Closed
Bug 851392
Opened 12 years ago
Closed 11 years ago
"ASSERTION: Should be inner window" with mutation event recursion
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 852436
| Tracking | Status | |
|---|---|---|
| firefox20 | --- | unaffected |
| firefox21 | --- | unaffected |
| firefox22 | --- | affected |
| firefox-esr17 | --- | unaffected |
| b2g18 | --- | unaffected |
People
(Reporter: jruderman, Assigned: emk)
References
Details
(4 keywords, Whiteboard: "'IsExceptionPending' checks are a sign of trouble" --mrbkap)
Attachments
(2 files)
###!!! ASSERTION: Should be inner window.: 'win->IsInnerWindow()', file dom/base/nsDOMClassInfo.cpp, line 3599
Assertion failure: win->IsInnerWindow(), at dom/base/nsDOMClassInfo.cpp:1478
|
Reporter | |
Comment 1•12 years ago
|
||
|
|
Reporter | |
Comment 2•12 years ago
|
||
Bisection points at http://hg.mozilla.org/mozilla-central/rev/5d58b6d250d5 but I bet that just perturbed the point at which the JS_CHECK_RECURSION fails.
|
||
Comment 3•12 years ago
|
||
Peter: is this assertion an indication of a security problem (usually inner/outer window confusion is) and if so how bad?
Flags: needinfo?(peterv)
|
||
Comment 4•12 years ago
|
||
I'm not sure what happens next, we probably try to wrap the inner in an XPCWrappedNative. But given that we failed to wrap already that might fail too?
Could this be a regression from bug 848339? It seem to me that if nsGlobalWindow::WrapObject fails (at http://mxr.mozilla.org/mozilla-central/source/js/xpconnect/src/XPCConvert.cpp#841) but doesn't set an exception then we won't return early like we used to, but instead try to construct a slim wrapper.
Flags: needinfo?(peterv)
|
||
Comment 5•12 years ago
|
||
This is almost certainly a regression from bug 848339. Reading through the code, I don't understand why it's OK for WrapObject to return null... It seems like the parameter wasn't as vestigial as previously thought. In general "IsExceptionPending" checks are a sign of trouble.
|
||
Updated•12 years ago
|
status-b2g18:
--- → unaffected
status-firefox20:
--- → unaffected
status-firefox21:
--- → unaffected
status-firefox22:
--- → affected
status-firefox-esr17:
--- → unaffected
|
|
||
Updated•12 years ago
|
Assignee: nobody → VYV03354
Blocks: 848339
Keywords: regression
Whiteboard: "'IsExceptionPending' checks are a sign of trouble" --mrbkap
|
|
||
Comment 6•12 years ago
|
||
The patch in bug 852436 fixes this testcase as well.
|
||
Comment 7•11 years ago
|
||
(In reply to Blake Kaplan (:mrbkap) from comment #6)
> The patch in bug 852436 fixes this testcase as well.
Is this fixed then?
Matt, could you verify this is fixed?
Flags: needinfo?(mwobensmith)
|
||
Comment 8•11 years ago
|
||
I see no such assertion in today's nightly m-c.
Should we close it, or mark it as a dupe of bug 852436?
Flags: needinfo?(mwobensmith)
|
|
||
Comment 9•11 years ago
|
||
Thanks, Matt!
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
|
|
||
Updated•11 years ago
|
Group: core-security
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•