28.3.0 segfault when using <browser> xul tag

Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
rfordinal

28.3.0 segfault when using <browser> xul tag

Unread post by rfordinal » 2019-01-17, 19:57

Palemoon is segfaulting (only in new version 28.3.0) on all platforms when in xul document (or addon) is used <browser> tag or <html:iframe> with specific content.
Same content is not crashing when loaded in address bar.

Example:

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>

<window
	title="Crash"
	orient="horizontal"
	xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
	xmlns:html="http://www.w3.org/1999/xhtml"
	onload="">

	<vbox flex="1">
		
		<hbox flex="1">
			
			<vbox width="600" style="background: white">
				
				<box id="editor" flex="1"></box>
				<!-- same crash
				<browser src="https://content.jwplatform.com/players/6FlorC2y-Lj28GxV4.html" />
				-->
				<button oncommand="fnc_crash()" label="crash!" />

			</vbox>
			
		</hbox>
		
	</vbox>
	
	<script><![CDATA[

		var editor = document.getElementById("editor");

		var doc = document.implementation.createDocument("http://www.w3.org/1999/xhtml", "iframe" , null);
			doc = doc.firstChild;
			doc.setAttribute('xmlns', 'http://www.w3.org/1999/xhtml');
			doc.setAttribute('flex', '1');
		
		editor.appendChild(doc);

		function fnc_crash()
		{
			doc.contentWindow.document.body.innerHTML = '<p>text</p><iframe src="https://content.jwplatform.com/players/6FlorC2y-Lj28GxV4.html" scrolling="auto" allowfullscreen="" frameborder="0" height="327" width="580"></iframe>';
		}
	]]></script>

</window>

vannilla
Moon Magic practitioner
Moon Magic practitioner
Posts: 2183
Joined: 2018-05-05, 13:29

Re: 28.3.0 segfault when using <browser> xul tag

Unread post by vannilla » 2019-01-17, 21:06

I can confirm the crash with the address in the example.
However, using a different website resulted in no crashes (I only tested with one different address, so I don't know if it works for everything else.)

rfordinal

Re: 28.3.0 segfault when using <browser> xul tag

Unread post by rfordinal » 2019-01-17, 21:19

yes it depends on used address. mostly embeds with videoplays.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35475
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: 28.3.0 segfault when using <browser> xul tag

Unread post by Moonchild » 2019-01-18, 03:51

Can you provide exact steps how you used the PoC to crash the browser, please?

Tracking in Issue #934 (UXP)
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35475
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: 28.3.0 segfault when using <browser> xul tag

Unread post by Moonchild » 2019-01-18, 04:01

Since others have reported some similar stability issues, can you please see if setting dom.intersectionobserver.enabled to false fixes your crashes? It's very well possible there's still some crashiness to be fixed in this feature.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

rfordinal

Re: 28.3.0 segfault when using <browser> xul tag

Unread post by rfordinal » 2019-01-18, 07:50

Yes, when i set dom.intersectionobserver.enabled to false, the crashing stopped.

vannilla
Moon Magic practitioner
Moon Magic practitioner
Posts: 2183
Joined: 2018-05-05, 13:29

Re: 28.3.0 segfault when using <browser> xul tag

Unread post by vannilla » 2019-01-18, 11:09

Moonchild wrote:Can you provide exact steps how you used the PoC to crash the browser, please?

Tracking in Issue #934 (UXP)
It seems to be really an issue with the intersection observer, but for completeness I'm going to list the steps I did to make it crash (redundant information is better than no informations most of the time):

This bug isn't specific to Windows. I use Linux and it crashes.
I created an addon (a simple install.rdf with a chrome.manifest listing only the content directory) and installed it on a new profile.
From within the browser console, I called

Code: Select all

window.open('chrome://test/content/test.xul', 'test', 'chrome');
I then get a segmentation fault when the page is loaded.

rfordinal

Re: 28.3.0 segfault when using <browser> xul tag

Unread post by rfordinal » 2019-01-18, 11:30

Steps to reproduce
  • # create empty addon
    # add .xul file from description
    # open that file with chrome:// uri or as part of addon
    # click to "crash" button

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35475
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: 28.3.0 segfault when using <browser> xul tag

Unread post by Moonchild » 2019-01-19, 19:40

The latest unstable has a fix in that should prevent these crashes.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked