Closed Bug 1361041 Opened 8 years ago Closed 8 years ago

Crash in nsIFrame::SetStyleContextWithoutNotification

Categories

(Core :: CSS Parsing and Computation, defect)

Product:
Core
Component:
CSS Parsing and Computation
Version:
55 Branch
Platform:
x86
Windows 8
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla55
Tracking Flags:
Tracking Status
firefox-esr52 --- unaffected
firefox53 --- unaffected
firefox54 --- unaffected
firefox55 + fixed

People

(Reporter: marcia, Assigned: emilio)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Bug 1361041: Avoid posting ReconstructFrame hints to an uninitialized PresShell.
59 bytes, text/x-review-board-request
bzbarsky
: review+
Details
This bug was filed from the Socorro interface and is report bp-a951f694-a2b5-4a3b-a565-2e3880170424. ============================================================= Seen while looking at nightly crash stats - crashes started using 20170426030329: http://bit.ly/2pOwnHh. Crashes also present on ESR52 Possible regression range based on Build ID: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=a30dc237c3a600a5231f2974fc2b85dfb5513414&tochange=0f5ba06c4c5959030a05cb852656d854065e2226
Any ideas, Emilio? You have a number of patches in that regression range. (This signature has persisted past when bug 1359995 landed.)
Flags: needinfo?(emilio+bugs)
So at a glance it seems it could come from bug 1357142. The call that's causing the crash seems to be [1], that is, we're trying to recreate frames for the root element, which should always have a frame created at the initialization of the PresShell. So the function I removed in that bug had something like the following: if (!mDidInitialize) { // Nothing to do here. In fact, if we proceed and aContent is the // root we will crash. return NS_OK; } Which PostRecreateFramesFor doesn't guard against (because I thought it was not needed, per tryserver results). Sounds a lot like we do need that check, though I'd like to see a testcase where it happens :( Will post a patch soon. [1]: http://searchfox.org/mozilla-central/rev/3dc6ceb42746ab40f1441e1e659ffb8f62ae78e3/layout/base/nsCSSFrameConstructor.cpp#2420
Blocks: 1357142
Flags: needinfo?(emilio+bugs)
[Tracking Requested - why for this release]: new crash
status-firefox54: --- → unaffected
tracking-firefox55: --- → ?
Keywords: regression
The commit message needs a s/Recreate/Reconstruct/, but that should do it. Thanks for the heads-up Andrew and Marcia :)
status-firefox54: unaffected → ---
tracking-firefox55: ? → ---
Keywords: regression
err, collision
tracking-firefox55: --- → ?
Keywords: regression
Comment on attachment 8863401 [details] Bug 1361041: Avoid posting ReconstructFrame hints to an uninitialized PresShell. https://reviewboard.mozilla.org/r/135172/#review138126 r=me
Attachment #8863401 - Flags: review?(bzbarsky) → review+
Assignee: nobody → emilio+bugs
Pushed by ecoal95@gmail.com: https://hg.mozilla.org/integration/autoland/rev/b87e63c76691 Avoid posting ReconstructFrame hints to an uninitialized PresShell. r=bz
Tracking 55+ for this crash.
tracking-firefox55: ?+
https://hg.mozilla.org/mozilla-central/rev/b87e63c76691
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox55: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: