Closed
Bug 292970
Opened 20 years ago
Closed 2 years ago
Firing restore events can reenter nsDocShell::RestorePresentation
Categories
(Core :: DOM: Navigation, defect)
Core
DOM: Navigation
Tracking
()
RESOLVED
WORKSFORME
mozilla1.9alpha1
People
(Reporter: bzbarsky, Unassigned)
References
Details
Attachments
(1 file)
|
(deleted),
text/html
|
Details |
Firing restore events can trigger code that changes the URI in the docshell or
triggers history traversals.
That would synchronously reenter nsDocShell::RestorePresentation and probably
make the docshell somewhat confused.
|
Reporter | |
Updated•20 years ago
|
Blocks: blazinglyfastback
|
||
Comment 1•19 years ago
|
||
I think this could apply to the following events that can be fired during restore:
pageshow
resize
DOMLinkAdded
|
|
Reporter | |
Comment 2•19 years ago
|
||
Do we still have a sync reentry here now that we're doing at least part of
RestorePresentation async?
|
|
||
Comment 3•19 years ago
|
||
I think it might still be possible to do this, but via the PageHide event.
|
|
||
Comment 4•19 years ago
|
||
I think this confuses us. If I do the following:
1. Start firefox, go to google.com
2. Load the attached testcase
3. Type mozilla.org into the urlbar and hit enter
I get a whole slew of bad assertions on the console, and the result is that
google.com appears, and the throbber spins continuously. Here is the console
log:
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
/builds/mozilla/bfcache/mozilla/dom/src/base/nsGlobalWindow.cpp, line 6119
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
/builds/mozilla/bfcache/mozilla/docshell/base/nsDocShell.cpp, line 5291
###!!! ASSERTION: Overwriting an existing document channel!: '(loadFlags &
nsIChannel::LOAD_REPLACE) || !(mDocumentRequest.get())', file
/builds/mozilla/bfcache/mozilla/uriloader/base/nsDocLoader.cpp, line 497
Break: at file /builds/mozilla/bfcache/mozilla/uriloader/base/nsDocLoader.cpp,
line 497
************************************************************
* Call to xpconnect wrapped JSObject produced this error: *
[Exception... "'Permission denied to set property Window.sf' when calling
method: [nsIDOMEventListener::handleEvent]" nsresult: "0x8057001e
(NS_ERROR_XPC_JS_THREW_STRING)" location: "<unknown>" data: no]
************************************************************
###!!! ASSERTION: subshell not in the map: 'shellContent', file
/builds/mozilla/bfcache/mozilla/docshell/base/nsDocShell.cpp, line 3623
Break: at file /builds/mozilla/bfcache/mozilla/docshell/base/nsDocShell.cpp,
line 3623
WARNING: NS_ENSURE_TRUE(aContent) failed, file
/builds/mozilla/bfcache/mozilla/layout/base/nsFrameManager.cpp, line 338
###!!! ASSERTION: file descriptor not closed: '!mFD', file
/builds/mozilla/bfcache/mozilla/netwerk/cache/src/nsDiskCacheStreams.cpp, line
346
Break: at file
/builds/mozilla/bfcache/mozilla/netwerk/cache/src/nsDiskCacheStreams.cpp, line
346
|
|
||
Comment 5•19 years ago
|
||
This is a tough call, but I think this is unlikely to happen on real web
sites... unless the testcase can be shown to be some kind of security exploit, I
don't think this is high enough priority to make the 1.5 cut at this stage.
Target Milestone: --- → mozilla1.9alpha
Component: History: Session → Document Navigation
QA Contact: history.session → docshell
Mass-removing myself from cc; search for 12b9dfe4-ece3-40dc-8d23-60e179f64ac1 or any reasonable part thereof, to mass-delete these notifications (and sorry!)
|
||
Comment 7•2 years ago
|
||
In the process of migrating remaining bugs to the new severity system, the severity for this bug cannot be automatically determined. Please retriage this bug using the new severity system.
Severity: major → --
Can't repro comment 4.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•