Closed Bug 1356755 Opened 7 years ago Closed 7 years ago

Crash in nsINode::Slots with NotifyDocumentTree on the stack

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla55

Tracking Flags:

Tracking

Status

firefox52

---

wontfix

firefox-esr52

---

fixed

firefox53

wontfix

firefox54

fixed

firefox55

fixed

People

(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Don't pass a null pointer to NotifyDocumentTree() 7 years ago (no longer active) 833 bytes, patch	qdot : review+ gchang : approval-mozilla-aurora+ ritu : approval-mozilla-esr52+	Details \| Diff \| Splinter Review

(no longer active)

Assignee

Description

•

7 years ago

[Tracking Requested - why for this release]: crasher.

This bug was filed from the Socorro interface and is 
report bp-0e97692b-eb36-43f4-811c-592340170414.
=============================================================

Missing null check.  mDoc can be null, and we can crash in a few different ways every once in a while: <https://crash-stats.mozilla.com/signature/?product=Firefox&signature=nsINode%3A%3ASlots&date=%3E%3D2017-04-08T04%3A45%3A00.000Z&date=%3C2017-04-15T04%3A45%3A00.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_sort=-date&page=1#reports>

(no longer active)

Assignee

Comment 1

•

7 years ago

Attached patch Don't pass a null pointer to NotifyDocumentTree() — Details — Splinter Review

Attachment #8858477 - Flags: review?(kyle)

(no longer active)

Assignee

Updated

•

7 years ago

Blocks: 508482

Keywords: regression

Kyle Machulis [:qdot] [:kmachulis] (INACTIVE)

Updated

•

7 years ago

Attachment #8858477 - Flags: review?(kyle) → review+

Pulsebot

Comment 2

•

7 years ago

Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/7c9e059fe6da
Don't pass a null pointer to NotifyDocumentTree(); r=qdot

(no longer active)

Assignee

Comment 3

•

7 years ago

Comment on attachment 8858477 [details] [diff] [review]
Don't pass a null pointer to NotifyDocumentTree()

Approval Request Comment
[Feature/Bug causing the regression]: Bug 508482
[User impact if declined]: Crash
[Is this code covered by automated tests?]: No, there is no test case for the crash.
[Has the fix been verified in Nightly?]: No, but it's a simple null check.
[Needs manual test from QE? If yes, steps to reproduce]: No.
[List of other uplifts needed for the feature/fix]: None.
[Is the change risky?]: No.
[Why is the change risky/not risky?]: Simple null check.
[String changes made/needed]: None.

Attachment #8858477 - Flags: approval-mozilla-esr45?

Attachment #8858477 - Flags: approval-mozilla-beta?

Attachment #8858477 - Flags: approval-mozilla-aurora?

Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)

Comment 4

•

7 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/7c9e059fe6da

Status: NEW → RESOLVED

Closed: 7 years ago

status-firefox55: affected → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla55

Gerry Chang [:gchang]

Comment 5

•

7 years ago

Track 54+ as crash.

tracking-firefox54: ? → +

Gerry Chang [:gchang]

Comment 6

•

7 years ago

Comment on attachment 8858477 [details] [diff] [review]
Don't pass a null pointer to NotifyDocumentTree()

Fix a crash. Aurora54+.

Attachment #8858477 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+

Marcia Knous [:marcia]

Comment 7

•

7 years ago

Tracking 55+. I assume this will be a won't fix for 53 as we are already well in RC.

Marcia Knous [:marcia]

Updated

•

7 years ago

tracking-firefox55: ? → +

Ryan VanderMeulen [:RyanVM]

Comment 8

•

7 years ago

Comment on attachment 8858477 [details] [diff] [review]
Don't pass a null pointer to NotifyDocumentTree()

I'm going to go out on a limb that the ESR45 request was actually meant for ESR52.

Attachment #8858477 - Flags: approval-mozilla-esr45? → approval-mozilla-esr52?

Ryan VanderMeulen [:RyanVM]

Comment 9

•

7 years ago

bugherder uplift

https://hg.mozilla.org/releases/mozilla-aurora/rev/d68c89ad6e51

status-firefox54: affected → fixed

Liz Henry (:lizzard) (relman/hg->git project)

Comment 10

•

7 years ago

Too late to land this in 53. This is also a very low frequency crash, 3 crashes each on release and ESR in a week.

status-firefox52: affected → wontfix

status-firefox53: affected → wontfix

tracking-firefox53: ? → -

Ryan VanderMeulen [:RyanVM]

Updated

•

7 years ago

status-firefox-esr52: --- → affected

Ryan VanderMeulen [:RyanVM]

Comment 11

•

7 years ago

Comment on attachment 8858477 [details] [diff] [review]
Don't pass a null pointer to NotifyDocumentTree()

Per comment 10.

Attachment #8858477 - Flags: approval-mozilla-beta?

Ritu Kothari (:ritu) (Inactive, please n-i to RyanVM, jcristau, or pascal)

Comment 12

•

7 years ago

Comment on attachment 8858477 [details] [diff] [review]
Don't pass a null pointer to NotifyDocumentTree()

There were 0 instances of this crash on ESR52 in the past 7 days, however since the patch is super simple, it doesn't hurt to uplift it. ESR52.2+

Attachment #8858477 - Flags: approval-mozilla-esr52? → approval-mozilla-esr52+

Ryan VanderMeulen [:RyanVM]

Comment 13

•

7 years ago

bugherder uplift

https://hg.mozilla.org/releases/mozilla-esr52/rev/4a3fce67b52d

status-firefox-esr52: affected → fixed

Marco Castelluccio [:marco]

Updated

•

7 years ago

Crash Signature: [@ nsINode::Slots] → [@ nsINode::Slots | mozilla::dom::Element::SetSMILOverrideStyleDeclaration]

Marco Castelluccio [:marco]

Comment 14

•

7 years ago

The signature changed because of bug 1356756.

Nobody; OK to take it and work on it

Updated

•

5 years ago

Component: DOM → DOM: Core & HTML

You need to log in before you can comment on or make changes to this bug.