Closed
Bug 1031303
Opened 10 years ago
Closed 10 years ago
mContext can be null when nsGlobalWindow::SetNewDocument is called.
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla34
People
(Reporter: smaug, Assigned: smaug)
References
Details
Attachments
(3 files)
|
697 bytes,
patch
|
Details | Diff | Splinter Review | |
|
8.69 KB,
patch
|
jst
:
review+
mconley
:
feedback+
|
Details | Diff | Splinter Review |
|
8.75 KB,
patch
|
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
|
Assignee | |
Comment 1•10 years ago
|
||
Looks like we need this fix on Aurora too.
|
|
Assignee | |
Comment 2•10 years ago
|
||
...since it looks like we get these crashes now there.
peterv, bholley, you may have played with this code recently.
|
|
Assignee | |
Updated•10 years ago
|
Flags: needinfo?(peterv)
Flags: needinfo?(bobbyholley)
|
||
Comment 3•10 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #2)
> peterv, bholley, you may have played with this code recently.
I didn't. Peter did, but he's on PTO.
I investigated this a little bit. The basic issue is that we end up invoking ReallyCloseWindow (which invokes CleanUp, but without detaching ourselves from the docshell), and _then_ invoking SetNewDocument from nsDocumentViewer::InitInternal. That code grabs the window via getInterface from the docshell. So we end up invoking nsDocShell::EnsureScriptEnvironment there, but that bails out early because mScriptGlobal is non-null.
It seems like nsGlobalWindow needs do a better job of telling the docshell about what's going on in nsGlobalWindow::ReallyCloseWindow. I think you (smaug) are probably in an equal-or-better position to sort that out than I am, though.
Flags: needinfo?(bobbyholley)
|
|
Assignee | |
Comment 4•10 years ago
|
||
Thanks.
I'll fix the crash in some way.
Assignee: nobody → bugs
Flags: needinfo?(bugs)
|
|
Assignee | |
Comment 5•10 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&rev=d4d7427fc179
Simple fix for the crash.
Flags: needinfo?(bugs)
|
|
Assignee | |
Comment 6•10 years ago
|
||
|
|
Assignee | |
Comment 7•10 years ago
|
||
Comment on attachment 8462774 [details] [diff] [review]
propagate error, non-simple-approach
Mike, want go though the ancient code this is changing :)
I prefer this larger patch so that we don't end up having content viewers
which are sort of initialized, but really aren't.
Attachment #8462774 -
Flags: feedback?(mconley)
|
||
Comment 8•10 years ago
|
||
Comment on attachment 8462774 [details] [diff] [review]
propagate error, non-simple-approach
Review of attachment 8462774 [details] [diff] [review]:
-----------------------------------------------------------------
From my still somewhat limited understanding of what's going on, this looks reasonable.
::: docshell/base/nsDocShell.cpp
@@ +7357,5 @@
> NS_ASSERTION(!mCreatingDocument, "infinite(?) loop creating document averted");
> if (mCreatingDocument)
> return NS_ERROR_FAILURE;
>
> + AutoRestore<bool> creatingDocument(mCreatingDocument);
TIL about AutoRestore. Neat.
::: dom/base/nsGlobalWindow.cpp
@@ +2331,5 @@
> }
>
> NS_PRECONDITION(IsOuterWindow(), "Must only be called on outer windows");
>
> + NS_ENSURE_STATE(!mCleanedUp);
It'd be good to maybe document what the consequences of not ensuring this are.
::: layout/base/nsDocumentViewer.cpp
@@ +1802,4 @@
>
> // Clear the list of old child docshells. Child docshells for the new
> // document will be constructed as frames are created.
> if (!aDocument->IsStaticDocument()) {
This can probably be "else'd" after the conditional in 1798-1801, and maybe chuck the comment inside the else block.
Attachment #8462774 -
Flags: feedback?(mconley) → feedback+
|
|
Assignee | |
Comment 9•10 years ago
|
||
> ::: layout/base/nsDocumentViewer.cpp
> > // Clear the list of old child docshells. Child docshells for the new
> > // document will be constructed as frames are created.
> > if (!aDocument->IsStaticDocument()) {
>
> This can probably be "else'd" after the conditional in 1798-1801, and maybe
> chuck the comment inside the else block.
Indeed.
|
|
Assignee | |
Updated•10 years ago
|
Attachment #8462774 -
Flags: review?(bzbarsky)
|
|
Assignee | |
Updated•10 years ago
|
Attachment #8462774 -
Flags: review?(bzbarsky) → review?(jst)
|
||
Comment 10•10 years ago
|
||
Comment on attachment 8462774 [details] [diff] [review]
propagate error, non-simple-approach
r=jst, and I agree with mconley's feedback here.
Attachment #8462774 -
Flags: review?(jst) → review+
|
|
Assignee | |
Comment 11•10 years ago
|
||
Actually, that else doesn't work.
The first 'if' is about mDocument, the latter aDocument.
(The whole docshell tree item removal is crazy left over code from early
bfcache patches.)
|
|
Assignee | |
Comment 12•10 years ago
|
||
|
|
||
Comment 13•10 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #11)
> Actually, that else doesn't work.
> The first 'if' is about mDocument, the latter aDocument.
>
> (The whole docshell tree item removal is crazy left over code from early
> bfcache patches.)
Ah, my mistake.
|
|
Assignee | |
Comment 14•10 years ago
|
||
|
||
Comment 15•10 years ago
|
||
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla34
|
|
||
Comment 16•10 years ago
|
||
|
||
Updated•10 years ago
|
Flags: needinfo?(peterv)
|
||
Comment 18•10 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #1)
> Looks like we need this fix on Aurora too.
Did this make it to aurora?
|
|
||
Comment 19•10 years ago
|
||
For some more context, this bug was triggering a tart crash that was preventing bug 1039881 from landing on beta. I didn't know about this bug when I added the following line to prevent the tart crash:
> NS_ENSURE_TRUE(GetContextInternal(), NS_ERROR_NOT_INITIALIZED);
bholley suggested getting the fix into nightly and aurora.
|
|
Assignee | |
Comment 20•10 years ago
|
||
Ed, if this fixes a crasher, I think we should certainly take this to Aurora.
Could you ask for approval.
Flags: needinfo?(edilee)
|
|
||
Comment 21•10 years ago
|
||
Comment on attachment 8465718 [details] [diff] [review]
+added comment
Approval Request Comment
[Feature/regressing bug #]: bug 997440
[User impact if declined]: potential crash when doing a newtab background thumbnail; unable to land enhanced tiles on aurora
[Describe test coverage new/current, TBPL]: bug 1026561 landed on nightly without test failures because this bug was fixed, and it'll be uplifted to aurora so it requires this fix
[Risks and why]: smaug?
[String/UUID change made/needed]: none
Attachment #8465718 -
Flags: approval-mozilla-aurora?
Flags: needinfo?(edilee)
|
|
||
Updated•10 years ago
|
|
||
Updated•10 years ago
|
status-firefox33:
--- → affected
status-firefox34:
--- → fixed
|
|
||
Updated•10 years ago
|
Attachment #8465718 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
||
Comment 22•10 years ago
|
||
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•