Closed Bug 1484293 Opened 1 year ago Closed 1 year ago

Crash in nsIDocument::SetStyleSheetApplicableState

Categories

(Core :: CSS Parsing and Computation, defect, P2, critical)

63 Branch
x86_64
Windows 10
defect

Tracking

()

RESOLVED WORKSFORME
Tracking Status
firefox63 --- affected

People

(Reporter: e7358d9c, Unassigned)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

30.65 KB, application/x-zip-compressed
Details
This bug was filed from the Socorro interface and is
report bp-f59460e5-90c8-4bde-890a-654ef0180817.
=============================================================

Top 10 frames of crashing thread:

0 xul.dll nsIDocument::SetStyleSheetApplicableState dom/base/nsDocument.cpp:4284
1 xul.dll void mozilla::css::Loader::DoSheetComplete layout/style/Loader.cpp:1747
2 xul.dll void mozilla::css::Loader::SheetComplete layout/style/Loader.cpp:1675
3 xul.dll mozilla::css::SheetLoadData::VerifySheetReadyToParse layout/style/Loader.cpp:648
4 xul.dll mozilla::css::StreamLoader::OnStopRequest layout/style/StreamLoader.cpp:75
5 xul.dll void mozilla::net::HttpChannelChild::DoOnStopRequest netwerk/protocol/http/HttpChannelChild.cpp:1307
6 xul.dll void mozilla::net::HttpChannelChild::OnStopRequest netwerk/protocol/http/HttpChannelChild.cpp:1188
7 xul.dll mozilla::net::ChannelEventQueue::FlushQueue netwerk/ipc/ChannelEventQueue.cpp:93
8 xul.dll nsresult mozilla::net::ChannelEventQueue::ResumeInternal::CompleteResumeRunnable::Run netwerk/ipc/ChannelEventQueue.cpp:161
9 xul.dll mozilla::SchedulerGroup::Runnable::Run xpcom/threads/SchedulerGroup.cpp:337

=============================================================

This tends to occur after updating a stylesheet which is referenced using <link rel="stylesheet"> elements from ~19 shadow roots in my very experimental <menu> and <menu‑item> Shadow DOM and Custom Elements based polyfill thing with the devtools open.
Do you have a testcase for it or something that I could debug? If so I'd be really interested. Thanks!
Here’s my W.I.P. <menu> and <menu-item> elements pseudo‑polyfill thing, which is based on the <xul:menu> and <xul:menuitem> elements and allows reproducing the issue in Firefox Nightly 63.

(since then my Firefox Nightly installation has submitted bp-5bc07ed4-97b5-4c9b-9cb9-a36df0180817 and bp-1d60dc79-541c-49a9-a5ee-6ebb20180817 while I’ve been preparing this zip file)

P.S.: My original goal was to use this as a reference for implementing the <menu type="toolbar"> element in Firefox proper (see bug 746087).
Flags: needinfo?(emilio)
Setting to P2 (rather than P1) since this crash seems to come from fairly uncommon use case. (Emilio feel free to bump up if you disagree.)
Priority: -- → P2
(In reply to Sean Voisen (:svoisen) from comment #3)
> Setting to P2 (rather than P1) since this crash seems to come from fairly
> uncommon use case. (Emilio feel free to bump up if you disagree.)

Depending on whether it's devtools specific or not it may be more prioritary. But for now P2 sounds fine, thanks Sean!

Exe Boss: I'm trying to repro this, failing so far. To be clear, STR is editing menu-item.css from the style editor, right?
Flags: needinfo?(e7358d9c)
(In reply to Emilio Cobos Álvarez (:emilio) from comment #4)
> (In reply to Sean Voisen (:svoisen) from comment #3)
> > Setting to P2 (rather than P1) since this crash seems to come from fairly
> > uncommon use case. (Emilio feel free to bump up if you disagree.)
> 
> Depending on whether it's devtools specific or not it may be more
> prioritary. But for now P2 sounds fine, thanks Sean!
> 
> ExE Boss: I'm trying to repro this, failing so far. To be clear, STR is
> editing menu-item.css from the style editor, right?

No, STR is editing menu‑item.css in an external editor (in my case it’s Visual Studio Code).
Flags: needinfo?(e7358d9c)
Do you serve the files locally via a web server or via file://? I've been trying the latter and nothing. How frequent is this? (just in case I'm not trying hard enough).

Also, I saw there's node-modules stuff there, what am I supposed to do with it? I ran npm install which was enough to make the scripts load. Is that enough?
Flags: needinfo?(e7358d9c)
I serve them locally using `static-server` (https://www.npmjs.com/package/static-server).

Also, `npm install` is enough to get it to work.
Flags: needinfo?(e7358d9c)
Tyson, has the fuzzing team seen this signature by any chance?
Flags: needinfo?(twsmith)
(In reply to Emilio Cobos Álvarez (:emilio) from comment #8)
> Tyson, has the fuzzing team seen this signature by any chance?

I see one result from Aug 1st found by Jason's fuzzer. Unfortunately I can't reproduce the issue with the testcase.
Flags: needinfo?(twsmith) → needinfo?(jkratzer)
(In reply to Tyson Smith [:tsmith] from comment #9)
> (In reply to Emilio Cobos Álvarez (:emilio) from comment #8)
> > Tyson, has the fuzzing team seen this signature by any chance?
> 
> I see one result from Aug 1st found by Jason's fuzzer. Unfortunately I can't
> reproduce the issue with the testcase.

Unfortunately, I can't reproduce it either.  I've setup a watch to monitor for new crashes matching that signature.  If one comes in, I'll attach it here.
Flags: needinfo?(jkratzer)
This might possibly be related to bug 1410579 and bug 1434145.
(In reply to ExE Boss from comment #5)
> No, STR is editing menu‑item.css in an external editor (in my case it’s
> Visual Studio Code).

How do you edit in an external editor and have the page use the updated version?
(In reply to ExE Boss from comment #11)
> This might possibly be related to bug 1410579 and bug 1434145.

What makes you think that? They are pretty unrelated afaict.

Can you reproduce this now? I made some changes in bug 1484478 which might fix this.
Flags: needinfo?(emilio) → needinfo?(e7358d9c)
(In reply to Emilio Cobos Álvarez (:emilio) from comment #13)
> Can you reproduce this now? I made some changes in bug 1484478
> which might fix this.

I can’t say that I do, and no new crashes sharing the signature have came in since, so this seems to have been fixed.


(In reply to Emilio Cobos Álvarez (:emilio) from comment #13)
> (In reply to ExE Boss from comment #11)
> > This might possibly be related to bug 1410579 and bug 1434145.
> 
> What makes you think that? They are pretty unrelated afaict.

It was just a hunch (the only connection I can think of is the large amount of the same stylesheet imported inside shadow trees, which bug 1410579 would help improve, and bug 1434145 was mentioned in bug 1410579 comment #1).
Status: NEW → RESOLVED
Closed: 1 year ago
Flags: needinfo?(e7358d9c)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.