crash in mozilla::dom::XMLDocument::Load(nsAString_internal const&, mozilla::ErrorResult&)

VERIFIED FIXED in Firefox 34

Status

()

defect
--
critical
VERIFIED FIXED
5 years ago
3 months ago

People

(Reporter: lizzard, Assigned: tanvi)

Tracking

({crash})

34 Branch
mozilla36
All
macOS
Points:
---
Dependency tree / graph
Bug Flags:
qe-verify +

Firefox Tracking Flags

(firefox33 unaffected, firefox34+ verified, firefox35+ verified, firefox36+ verified)

Details

(crash signature)

Attachments

(1 attachment)

This bug was filed from the Socorro interface and is 
report bp-42e99446-492a-4599-9f64-99ae22141016.
=============================================================
This crash is showing up in Firefox 34.0b1, 35.0a1, and 36.0a1, only on MacOSX 10.9. It feels too early & not enough data to call it a top crash, but it is #6 for crash signatures showing up for Beta 34 at the moment with 18/723 crashes. 



Crashing thread: 

 0 	XUL 	mozilla::dom::XMLDocument::Load(nsAString_internal const&, mozilla::ErrorResult&) 	obj-firefox/x86_64/dist/include/nsAutoPtr.h
1 	XUL 	mozilla::dom::XMLDocumentBinding::load 	obj-firefox/x86_64/dom/bindings/XMLDocumentBinding.cpp
2 	XUL 	mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*) 	dom/bindings/BindingUtils.cpp
3 	XUL 	js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) 	js/src/jscntxtinlines.h
4 	XUL 	Interpret 	js/src/vm/Interpreter.cpp
5 	XUL 	js::RunScript(JSContext*, js::RunState&) 	js/src/vm/Interpreter.cpp
6 	XUL 	js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
7 	XUL 	js_fun_apply(JSContext*, unsigned int, JS::Value*) 	js/src/jsfun.cpp
8 	XUL 	js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) 	js/src/jscntxtinlines.h
9 	XUL 	js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) 	js/src/vm/Interpreter.cpp
10 	XUL 	js::DirectProxyHandler::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const 	js/src/jsproxy.cpp
Assignee

Comment 2

5 years ago
Attachment #8507224 - Flags: review?(jonas)
Duplicate of this bug: 1085452

Comment 4

5 years ago
[Tracking Requested - why for this release]: beta topcrash
This is currently the #2 top crash for 34.0b1, with 2195/43672 crashes in the last 7 days with the signature [@ nsINode::NodePrincipal()], showing up as a startup crash on Windows.
Crash Signature: [@ mozilla::dom::XMLDocument::Load(nsAString_internal const&, mozilla::ErrorResult&)] → [@ mozilla::dom::XMLDocument::Load(nsAString_internal const&, mozilla::ErrorResult&)] [@ nsINode::NodePrincipal()]
Attachment #8507224 - Flags: review?(jonas) → review+
Assignee

Comment 6

5 years ago
Pushed:
https://hg.mozilla.org/integration/mozilla-inbound/rev/9a425c40daae
Assignee: nobody → tanvi
Status: NEW → ASSIGNED
https://hg.mozilla.org/mozilla-central/rev/9a425c40daae
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
Although this only landed on m-c recently, the fix is really simple. I'd like to get this into beta3 to assess the impact on the status of this bug as the #2 top crash on beta1 (comment 5). Can you submit an uplift request for Beta and Aurora?
Flags: needinfo?(tanvi)
Assignee

Comment 9

5 years ago
Comment on attachment 8507224 [details] [diff] [review]
Bug1084513.patch

Approval Request Comment
[Feature/regressing bug #]: 1057518
[User impact if declined]: Top crasher
[Describe test coverage new/current, TBPL]: None
[Risks and why]: None; this is just a null check
[String/UUID change made/needed]: None
Flags: needinfo?(tanvi)
Attachment #8507224 - Flags: approval-mozilla-aurora?
Assignee

Comment 10

5 years ago
Comment on attachment 8507224 [details] [diff] [review]
Bug1084513.patch

Approval Request Comment
[Feature/regressing bug #]: 1057518
[User impact if declined]: Top crasher
[Describe test coverage new/current, TBPL]: None
[Risks and why]: None; this is jut a null check
[String/UUID change made/needed]: None
Attachment #8507224 - Flags: approval-mozilla-beta?
Comment on attachment 8507224 [details] [diff] [review]
Bug1084513.patch

Beta+
Aurora+
Attachment #8507224 - Flags: approval-mozilla-beta?
Attachment #8507224 - Flags: approval-mozilla-beta+
Attachment #8507224 - Flags: approval-mozilla-aurora?
Attachment #8507224 - Flags: approval-mozilla-aurora+
Assignee

