Open
Bug 1567350
Opened 6 years ago
Updated 3 years ago
Assertion failure: mPromise->State() == Promise::PromiseState::Pending, at src/obj-firefox/dist/include/mozilla/FullscreenChange.h:46
Categories
(Core :: DOM: Core & HTML, defect, P3)
Core
DOM: Core & HTML
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox70 | --- | affected |
People
(Reporter: tsmith, Unassigned, NeedInfo)
References
(Blocks 2 open bugs)
Details
(Keywords: assertion, testcase)
Attachments
(2 files)
STR:
- unpack test.zip
- using a fuzzing build, a clean profile and the included prefs.js launch the browser
- open launcher.html
- wait 30 - 45 seconds
I can consistently reproduce the issue with a fuzzing debug build.
Assertion failure: mPromise->State() == Promise::PromiseState::Pending, at src/obj-firefox/dist/include/mozilla/FullscreenChange.h:46
0|0|libxul.so|mozilla::FullscreenChange::MayRejectPromise() const|hg:hg.mozilla.org/mozilla-central:dom/base/FullscreenChange.h:b3f5385fa0b37bca7c46269ff394aca964baec7c|47|0x44
0|1|libxul.so|mozilla::FullscreenRequest::Reject(char const*) const|hg:hg.mozilla.org/mozilla-central:dom/base/FullscreenChange.h:b3f5385fa0b37bca7c46269ff394aca964baec7c|101|0x8
0|2|libxul.so|mozilla::dom::Document::FullscreenElementReadyCheck(mozilla::FullscreenRequest const&)|hg:hg.mozilla.org/mozilla-central:dom/base/Document.cpp:b3f5385fa0b37bca7c46269ff394aca964baec7c|13460|0xf
0|3|libxul.so|mozilla::dom::Document::RequestFullscreen(mozilla::UniquePtr<mozilla::FullscreenRequest, mozilla::DefaultDelete<mozilla::FullscreenRequest> >)|hg:hg.mozilla.org/mozilla-central:dom/base/Document.cpp:b3f5385fa0b37bca7c46269ff394aca964baec7c|13573|0xb
0|4|libxul.so|mozilla::dom::nsCallRequestFullscreen::Run()|hg:hg.mozilla.org/mozilla-central:dom/base/Document.cpp:b3f5385fa0b37bca7c46269ff394aca964baec7c|13225|0x1c
0|5|libxul.so|mozilla::SchedulerGroup::Runnable::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/SchedulerGroup.cpp:b3f5385fa0b37bca7c46269ff394aca964baec7c|295|0x15
0|6|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:b3f5385fa0b37bca7c46269ff394aca964baec7c|1225|0x15
0|7|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:b3f5385fa0b37bca7c46269ff394aca964baec7c|486|0x11
0|8|libxul.so|mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:b3f5385fa0b37bca7c46269ff394aca964baec7c|88|0xa
0|9|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:b3f5385fa0b37bca7c46269ff394aca964baec7c|315|0x17
0|10|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:b3f5385fa0b37bca7c46269ff394aca964baec7c|290|0x8
0|11|libxul.so|nsBaseAppShell::Run()|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:b3f5385fa0b37bca7c46269ff394aca964baec7c|137|0xd
0|12|libxul.so|XRE_RunAppShell()|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:b3f5385fa0b37bca7c46269ff394aca964baec7c|919|0x11
0|13|libxul.so|mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:b3f5385fa0b37bca7c46269ff394aca964baec7c|238|0x5
0|14|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:b3f5385fa0b37bca7c46269ff394aca964baec7c|315|0x17
0|15|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:b3f5385fa0b37bca7c46269ff394aca964baec7c|290|0x8
0|16|libxul.so|XRE_InitChildProcess(int, char**, XREChildData const*)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:b3f5385fa0b37bca7c46269ff394aca964baec7c|754|0xc
0|17|firefox-bin|content_process_main(mozilla::Bootstrap*, int, char**)|hg:hg.mozilla.org/mozilla-central:ipc/contentproc/plugin-container.cpp:b3f5385fa0b37bca7c46269ff394aca964baec7c|56|0x14
0|18|firefox-bin|main|hg:hg.mozilla.org/mozilla-central:browser/app/nsBrowserApp.cpp:b3f5385fa0b37bca7c46269ff394aca964baec7c|267|0x12
0|19|libc-2.27.so||||0x21b97
0|20|firefox-bin|MOZ_ReportCrash|hg:hg.mozilla.org/mozilla-central:mfbt/Assertions.h:b3f5385fa0b37bca7c46269ff394aca964baec7c|184|0x5
|
Reporter | |
Comment 1•6 years ago
|
||
|
||
Updated•6 years ago
|
Priority: -- → P3
|
||
Updated•6 years ago
|
Flags: needinfo?(xidorn+moz)
|
|
||
Comment 2•6 years ago
|
||
That's very interesting... In the attached testcase, I don't even see any "fullscreen" inside.
Could you also provide the JS stack so that we can see what triggers RequestFullscreen?
Flags: needinfo?(twsmith)
|
|
||
Comment 3•6 years ago
|
||
I checked the code again, and I guess the js stack isn't really going to help, so never mind...
Also I double checked the code path, and I can't figure out any case this can reasonably happen, unless the Promise passed out can be resolved by the script somehow...
Flags: needinfo?(twsmith)
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•