Open Bug 1790526 Opened 2 years ago Updated 1 year ago

src/toolkit/components/sessionstore/SessionStoreParent.cpp:281:47: runtime error: member call on null pointer of type 'mozilla::dom::BrowsingContext'

Categories

(Core :: Storage: localStorage & sessionStorage, defect, P3)

Product:
Core
Component:
Storage: localStorage & sessionStorage
Type:
defect

Tracking

()

Status:
ASSIGNED
Tracking Flags:
Tracking Status
firefox-esr115 --- affected
firefox106 --- wontfix
firefox114 --- wontfix
firefox115 --- affected
firefox116 --- affected

People

(Reporter: tsmith, Assigned: peterv)

References

(Blocks 2 open bugs)

Details

(Keywords: csectype-nullptr, testcase)

Attachments

(1 file)

testcase.html
(deleted), text/html
Details
Attached file testcase.html (deleted) —

This was found by enabling the null check in UBSan and running attached tests.

To enable this check add the following to your mozconfig:

ac_add_options --enable-undefined-sanitizer="null"

src/toolkit/components/sessionstore/SessionStoreParent.cpp:281:47: runtime error: member call on null pointer of type 'mozilla::dom::BrowsingContext'
    #0 0x7f767a3bb1f3 in mozilla::dom::SessionStoreParent::RecvIncrementalSessionStoreUpdate(mozilla::dom::MaybeDiscarded<mozilla::dom::BrowsingContext> const&, mozilla::Maybe<mozilla::dom::sessionstore::FormData> const&, mozilla::Maybe<nsPoint> const&, unsigned int) src/toolkit/components/sessionstore/SessionStoreParent.cpp:281:47
    #1 0x7f767a3d0974 in mozilla::dom::PSessionStoreParent::OnMessageReceived(IPC::Message const&) src/objdir-ff-ubsan/ipc/ipdl/PSessionStoreParent.cpp:297:86
    #2 0x7f7673f2400b in mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) src/objdir-ff-ubsan/ipc/ipdl/PContentParent.cpp:6621:32
    #3 0x7f766ccd1579 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) src/ipc/glue/MessageChannel.cpp:1756:25
    #4 0x7f766cccd8a1 in mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::UniquePtr<IPC::Message, mozilla::DefaultDelete<IPC::Message> >) src/ipc/glue/MessageChannel.cpp:1681:9
    #5 0x7f766ccce97a in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1481:3
    #6 0x7f766cccfd71 in mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1579:14
    #7 0x7f766b31f60e in mozilla::RunnableTask::Run() src/xpcom/threads/TaskController.cpp:538:16
    #8 0x7f766b2d6d6f in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:851:26
    #9 0x7f766b2d3937 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:683:15
    #10 0x7f766b2d419b in mozilla::TaskController::ProcessPendingMTTask(bool) src/xpcom/threads/TaskController.cpp:461:36
    #11 0x7f766b30b079 in mozilla::TaskController::InitializeInternal()::$_0::operator()() const src/xpcom/threads/TaskController.cpp:187:37
    #12 0x7f766b30b079 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_0>::Run() src/objdir-ff-ubsan/dist/include/nsThreadUtils.h:531:5
    #13 0x7f766b2f50ba in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1205:16
    #14 0x7f766b2fe8d8 in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:465:10
    #15 0x7f766ccd9f7f in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:85:21
    #16 0x7f766cb2cc64 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:381:10
    #17 0x7f766cb2cc64 in MessageLoop::RunHandler() src/ipc/chromium/src/base/message_loop.cc:374:3
    #18 0x7f766cb2cc64 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:356:3
    #19 0x7f7674b7e52c in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:150:27
    #20 0x7f767a3f471a in nsAppStartup::Run() src/toolkit/components/startup/nsAppStartup.cpp:295:30
    #21 0x7f767a65bb8b in XREMain::XRE_mainRun() src/toolkit/xre/nsAppRunner.cpp:5720:22
    #22 0x7f767a65dceb in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:5913:8
    #23 0x7f767a65eacb in XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:5969:21
    #24 0x5632ed455c4e in do_main(int, char**, char**) src/browser/app/nsBrowserApp.cpp:226:22
    #25 0x5632ed454d0d in main src/browser/app/nsBrowserApp.cpp:430:16
    #26 0x7f7699030c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
    #27 0x5632ed394bd8 in _start (src/objdir-ff-ubsan/dist/bin/firefox+0x10abd8) (BuildId: 2b7f725cc2c422ad43d4caa97d841bcb74b001b7)
Flags: in-testsuite?

Looks like a regression from bug 1739450 ?

Flags: needinfo?(peterv)
Assignee: nobody → peterv
Status: NEW → ASSIGNED
Flags: needinfo?(peterv)
Severity: -- → S3
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: