Closed Bug 1336414 Opened 7 years ago Closed 7 years ago

Crash in mozilla::HTMLEditRules::RemoveEmptyNodes or mozilla::HTMLEditor::RemoveEmptyNodesIn

Categories

(Core :: DOM: Editor, defect)

Product:
Core
Component:
DOM: Editor
Version:
50 Branch
Platform:
Unspecified
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1270235
Tracking Flags:
Tracking Status
firefox51 --- wontfix
firefox52 --- affected
firefox53 --- affected
firefox54 --- affected

People

(Reporter: philipp, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-8f74afbe-20ab-48b5-9ed7-eec0f2161116.
=============================================================
Crashing Thread (0)
Frame 	Module 	Signature 	Source
0 	XUL 	mozilla::HTMLEditRules::RemoveEmptyNodes() 	mfbt/RefPtr.h:37
1 	XUL 	mozilla::HTMLEditRules::AfterEditInner(EditAction, short) 	editor/libeditor/HTMLEditRules.cpp:474
2 	XUL 	mozilla::HTMLEditRules::AfterEdit(EditAction, short) 	editor/libeditor/HTMLEditRules.cpp:391
3 	XUL 	mozilla::HTMLEditor::EndOperation() 	editor/libeditor/HTMLEditor.cpp:3499
4 	XUL 	mozilla::TextEditor::InsertText(nsAString_internal const&) 	editor/libeditor/EditorUtils.h:138
5 	XUL 	mozilla::TextEditor::TypedText(nsAString_internal const&, mozilla::TextEditor::ETypingAction) 	editor/libeditor/TextEditor.cpp:431
6 	XUL 	mozilla::HTMLEditor::HandleKeyPressEvent(nsIDOMKeyEvent*) 	editor/libeditor/HTMLEditor.cpp:1054
7 	XUL 	mozilla::EditorEventListener::KeyPress(nsIDOMKeyEvent*) 	editor/libeditor/EditorEventListener.cpp:609
8 	XUL 	mozilla::EditorEventListener::HandleEvent(nsIDOMEvent*) 	editor/libeditor/EditorEventListener.cpp:407
9 	XUL 	mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, nsIDOMEvent*, mozilla::dom::EventTarget*) 	dom/events/EventListenerManager.cpp:1133
10 	XUL 	mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent**, mozilla::dom::EventTarget*, nsEventStatus*) 	dom/events/EventListenerManager.cpp:1286
11 	XUL 	mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) 	dom/events/EventDispatcher.cpp:401
12 	XUL 	mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) 	dom/events/EventDispatcher.cpp:429
13 	XUL 	mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) 	dom/events/EventDispatcher.cpp:711
14 	XUL 	PresShell::HandleKeyboardEvent(nsINode*, mozilla::WidgetKeyboardEvent&, bool, nsEventStatus*, mozilla::EventDispatchingCallback*) 	layout/base/nsPresShell.cpp:7228
15 	XUL 	PresShell::DispatchEventToDOM(mozilla::WidgetEvent*, nsEventStatus*, nsPresShellEventCB*) 	layout/base/nsPresShell.cpp:8317
16 	XUL 	PresShell::HandleEventInternal(mozilla::WidgetEvent*, nsEventStatus*, bool) 	layout/base/nsPresShell.cpp:8194
17 	XUL 	PresShell::HandleEvent(nsIFrame*, mozilla::WidgetGUIEvent*, bool, nsEventStatus*, nsIContent**) 	layout/base/nsPresShell.cpp:7903
18 	XUL 	nsViewManager::DispatchEvent(mozilla::WidgetGUIEvent*, nsView*, nsEventStatus*) 	view/nsViewManager.cpp:815
19 	XUL 	nsView::HandleEvent(mozilla::WidgetGUIEvent*, bool) 	view/nsView.cpp:1117
20 	XUL 	mozilla::widget::PuppetWidget::DispatchEvent(mozilla::WidgetGUIEvent*, nsEventStatus&) 	widget/PuppetWidget.cpp:356
21 	XUL 	<name omitted> 	gfx/layers/apz/util/APZCCallbackHelper.cpp:471
22 	XUL 	mozilla::dom::TabChild::RecvRealKeyEvent(mozilla::WidgetKeyboardEvent const&, mozilla::dom::MaybeNativeKeyBinding const&) 	dom/ipc/TabChild.cpp:2107
