Closed
Bug 1356755
Opened 7 years ago
Closed 7 years ago
Crash in nsINode::Slots with NotifyDocumentTree on the stack
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
People
(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
833 bytes,
patch
|
qdot
:
review+
gchang
:
approval-mozilla-aurora+
ritu
:
approval-mozilla-esr52+
|
Details | Diff | Splinter Review |
[Tracking Requested - why for this release]: crasher. This bug was filed from the Socorro interface and is report bp-0e97692b-eb36-43f4-811c-592340170414. ============================================================= Missing null check. mDoc can be null, and we can crash in a few different ways every once in a while: <https://crash-stats.mozilla.com/signature/?product=Firefox&signature=nsINode%3A%3ASlots&date=%3E%3D2017-04-08T04%3A45%3A00.000Z&date=%3C2017-04-15T04%3A45%3A00.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_sort=-date&page=1#reports>
Assignee | ||
Comment 1•7 years ago
|
||
Attachment #8858477 -
Flags: review?(kyle)
Assignee | ||
Updated•7 years ago
|
Blocks: 508482
Keywords: regression
Updated•7 years ago
|
Attachment #8858477 -
Flags: review?(kyle) → review+
Pushed by eakhgari@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/7c9e059fe6da Don't pass a null pointer to NotifyDocumentTree(); r=qdot
Assignee | ||
Comment 3•7 years ago
|
||
Comment on attachment 8858477 [details] [diff] [review] Don't pass a null pointer to NotifyDocumentTree() Approval Request Comment [Feature/Bug causing the regression]: Bug 508482 [User impact if declined]: Crash [Is this code covered by automated tests?]: No, there is no test case for the crash. [Has the fix been verified in Nightly?]: No, but it's a simple null check. [Needs manual test from QE? If yes, steps to reproduce]: No. [List of other uplifts needed for the feature/fix]: None. [Is the change risky?]: No. [Why is the change risky/not risky?]: Simple null check. [String changes made/needed]: None.
Attachment #8858477 -
Flags: approval-mozilla-esr45?
Attachment #8858477 -
Flags: approval-mozilla-beta?
Attachment #8858477 -
Flags: approval-mozilla-aurora?
Comment 4•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/7c9e059fe6da
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
Comment 6•7 years ago
|
||
Comment on attachment 8858477 [details] [diff] [review] Don't pass a null pointer to NotifyDocumentTree() Fix a crash. Aurora54+.
Attachment #8858477 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 7•7 years ago
|
||
Tracking 55+. I assume this will be a won't fix for 53 as we are already well in RC.
Updated•7 years ago
|
Comment 8•7 years ago
|
||
Comment on attachment 8858477 [details] [diff] [review] Don't pass a null pointer to NotifyDocumentTree() I'm going to go out on a limb that the ESR45 request was actually meant for ESR52.
Attachment #8858477 -
Flags: approval-mozilla-esr45? → approval-mozilla-esr52?
Comment 9•7 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-aurora/rev/d68c89ad6e51
Comment 10•7 years ago
|
||
Too late to land this in 53. This is also a very low frequency crash, 3 crashes each on release and ESR in a week.
Updated•7 years ago
|
status-firefox-esr52:
--- → affected
Comment 11•7 years ago
|
||
Comment on attachment 8858477 [details] [diff] [review] Don't pass a null pointer to NotifyDocumentTree() Per comment 10.
Attachment #8858477 -
Flags: approval-mozilla-beta?
Comment on attachment 8858477 [details] [diff] [review] Don't pass a null pointer to NotifyDocumentTree() There were 0 instances of this crash on ESR52 in the past 7 days, however since the patch is super simple, it doesn't hurt to uplift it. ESR52.2+
Attachment #8858477 -
Flags: approval-mozilla-esr52? → approval-mozilla-esr52+
Comment 13•7 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-esr52/rev/4a3fce67b52d
Updated•7 years ago
|
Crash Signature: [@ nsINode::Slots] → [@ nsINode::Slots | mozilla::dom::Element::SetSMILOverrideStyleDeclaration]
Comment 14•7 years ago
|
||
The signature changed because of bug 1356756.
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•