1470762 - Crash in mozilla::PresShell::DoFlushPendingNotifications

Status: RESOLVED FIXED

(Core :: Layout, defect, P2)

Description

[Mats Palmgren (inactive)]

This bug was filed from the Socorro interface and is
report bp-9c59e1ae-28d4-4d10-a53d-bcf950180623.
=============================================================


MOZ_CRASH Reason:  MOZ_RELEASE_ASSERT(mIsDestroying || mDocument->GetShell() == this)

(it appears that assertion was added in bug 1433056)

Top 10 frames of crashing thread:

0 xul.dll mozilla::PresShell::DoFlushPendingNotifications layout/base/PresShell.cpp:4225
1 xul.dll mozilla::PresShell::DoFlushPendingNotifications layout/base/PresShell.cpp:4128
2 xul.dll mozilla::dom::Selection::Stringify dom/base/Selection.cpp:421
3 xul.dll mozilla::AccessibleCaretManager::DispatchCaretStateChangedEvent layout/base/AccessibleCaretManager.cpp:1461
4 xul.dll mozilla::AccessibleCaretManager::UpdateCaretsForSelectionMode layout/base/AccessibleCaretManager.cpp:410
5 xul.dll mozilla::AccessibleCaretManager::UpdateCarets layout/base/AccessibleCaretManager.cpp:240
6 xul.dll mozilla::AccessibleCaretManager::OnReflow layout/base/AccessibleCaretManager.cpp:721
7 xul.dll mozilla::AccessibleCaretEventHub::Reflow layout/base/AccessibleCaretEventHub.cpp:679
8 xul.dll nsDocShell::NotifyReflowObservers docshell/base/nsDocShell.cpp:1873
9 xul.dll mozilla::PresShell::DidDoReflow layout/base/PresShell.cpp:8774

=============================================================

Comment 1

[Emilio Cobos Álvarez (:emilio)]

Yeah, this is the AccessibleCaret code being unsound, flushing in a scroll / reflow callback.

I had not prioritized bug 1445794 because well, I don't know the AccessibleCaret code that well, and I didn't know it was causing crashes. I'll try to get to it.

Comment 2

[Pascal Chevrel:pascalc (PTO until April 26)]

(In reply to Emilio Cobos Álvarez (:emilio) from comment #1)
> Yeah, this is the AccessibleCaret code being unsound, flushing in a scroll /
> reflow callback.
> 
> I had not prioritized bug 1445794 because well, I don't know the
> AccessibleCaret code that well, and I didn't know it was causing crashes.
> I'll try to get to it.

Emilio, is there progress in bug 1445794 that would end up being uplifted to 63 beta? Thanks

Comment 3

[Emilio Cobos Álvarez (:emilio)]

I don't have the cycles to work on it right now unfortunately :(

Comment 4

[Pascal Chevrel:pascalc (PTO until April 26)]

OK, marking 63 as fix-optional then. I'd take a low-risk patch for uplift in case somebody in your team finds the cycle to fix this bug though. Thanks.

Comment 5

[Liz Henry (:lizzard) (relman/hg->git project)]

Too late for 63 but we could still take a patch for 65.

Comment 6

[Sean Voisen (:svoisen)]

Emilio: Looks like we still waiting on review from bz for the last patch in bug 1514511 in order to fix this? Will that alone fix this or is there more work to be done after that which can potentially be handled by TYLin?

Comment 7

[Emilio Cobos Álvarez (:emilio)]

I think it should paper all of them. Fixing all the offenders that flush a pres shell instead of a document would be nice, but hard to justify prioritizing.

Comment 8

[Ting-Yu Lin [:TYLin] (PDT, UTC-7)]

Bug 1486521 is still an issue even if bug 1514511 is fixed, so there's still something to do.

Comment 9

[Ting-Yu Lin [:TYLin] (PDT, UTC-7)]

Unblock AccessibleCaret because this crash signature doesn't strictly relate to it.

Comment 10

[Emilio Cobos Álvarez (:emilio)]

I think this should be fixed. New crashes should get new bugs.