Closed Bug 1270235 Opened 4 years ago Closed 3 years ago
Firefox crashes when typing into removed contentedtiable text node
59 bytes, text/x-review-board-request
59 bytes, text/x-review-board-request
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36 Steps to reproduce: 1. Visit: http://codepen.io/quill/pen/xVmqbE 2. Click on the button 3. Type 'a' (any printable character should do) FF 46.0.1: https://crash-stats.mozilla.com/report/index/7fcb93fc-520c-4e31-a6f8-ae0d62160504 FF 48.0a2: https://crash-stats.mozilla.com/report/index/c9bbb09f-947f-4b7e-b50e-d1f6a2160504 Actual results: Firefox crashes Expected results: Probably nothing since the selection was added to a node that is no longer in the DOM, typing into it should do nothing.
WFM in Fx47b2, 48(2016-05-02) and 49(2016-05-03) on Win10.
Severity: normal → critical
Crash Signature: [@ nsHTMLEditRules::RemoveEmptyNodes ]
Product: Firefox → Core
It does look like it's a Mac only issue. I tried to reproduce on various platforms on Sauce Labs and no issues occur in Windows 7/8/8.1/10 and Linux. The crash can be observed on OSX Mountain Lion , Mavericks , and Yosemite . All were using FF46, except Linux was using FF45.  https://saucelabs.com/beta/tests/f73bce1b010b49719bc80d4d351748cc/watch  https://saucelabs.com/beta/tests/63784922cecf4b64958783ea5bcb48fd/watch  https://saucelabs.com/beta/tests/d765d28db8ba4e7b9ad9157086d2a6b7/watch
User Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101 Firefox/49.0 The issue is indeed reproducible on Mac OS X 10.9 and 10.11 on the Nightly(49.0a1, Build ID 20160510030240) channel as well. The only other mention I can make is that in the case of Nightly, only the tab crashes.
Status: UNCONFIRMED → NEW
Component: Untriaged → Editor
Ever confirmed: true
OS: Unspecified → Mac OS X
Hardware: Unspecified → x86_64
Crash volume for signature 'nsHTMLEditRules::RemoveEmptyNodes': - nightly (version 51): 0 crashes from 2016-08-01. - aurora (version 50): 0 crashes from 2016-08-01. - beta (version 49): 12 crashes from 2016-08-02. - release (version 48): 104 crashes from 2016-07-25. - esr (version 45): 94 crashes from 2016-05-02. Crash volume on the last weeks (Week N is from 08-22 to 08-28): W. N-1 W. N-2 W. N-3 - nightly 0 0 0 - aurora 0 0 0 - beta 2 4 0 - release 27 22 12 - esr 15 3 10 Affected platform: Mac OS X Crash rank on the last 7 days: Browser Content Plugin - nightly - aurora - beta #2016 - release #494 - esr #688
as noted in the other bug, these crash reports have a high correlation (90%+) to the grammarly extension being installed.
Crash Signature: [@ nsHTMLEditRules::RemoveEmptyNodes ] → [@ nsHTMLEditRules::RemoveEmptyNodes ] [@ mozilla::HTMLEditRules::RemoveEmptyNodes ]
regression by bug 1154701
Comment on attachment 8836596 [details] Bug 1270235 - Part 1. Check parent node is null in RemoveEmptyNodes. https://reviewboard.mozilla.org/r/111990/#review113224
Attachment #8836596 - Flags: review?(masayuki) → review+
Comment on attachment 8836597 [details] Bug 1270235 - Part 2. Add test. https://reviewboard.mozilla.org/r/111992/#review113226
Attachment #8836597 - Flags: review?(masayuki) → review+
Pushed by email@example.com: https://hg.mozilla.org/integration/autoland/rev/4d5fe833df04 Part 1. Check parent node is null in RemoveEmptyNodes. r=masayuki https://hg.mozilla.org/integration/autoland/rev/334642cf0c00 Part 2. Add test. r=masayuki
Thanks for tracking this down! Please request Aurora/Beta approval on this when you get a chance.
Comment on attachment 8836596 [details] Bug 1270235 - Part 1. Check parent node is null in RemoveEmptyNodes. Approval Request Comment [Feature/Bug causing the regression]: bug 1154701 [User impact if declined]: Firefox on OSX might crash when typing any character [Is this code covered by automated tests?]: Yes. [Has the fix been verified in Nightly?]: Yes [Needs manual test from QE? If yes, steps to reproduce]: No [List of other uplifts needed for the feature/fix]: No [Is the change risky?]: Too low. [Why is the change risky/not risky?]: Check nullptr only. [String changes made/needed]: No
Comment on attachment 8836596 [details] Bug 1270235 - Part 1. Check parent node is null in RemoveEmptyNodes. Fix a crash on OSX when typing some characters. Aurora53+.
Attachment #8836596 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Attachment #8836597 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment on attachment 8836596 [details] Bug 1270235 - Part 1. Check parent node is null in RemoveEmptyNodes. fix a crash, beta52+
Attachment #8836596 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Attachment #8836597 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Setting qe-verify- based on Makoto's assessment on manual testing needs (Comment 16) and the fact that this fix has automated coverage.
You need to log in before you can comment on or make changes to this bug.