Closed
Bug 1412275
Opened 7 years ago
Closed 7 years ago
null + offset crashes in [@nsHtml5TreeOpExecutor::ContinueInterruptedParsingAsync()]
Categories
(Core :: DOM: Core & HTML, enhancement)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla58
Tracking | Status | |
---|---|---|
firefox58 | --- | fixed |
People
(Reporter: smaug, Assigned: smaug)
Details
Attachments
(1 file)
790 bytes,
patch
|
hsivonen
:
review+
|
Details | Diff | Splinter Review |
https://crash-stats.mozilla.com/report/index/e58f8612-b90a-48c9-80a5-30a3b0171027 is an example. I think the issue is that mElement is somehow null in https://hg.mozilla.org/releases/mozilla-beta/annotate/86534d5daeef/dom/script/ScriptLoader.cpp#l2892 I'll look this a bit, and if nothing else, add a null check.
Assignee | ||
Comment 1•7 years ago
|
||
Hmm, this is trickier than I thought. Looks like only preloading doesn't have mElement set, but why do we call ContinueParserAsync on such requests. By mistake?
Assignee | ||
Comment 2•7 years ago
|
||
oh, hmm, maybe this is something else after all. Compilers clearly inline methods here, so a bit hard to follow this all.
Assignee | ||
Comment 3•7 years ago
|
||
mExecutor is null, if I read various crash reports right.
Assignee | ||
Comment 4•7 years ago
|
||
Looks like that may have happened if we've unlinked parser.
Assignee | ||
Comment 5•7 years ago
|
||
Quick and dirty. Other option is to go through all of the ownership model of parser to see why we get unlinked. But in principle if we end up closing the window or such and spin event loop, that could rather easily lead to this kinds result.
Attachment #8924270 -
Flags: review?(hsivonen)
Updated•7 years ago
|
Attachment #8924270 -
Flags: review?(hsivonen) → review+
Pushed by opettay@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/9d76daebda99 ensure we have still the executor before trying to continue parsing, r=hsivonen
Comment 7•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/9d76daebda99
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox58:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•