Closed Bug 1084513 Opened 9 years ago Closed 9 years ago

crash in mozilla::dom::XMLDocument::Load(nsAString_internal const&, mozilla::ErrorResult&)

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
34 Branch
Platform:
All
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla36
Tracking Flags:
Tracking Status
firefox33 --- unaffected
firefox34 + verified
firefox35 + verified
firefox36 + verified

People

(Reporter: lizzard, Assigned: tanvi)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug1084513.patch
1.11 KB, patch
smaug
: review+
lmandel
: approval-mozilla-aurora+
lmandel
: approval-mozilla-beta+
Details | Diff | Splinter Review 
This bug was filed from the Socorro interface and is 
report bp-42e99446-492a-4599-9f64-99ae22141016.
=============================================================
This crash is showing up in Firefox 34.0b1, 35.0a1, and 36.0a1, only on MacOSX 10.9. It feels too early & not enough data to call it a top crash, but it is #6 for crash signatures showing up for Beta 34 at the moment with 18/723 crashes. 



Crashing thread: 

 0 	XUL 	mozilla::dom::XMLDocument::Load(nsAString_internal const&, mozilla::ErrorResult&) 	obj-firefox/x86_64/dist/include/nsAutoPtr.h
1 	XUL 	mozilla::dom::XMLDocumentBinding::load 	obj-firefox/x86_64/dom/bindings/XMLDocumentBinding.cpp
2 	XUL 	mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*) 	dom/bindings/BindingUtils.cpp
3 	XUL 	js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) 	js/src/jscntxtinlines.h
4 	XUL 	Interpret 	js/src/vm/Interpreter.cpp
5 	XUL 	js::RunScript(JSContext*, js::RunState&) 	js/src/vm/Interpreter.cpp
6 	XUL 	js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
7 	XUL 	js_fun_apply(JSContext*, unsigned int, JS::Value*) 	js/src/jsfun.cpp
8 	XUL 	js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) 	js/src/jscntxtinlines.h
9 	XUL 	js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) 	js/src/vm/Interpreter.cpp
10 	XUL 	js::DirectProxyHandler::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const 	js/src/jsproxy.cpp
Attached patch Bug1084513.patchSplinter Review 

        Attachment #8507224 -
        Flags: review?(jonas)

    
    

    
  
[Tracking Requested - why for this release]: beta topcrash

          tracking-firefox34:
          --- → ?

          tracking-firefox35:
          --- → ?

          tracking-firefox36:
          --- → ?

    
    

    
  
This is currently the #2 top crash for 34.0b1, with 2195/43672 crashes in the last 7 days with the signature [@ nsINode::NodePrincipal()], showing up as a startup crash on Windows.
Crash Signature: [@ mozilla::dom::XMLDocument::Load(nsAString_internal const&, mozilla::ErrorResult&)] → [@ mozilla::dom::XMLDocument::Load(nsAString_internal const&, mozilla::ErrorResult&)]
[@ nsINode::NodePrincipal()]

          status-firefox34:
          --- → affected

        Attachment #8507224 -
        Flags: review?(jonas) → review+

    
    

    
  
Pushed:
https://hg.mozilla.org/integration/mozilla-inbound/rev/9a425c40daae
Assignee: nobody → tanvi
Status: NEW → ASSIGNED

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/9a425c40daae
Status: ASSIGNED → RESOLVED
Closed: 9 years ago

          status-firefox36:
          affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla36

    
    

    
  
Although this only landed on m-c recently, the fix is really simple. I'd like to get this into beta3 to assess the impact on the status of this bug as the #2 top crash on beta1 (comment 5). Can you submit an uplift request for Beta and Aurora?
Flags: needinfo?(tanvi)

    
    

    
  
Comment on attachment 8507224 [details] [diff] [review]
Bug1084513.patch

Approval Request Comment
[Feature/regressing bug #]: 1057518
[User impact if declined]: Top crasher
[Describe test coverage new/current, TBPL]: None
[Risks and why]: None; this is just a null check
[String/UUID change made/needed]: None
Flags: needinfo?(tanvi)

        Attachment #8507224 -
        Flags: approval-mozilla-aurora?

    
    

    
  
Comment on attachment 8507224 [details] [diff] [review]
Bug1084513.patch

Approval Request Comment
[Feature/regressing bug #]: 1057518
[User impact if declined]: Top crasher
[Describe test coverage new/current, TBPL]: None
[Risks and why]: None; this is jut a null check
[String/UUID change made/needed]: None

        Attachment #8507224 -
        Flags: approval-mozilla-beta?

    
    

    
  
Comment on attachment 8507224 [details] [diff] [review]
Bug1084513.patch

Beta+
Aurora+

        Attachment #8507224 -
        Flags: approval-mozilla-beta?

        Attachment #8507224 -
        Flags: approval-mozilla-beta+

        Attachment #8507224 -
        Flags: approval-mozilla-aurora?