Updated

5 years ago
Keywords: checkin-needed
Flags: qe-verify+
No crashes in Socorro for both signatures after this fix, as it follows: 

for [@ mozilla::dom::XMLDocument::Load(nsAString_internal const&, mozilla::ErrorResult&)] signature:
--- 35.0a2: https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Adom%3A%3AXMLDocument%3A%3ALoad%28nsAString_internal+const%26%2C+mozilla%3A%3AErrorResult%26%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&version=Firefox%3A35.0a2&hang_type=any&date=2014-11-10+07%3A00%3A00&range_value=3#tab-reports 
--- 36.0a1: https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Adom%3A%3AXMLDocument%3A%3ALoad%28nsAString_internal+const%26%2C+mozilla%3A%3AErrorResult%26%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&version=Firefox%3A36.0a1&hang_type=any&date=2014-11-10+07%3A00%3A00&range_value=3#tab-reports 
--- 34.0b: https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Adom%3A%3AXMLDocument%3A%3ALoad%28nsAString_internal+const%26%2C+mozilla%3A%3AErrorResult%26%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&version=Firefox%3A34.0b&hang_type=any&date=2014-11-10+07%3A00%3A00&range_value=3#tab-reports 

for [@ nsINode::NodePrincipal()] signature:
--- 35.0a2: https://crash-stats.mozilla.com/report/list?signature=nsINode%3A%3ANodePrincipal%28%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&version=Firefox%3A35.0a2&hang_type=any&date=2014-11-10+07%3A00%3A00&range_value=3#tab-reports 
--- 36.0a1: https://crash-stats.mozilla.com/report/list?signature=nsINode%3A%3ANodePrincipal%28%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&version=Firefox%3A36.0a1&hang_type=any&date=2014-11-10+07%3A00%3A00&range_value=3#tab-reports 

--- 34.0b: https://crash-stats.mozilla.com/report/list?signature=nsINode%3A%3ANodePrincipal%28%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&version=Firefox%3A34.0b&hang_type=any&date=2014-11-10+07%3A00%3A00&range_value=3#tab-reports - 18 crashes *still* present after this issue was fixed.
 
Tanvi, any idea if those are related?
Status: RESOLVED → VERIFIED
Flags: needinfo?(tanvi)
Assignee

Comment 14

5 years ago
(In reply to Alexandra Lucinet, QA Mentor [:adalucinet] from comment #13)
> --- 34.0b:
> https://crash-stats.mozilla.com/report/
> list?signature=nsINode%3A%3ANodePrincipal%28%29&product=Firefox&query_type=co
> ntains&range_unit=weeks&process_type=any&version=Firefox%3A34.
> 0b&hang_type=any&date=2014-11-10+07%3A00%3A00&range_value=3#tab-reports - 18
> crashes *still* present after this issue was fixed.
>  
> Tanvi, any idea if those are related?


Looks like these are from HTMLMediaElement.  Perhaps another null check was missed?
https://crash-stats.mozilla.com/report/index/ca189039-a252-40c7-aa9a-43aac2141105
Flags: needinfo?(tanvi)
(In reply to Tanvi Vyas [:tanvi] from comment #14)
> Looks like these are from HTMLMediaElement.  Perhaps another null check was
> missed?
> https://crash-stats.mozilla.com/report/index/ca189039-a252-40c7-aa9a-
> 43aac2141105

The latest reports still show the 18 crashes reported by Alexandra a week ago for Beta (3 and older). Does this warrant a new bug to track the remaining crashes, or should we consider this good enough for Beta?
(In reply to Florin Mezei, QA (:FlorinMezei) from comment #15)
> The latest reports still show the 18 crashes reported by Alexandra a week
> ago for Beta (3 and older). Does this warrant a new bug to track the
> remaining crashes, or should we consider this good enough for Beta?

Any thoughts on the above Tanvi?
Flags: needinfo?(tanvi)
Assignee

Comment 17

5 years ago
Hi Florin,

Sorry, I was out last week and hence the delay in response.  Sounds like this is a new and different bug.  My patches didn't touch HTMLMediaElement.  Thanks!
Flags: needinfo?(tanvi)
Thanks Tanvi! Another check today (for the past 4 weeks) shows a rise in crashes with [@ nsINode::NodePrincipal()], but they all seem to be in HTMLMediaElement as you mentioned:
- 36.0a1 (Oct 21 builds and later) - 0 crashes
- 35.0a2 (Oct 23 builds and later) - 6 crashes (all in HTMLMediaElement) - http://bit.ly/1tiSHQ2
- 34.0b - 432 crashes - http://bit.ly/15wJXAV
   * Beta 3 = 3 crashes
   * Beta 4 = 15 crashes
   * Beta 5 = 4 crashes
   * Beta 6 = 5 crashes
   * Beta 7 = 12 crashes
   * Beta 8 = 25 crashes
   * Beta 9 = 122 crashes
   * Beta 10 = 91 crashes
   * Beta 11 = 155 crashes (all in HTMLMediaElement)

The remaining crashes are tracked in bug 761485. Marking this one as verified
Component: DOM → DOM: Core & HTML
Product: Core → Core
You need to log in before you can comment on or make changes to this bug.