1412275 - null + offset crashes in [@nsHtml5TreeOpExecutor::ContinueInterruptedParsingAsync()]

Status: RESOLVED FIXED

(Core :: DOM: Core & HTML, enhancement)

Description

[Olli Pettay [:smaug][bugs@pettay.fi]]

https://crash-stats.mozilla.com/report/index/e58f8612-b90a-48c9-80a5-30a3b0171027 is an example.
I think the issue is that mElement is somehow null in 
https://hg.mozilla.org/releases/mozilla-beta/annotate/86534d5daeef/dom/script/ScriptLoader.cpp#l2892

I'll look this a bit, and if nothing else, add a null check.

Comment 1

[Olli Pettay [:smaug][bugs@pettay.fi]]

Hmm, this is trickier than I thought. Looks like only preloading doesn't have mElement set, but why do we call ContinueParserAsync on such requests. By mistake?

Comment 2

[Olli Pettay [:smaug][bugs@pettay.fi]]

oh, hmm, maybe this is something else after all. Compilers clearly inline methods here, so a bit hard to follow this all.

Comment 3

[Olli Pettay [:smaug][bugs@pettay.fi]]

mExecutor is null, if I read various crash reports right.

Comment 4

[Olli Pettay [:smaug][bugs@pettay.fi]]

Looks like that may have happened if we've unlinked parser.

Comment 5

[Olli Pettay [:smaug][bugs@pettay.fi]]

Attachment: null_mExecutor.diff

Quick and dirty. Other option is to go through all of the ownership model of parser to see why we get unlinked. But in principle if we end up closing the window or such and spin event loop, that could rather easily lead to this kinds result.

Comment 6

[Pulsebot]

Pushed by opettay@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/9d76daebda99
ensure we have still the executor before trying to continue parsing, r=hsivonen

Comment 7

[Andreea Pavel [:apavel]]

https://hg.mozilla.org/mozilla-central/rev/9d76daebda99