguments, (mozilla::IndexSequence<>)())) mozilla::detail::RunnableMethodArguments<>::apply<mozilla::ipc::MessageChannel, bool (mozilla::ipc::MessageChannel::*)()>(mozilla::ipc::MessageChannel*, bool (mozilla::ipc::MessageChannel::*)()) (/home/morbo/hg/firefox/obj-i686-pc-linux-gnu/dist/include/nsThreadUtils.h:736) #31: mozilla::detail::RunnableMethodImpl<bool (mozilla::ipc::MessageChannel::*)(), false, true>::Run() (/home/morbo/hg/firefox/obj-i686-pc-linux-gnu/dist/include/nsThreadUtils.h:764) #32: mozilla::ipc::MessageChannel::RefCountedTask::Run() (/home/morbo/hg/firefox/obj-i686-pc-linux-gnu/dist/include/mozilla/ipc/MessageChannel.h:540) #33: mozilla::ipc::MessageChannel::DequeueTask::Run() (/home/morbo/hg/firefox/obj-i686-pc-linux-gnu/dist/include/mozilla/ipc/MessageChannel.h:559) #34: nsThread::ProcessNextEvent(bool, bool*) (/home/morbo/hg/firefox/xpcom/threads/nsThread.cpp:1082) #35: NS_ProcessNextEvent(nsIThread*, bool) (/home/morbo/hg/firefox/xpcom/glue/nsThreadUtils.cpp:290) #36: mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) (/home/morbo/hg/firefox/ipc/glue/MessagePump.cpp:124) ###!!! [Parent][MessageChannel] Error: (msgtype=0x300072,name=PBrowser::Msg_RealMouseMoveEvent) Channel error: cannot send/recv #37: mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) (/home/morbo/hg/firefox/ipc/glue/MessagePump.cpp:301) #38: MessageLoop::RunInternal() (/home/morbo/hg/firefox/ipc/chromium/src/base/message_loop.cc:232) #39: MessageLoop::RunHandler() (/home/morbo/hg/firefox/ipc/chromium/src/base/message_loop.cc:225) #40: MessageLoop::Run() (/home/morbo/hg/firefox/ipc/chromium/src/base/message_loop.cc:205) #41: nsBaseAppShell::Run() (/home/morbo/hg/firefox/widget/nsBaseAppShell.cpp:156) #42: XRE_RunAppShell (/home/morbo/hg/firefox/toolkit/xre/nsEmbedFunctions.cpp:869) #43: mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) (/home/morbo/hg/firefox/ipc/glue/MessagePump.cpp:269) #44: MessageLoop::RunInternal() (/home/morbo/hg/firefox/ipc/chromium/src/base/message_loop.cc:232) #45: MessageLoop::RunHandler() (/home/morbo/hg/firefox/ipc/chromium/src/base/message_loop.cc:225) ###!!! [Parent][MessageChannel] Error: (msgtype=0x300072,name=PBrowser::Msg_RealMouseMoveEvent) Channel error: cannot send/recv #46: MessageLoop::Run() (/home/morbo/hg/firefox/ipc/chromium/src/base/message_loop.cc:205) #47: XRE_InitChildProcess (/home/morbo/hg/firefox/toolkit/xre/nsEmbedFunctions.cpp:701) #48: content_process_main(int, char**) (/home/morbo/hg/firefox/ipc/app/../contentproc/plugin-container.cpp:197) #49: main (/home/morbo/hg/firefox/ipc/app/MozillaRuntimeMain.cpp:18)

This is similar to bug 1292249. nsExternalHelperAppService::GetTypeFromFile vs nsExternalHelperAppService::GetFromTypeAndExtension

Do note that this isnt only about dragging and dropping files. Panning in certain map applications also cause this crash. For example: https://www.mapquest.com/

(In reply to 6lobe from comment #14) > Do note that this isnt only about dragging and dropping files. > > Panning in certain map applications also cause this crash. For example: > https://www.mapquest.com/ Panning is the same as a drag and drop, the crash comes from (almost) the same source: Assertion failure: !XRE_IsContentProcess() (No launching of new processes in the content process.), at /home/morbo/hg/firefox/xpcom/threads/nsProcessCommon.cpp:435 #01: nsProcess::RunProcess(bool, char**, nsIObserver*, bool, bool) (/home/morbo/hg/firefox/xpcom/threads/nsProcessCommon.cpp:434 (discriminator 1)) #02: nsProcess::CopyArgsAndRunProcess(bool, char const**, unsigned int, nsIObserver*, bool) (/home/morbo/hg/firefox/xpcom/threads/nsProcessCommon.cpp:379) #03: nsProcess::Run(bool, char const**, unsigned int) (/home/morbo/hg/firefox/xpcom/threads/nsProcessCommon.cpp:348) #04: nsOSHelperAppService::GetHandlerAndDescriptionFromMailcapFile(nsAString_internal const&, nsAString_internal const&, nsAString_internal const&, nsAString_internal&, nsAString_internal&, nsAString_internal&) (/home/morbo/hg/firefox/uriloader/exthandler/unix/nsOSHelperAppService.cpp:1091) #05: nsOSHelperAppService::DoLookUpHandlerAndDescription(nsAString_internal const&, nsAString_internal const&, nsAString_internal&, nsAString_internal&, nsAString_internal&, bool) (/home/morbo/hg/firefox/uriloader/exthandler/unix/nsOSHelperAppService.cpp:913) #06: nsOSHelperAppService::GetFromType(nsCString const&) (/home/morbo/hg/firefox/uriloader/exthandler/unix/nsOSHelperAppService.cpp:1399) #07: nsOSHelperAppService::GetMIMEInfoFromOS(nsACString_internal const&, nsACString_internal const&, bool*) (/home/morbo/hg/firefox/uriloader/exthandler/unix/nsOSHelperAppService.cpp:1466) #08: nsExternalHelperAppService::GetFromTypeAndExtension(nsACString_internal const&, nsACString_internal const&, nsIMIMEInfo**) (/home/morbo/hg/firefox/uriloader/exthandler/nsExternalHelperAppService.cpp:2636) #09: DragDataProducer::Produce(mozilla::dom::DataTransfer*, bool*, nsISelection**, nsIContent**) (/home/morbo/hg/firefox/dom/base/nsContentAreaDragDrop.cpp:588) #10: nsContentAreaDragDrop::GetDragData(nsPIDOMWindowOuter*, nsIContent*, nsIContent*, bool, mozilla::dom::DataTransfer*, bool*, nsISelection**, nsIContent**) (/home/morbo/hg/firefox/dom/base/nsContentAreaDragDrop.cpp:129)

Comment on attachment 8804393 [details] Bug 1310116 - Allow waitpid but warn on creating processes in content. https://reviewboard.mozilla.org/r/88392/#review87442

https://hg.mozilla.org/integration/mozilla-inbound/rev/15775247c226598e8b00a5229c4f2c20a35b2c3a Bug 1310116 - Allow waitpid but warn on creating processes in content. r=jld