Assertion failure: false (MOZ_ASSERT_UNREACHABLE: Could not get DocShell from mFrameLoader?), at src/dom/base/nsObjectLoadingContent.cpp:550 ``` #0 0x7f34dc045157 in nsObjectLoadingContent::SetupDocShell(nsIURI*) src/dom/base/nsObjectLoadingContent.cpp:550:9 #1 0x7f34dc04af73 in nsObjectLoadingContent::LoadObject(bool, bool, nsIRequest*) src/dom/base/nsObjectLoadingContent.cpp:2176:40 #2 0x7f34dc04a1ac in nsObjectLoadingContent::OnStartRequest(nsIRequest*) src/dom/base/nsObjectLoadingContent.cpp:1044:10 #3 0x7f34dab02ef2 in mozilla::net::HttpChannelChild::DoOnStartRequest(nsIRequest*, nsISupports*) src/netwerk/protocol/http/HttpChannelChild.cpp:568:20 #4 0x7f34dab02b3b in mozilla::net::HttpChannelChild::OnStartRequest(mozilla::net::nsHttpResponseHead const&, bool const&, mozilla::net::nsHttpHeaderArray const&, mozilla::net::HttpChannelOnStartRequestArgs const&) src/netwerk/protocol/http/HttpChannelChild.cpp:499:3 #5 0x7f34daccd2bb in mozilla::net::ChannelEventQueue::FlushQueue() src/netwerk/ipc/ChannelEventQueue.cpp:90:12 #6 0x7f34dad01c59 in MaybeFlushQueue /builds/worker/workspace/obj-build/dist/include/mozilla/net/ChannelEventQueue.h:330:5 #7 0x7f34dad01c59 in CompleteResume /builds/worker/workspace/obj-build/dist/include/mozilla/net/ChannelEventQueue.h:309:5 #8 0x7f34dad01c59 in mozilla::net::ChannelEventQueue::ResumeInternal()::CompleteResumeRunnable::Run() src/netwerk/ipc/ChannelEventQueue.cpp:148:17 #9 0x7f34da540f4f in mozilla::RunnableTask::Run() src/xpcom/threads/TaskController.cpp:450:16 #10 0x7f34da53f5ba in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:720:26 #11 0x7f34da53e664 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:579:15 #12 0x7f34da53e817 in mozilla::TaskController::ProcessPendingMTTask(bool) src/xpcom/threads/TaskController.cpp:373:36 #13 0x7f34da544899 in operator() src/xpcom/threads/TaskController.cpp:123:37 #14 0x7f34da544899 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_4>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:577:5 #15 0x7f34da555da7 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1194:14 #16 0x7f34da55be4a in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:513:10 #17 0x7f34dae5a3c4 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:109:5 #18 0x7f34dadc7753 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:334:10 #19 0x7f34dadc766d in RunHandler src/ipc/chromium/src/base/message_loop.cc:327:3 #20 0x7f34dadc766d in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:309:3 #21 0x7f34deaf1868 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27 #22 0x7f34e02efd03 in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:913:20 #23 0x7f34dae5b1d9 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:237:9 #24 0x7f34dadc7753 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:334:10 #25 0x7f34dadc766d in RunHandler src/ipc/chromium/src/base/message_loop.cc:327:3 #26 0x7f34dadc766d in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:309:3 #27 0x7f34e02ef8e8 in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:744:34 #28 0x55ed99055a67 in content_process_main src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28 #29 0x55ed99055a67 in main src/browser/app/nsBrowserApp.cpp:304:18 #30 0x7f34ef5ea0b2 in __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16 #31 0x55ed99033819 in _start (/home/worker/builds/m-c-20201123095316-fuzzing-debug/firefox-bin+0x14819) ```
Bug 1679478 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Found while fuzzing (--enable-debug --enable-fuzzing) Assertion failure: false (MOZ_ASSERT_UNREACHABLE: Could not get DocShell from mFrameLoader?), at src/dom/base/nsObjectLoadingContent.cpp:550 ``` #0 0x7f34dc045157 in nsObjectLoadingContent::SetupDocShell(nsIURI*) src/dom/base/nsObjectLoadingContent.cpp:550:9 #1 0x7f34dc04af73 in nsObjectLoadingContent::LoadObject(bool, bool, nsIRequest*) src/dom/base/nsObjectLoadingContent.cpp:2176:40 #2 0x7f34dc04a1ac in nsObjectLoadingContent::OnStartRequest(nsIRequest*) src/dom/base/nsObjectLoadingContent.cpp:1044:10 #3 0x7f34dab02ef2 in mozilla::net::HttpChannelChild::DoOnStartRequest(nsIRequest*, nsISupports*) src/netwerk/protocol/http/HttpChannelChild.cpp:568:20 #4 0x7f34dab02b3b in mozilla::net::HttpChannelChild::OnStartRequest(mozilla::net::nsHttpResponseHead const&, bool const&, mozilla::net::nsHttpHeaderArray const&, mozilla::net::HttpChannelOnStartRequestArgs const&) src/netwerk/protocol/http/HttpChannelChild.cpp:499:3 #5 0x7f34daccd2bb in mozilla::net::ChannelEventQueue::FlushQueue() src/netwerk/ipc/ChannelEventQueue.cpp:90:12 #6 0x7f34dad01c59 in MaybeFlushQueue /builds/worker/workspace/obj-build/dist/include/mozilla/net/ChannelEventQueue.h:330:5 #7 0x7f34dad01c59 in CompleteResume /builds/worker/workspace/obj-build/dist/include/mozilla/net/ChannelEventQueue.h:309:5 #8 0x7f34dad01c59 in mozilla::net::ChannelEventQueue::ResumeInternal()::CompleteResumeRunnable::Run() src/netwerk/ipc/ChannelEventQueue.cpp:148:17 #9 0x7f34da540f4f in mozilla::RunnableTask::Run() src/xpcom/threads/TaskController.cpp:450:16 #10 0x7f34da53f5ba in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:720:26 #11 0x7f34da53e664 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:579:15 #12 0x7f34da53e817 in mozilla::TaskController::ProcessPendingMTTask(bool) src/xpcom/threads/TaskController.cpp:373:36 #13 0x7f34da544899 in operator() src/xpcom/threads/TaskController.cpp:123:37 #14 0x7f34da544899 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_4>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:577:5 #15 0x7f34da555da7 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1194:14 #16 0x7f34da55be4a in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:513:10 #17 0x7f34dae5a3c4 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:109:5 #18 0x7f34dadc7753 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:334:10 #19 0x7f34dadc766d in RunHandler src/ipc/chromium/src/base/message_loop.cc:327:3 #20 0x7f34dadc766d in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:309:3 #21 0x7f34deaf1868 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27 #22 0x7f34e02efd03 in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:913:20 #23 0x7f34dae5b1d9 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:237:9 #24 0x7f34dadc7753 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:334:10 #25 0x7f34dadc766d in RunHandler src/ipc/chromium/src/base/message_loop.cc:327:3 #26 0x7f34dadc766d in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:309:3 #27 0x7f34e02ef8e8 in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:744:34 #28 0x55ed99055a67 in content_process_main src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28 #29 0x55ed99055a67 in main src/browser/app/nsBrowserApp.cpp:304:18 #30 0x7f34ef5ea0b2 in __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16 #31 0x55ed99033819 in _start (/home/worker/builds/m-c-20201123095316-fuzzing-debug/firefox-bin+0x14819) ```