23 	XUL 	non-virtual thunk to mozilla::dom::TabChild::RecvRealKeyEvent(mozilla::WidgetKeyboardEvent const&, mozilla::dom::MaybeNativeKeyBinding const&) 	dom/ipc/TabChild.cpp:2084
24 	XUL 	mozilla::dom::PBrowserChild::OnMessageReceived(IPC::Message const&) 	obj-firefox/x86_64/ipc/ipdl/PBrowserChild.cpp:3723
25 	XUL 	mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) 	ipc/glue/MessageChannel.cpp:1662
26 	XUL 	mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) 	ipc/glue/MessageChannel.cpp:1600
27 	XUL 	mozilla::ipc::MessageChannel::OnMaybeDequeueOne() 	ipc/glue/MessageChannel.cpp:1567
28 	XUL 	mozilla::detail::RunnableMethodImpl<bool (mozilla::ipc::MessageChannel::*)(), false, true>::Run 	xpcom/glue/nsThreadUtils.h:729
29 	XUL 	mozilla::ipc::MessageChannel::DequeueTask::Run() 	ipc/glue/MessageChannel.h:540
30 	XUL 	nsThread::ProcessNextEvent(bool, bool*) 	xpcom/threads/nsThread.cpp:1067
31 	XUL 	NS_ProcessPendingEvents(nsIThread*, unsigned int) 	xpcom/glue/nsThreadUtils.cpp:232
32 	XUL 	nsBaseAppShell::NativeEventCallback() 	widget/nsBaseAppShell.cpp:97
33 	XUL 	nsAppShell::ProcessGeckoEvents(void*) 	widget/cocoa/nsAppShell.mm:386
Ø 34 	CoreFoundation 	CoreFoundation@0xaa7e0 	
Ø 35 	CoreFoundation 	CoreFoundation@0x89f1b 	
Ø 36 	CoreFoundation 	CoreFoundation@0x8943e 	
Ø 37 	CoreFoundation 	CoreFoundation@0x88e37 	
38 	HIToolbox 	RunCurrentEventLoopInMode 	
39 	HIToolbox 	ReceiveNextEventCommon 	
40 	HIToolbox 	_BlockUntilNextEventMatchingListInModeWithFilter 	
41 	AppKit 	_DPSNextEvent 	
42 	AppKit 	-[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] 	
43 	XUL 	-[GeckoNSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] 	widget/cocoa/nsAppShell.mm:121
44 	AppKit 	-[NSApplication run] 	
45 	XUL 	nsAppShell::Run() 	widget/cocoa/nsAppShell.mm:660
46 	XUL 	XRE_RunAppShell 	toolkit/xre/nsEmbedFunctions.cpp:875
47 	XUL 	MessageLoop::Run() 	ipc/chromium/src/base/message_loop.cc:232
48 	XUL 	XRE_InitChildProcess 	toolkit/xre/nsEmbedFunctions.cpp:705
49 	plugin-container 	content_process_main(int, char**) 	ipc/contentproc/plugin-container.cpp:197
50 	plugin-container 	start

this crash signature on OS X is regressing since firefox 50 and in subsequent builds. user comments generally mention they were putting in text into web forms and crash reports commonly (90%+) show that the grammarly extension was installed.
Component: General → Editor
From the crash report above:

User Comments:

This is the line that's causing the thing:

span.textContent = content.replace(" ", String.fromCharCode(160));
The first occurrences of this signature were when Fx50 was on Aurora back in mid-August of last year. Which lines up suspiciously with bug 1260651. Is it possible this bug is a signature change of an earlier crash?
Flags: needinfo?(madperson)
you are right - this seems like a continuation of bug 1270235!
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(madperson)
Keywords: regression
Resolution: --- → DUPLICATE
Crash Signature: [@ mozilla::HTMLEditRules::RemoveEmptyNodes] → [@ mozilla::HTMLEditRules::RemoveEmptyNodes] [@ mozilla::HTMLEditor::RemoveEmptyNodesIn]
Summary: Crash in mozilla::HTMLEditRules::RemoveEmptyNodes → Crash in mozilla::HTMLEditRules::RemoveEmptyNodes or mozilla::HTMLEditor::RemoveEmptyNodesIn
You need to log in before you can comment on or make changes to this bug.