        Attachment #8507224 -
        Flags: approval-mozilla-aurora+

    
  
Keywords: checkin-needed
Flags: qe-verify+

    
    

    
  
No crashes in Socorro for both signatures after this fix, as it follows: 

for [@ mozilla::dom::XMLDocument::Load(nsAString_internal const&, mozilla::ErrorResult&)] signature:
--- 35.0a2: https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Adom%3A%3AXMLDocument%3A%3ALoad%28nsAString_internal+const%26%2C+mozilla%3A%3AErrorResult%26%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&version=Firefox%3A35.0a2&hang_type=any&date=2014-11-10+07%3A00%3A00&range_value=3#tab-reports 
--- 36.0a1: https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Adom%3A%3AXMLDocument%3A%3ALoad%28nsAString_internal+const%26%2C+mozilla%3A%3AErrorResult%26%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&version=Firefox%3A36.0a1&hang_type=any&date=2014-11-10+07%3A00%3A00&range_value=3#tab-reports 
--- 34.0b: https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Adom%3A%3AXMLDocument%3A%3ALoad%28nsAString_internal+const%26%2C+mozilla%3A%3AErrorResult%26%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&version=Firefox%3A34.0b&hang_type=any&date=2014-11-10+07%3A00%3A00&range_value=3#tab-reports 

for [@ nsINode::NodePrincipal()] signature:
--- 35.0a2: https://crash-stats.mozilla.com/report/list?signature=nsINode%3A%3ANodePrincipal%28%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&version=Firefox%3A35.0a2&hang_type=any&date=2014-11-10+07%3A00%3A00&range_value=3#tab-reports 
--- 36.0a1: https://crash-stats.mozilla.com/report/list?signature=nsINode%3A%3ANodePrincipal%28%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&version=Firefox%3A36.0a1&hang_type=any&date=2014-11-10+07%3A00%3A00&range_value=3#tab-reports 

--- 34.0b: https://crash-stats.mozilla.com/report/list?signature=nsINode%3A%3ANodePrincipal%28%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&version=Firefox%3A34.0b&hang_type=any&date=2014-11-10+07%3A00%3A00&range_value=3#tab-reports - 18 crashes *still* present after this issue was fixed.
 
Tanvi, any idea if those are related?
Status: RESOLVED → VERIFIED

          status-firefox35:
          fixedverified

          status-firefox36:
          fixedverified
Flags: needinfo?(tanvi)

    
    

    
  
(In reply to Alexandra Lucinet, QA Mentor [:adalucinet] from comment #13)
> --- 34.0b:
> https://crash-stats.mozilla.com/report/
> list?signature=nsINode%3A%3ANodePrincipal%28%29&product=Firefox&query_type=co
> ntains&range_unit=weeks&process_type=any&version=Firefox%3A34.
> 0b&hang_type=any&date=2014-11-10+07%3A00%3A00&range_value=3#tab-reports - 18
> crashes *still* present after this issue was fixed.
>  
> Tanvi, any idea if those are related?


Looks like these are from HTMLMediaElement.  Perhaps another null check was missed?
https://crash-stats.mozilla.com/report/index/ca189039-a252-40c7-aa9a-43aac2141105
Flags: needinfo?(tanvi)

    
    

    
  
(In reply to Tanvi Vyas [:tanvi] from comment #14)
> Looks like these are from HTMLMediaElement.  Perhaps another null check was
> missed?
> https://crash-stats.mozilla.com/report/index/ca189039-a252-40c7-aa9a-
> 43aac2141105

The latest reports still show the 18 crashes reported by Alexandra a week ago for Beta (3 and older). Does this warrant a new bug to track the remaining crashes, or should we consider this good enough for Beta?

    
    

    
  
(In reply to Florin Mezei, QA (:FlorinMezei) from comment #15)
> The latest reports still show the 18 crashes reported by Alexandra a week
> ago for Beta (3 and older). Does this warrant a new bug to track the
> remaining crashes, or should we consider this good enough for Beta?

Any thoughts on the above Tanvi?
Flags: needinfo?(tanvi)

    
    

    
  
Hi Florin,

Sorry, I was out last week and hence the delay in response.  Sounds like this is a new and different bug.  My patches didn't touch HTMLMediaElement.  Thanks!
Flags: needinfo?(tanvi)

    
    

    
  
Thanks Tanvi! Another check today (for the past 4 weeks) shows a rise in crashes with [@ nsINode::NodePrincipal()], but they all seem to be in HTMLMediaElement as you mentioned:
- 36.0a1 (Oct 21 builds and later) - 0 crashes
- 35.0a2 (Oct 23 builds and later) - 6 crashes (all in HTMLMediaElement) - http://bit.ly/1tiSHQ2
- 34.0b - 432 crashes - http://bit.ly/15wJXAV
   * Beta 3 = 3 crashes
   * Beta 4 = 15 crashes
   * Beta 5 = 4 crashes
   * Beta 6 = 5 crashes
   * Beta 7 = 12 crashes
   * Beta 8 = 25 crashes
   * Beta 9 = 122 crashes
   * Beta 10 = 91 crashes
   * Beta 11 = 155 crashes (all in HTMLMediaElement)

The remaining crashes are tracked in bug 761485. Marking this one as verified

          status-firefox34:
          fixedverified
Component: DOM → DOM: Core & HTML

          You need to log in
          before you can comment on or make changes to this bug.