Open
Bug 1490485
Opened 7 years ago
Updated 3 years ago
crash near null in [@ mozilla::EditorBase::CanContainTag]
Categories
(Core :: DOM: Editor, defect, P2)
Core
DOM: Editor
Tracking
()
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(1 file)
|
333 bytes,
text/html
|
Details |
==55200==The signal is caused by a READ memory access.
==55200==Hint: address points to the zero page.
#0 0x7fab23150330 in get src/obj-firefox/dist/include/mozilla/RefPtr.h:296:27
#1 0x7fab23150330 in operator-> src/obj-firefox/dist/include/mozilla/RefPtr.h:328
#2 0x7fab23150330 in NodeType src/dom/base/nsINode.h:678
#3 0x7fab23150330 in mozilla::EditorBase::CanContainTag(nsINode&, nsAtom&) const src/editor/libeditor/EditorBase.cpp:3736
#4 0x7fab232669c5 in mozilla::HTMLEditRules::AlignContentsAtSelection(nsTSubstring<char16_t> const&) src/editor/libeditor/HTMLEditRules.cpp:6311:28
#5 0x7fab231bf42f in WillAlign src/editor/libeditor/HTMLEditRules.cpp:6064:8
#6 0x7fab231bf42f in mozilla::HTMLEditRules::WillDoAction(mozilla::dom::Selection*, mozilla::EditSubActionInfo&, bool*, bool*) src/editor/libeditor/HTMLEditRules.cpp:720
#7 0x7fab232c6aac in mozilla::HTMLEditor::Align(nsTSubstring<char16_t> const&) src/editor/libeditor/HTMLEditor.cpp:2558:11
#8 0x7fab232e53ee in mozilla::MultiStateCommandBase::DoCommandParams(char const*, nsICommandParams*, nsISupports*) src/editor/libeditor/HTMLEditorCommands.cpp:660:10
#9 0x7fab20a40c00 in nsControllerCommandTable::DoCommandParams(char const*, nsICommandParams*, nsISupports*) src/dom/commandhandler/nsControllerCommandTable.cpp:162:26
#10 0x7fab20a36498 in DoCommandWithParams src/dom/commandhandler/nsBaseCommandController.cpp:152:25
#11 0x7fab20a36498 in non-virtual thunk to nsBaseCommandController::DoCommandWithParams(char const*, nsICommandParams*) src/dom/commandhandler/nsBaseCommandController.cpp
#12 0x7fab20a3c8fd in nsCommandManager::DoCommand(char const*, nsICommandParams*, mozIDOMWindowProxy*) src/dom/commandhandler/nsCommandManager.cpp:210:29
#13 0x7fab210bda77 in nsHTMLDocument::ExecCommand(nsTSubstring<char16_t> const&, bool, nsTSubstring<char16_t> const&, nsIPrincipal&, mozilla::ErrorResult&) src/dom/html/nsHTMLDocument.cpp:3026:18
#14 0x7fab1fd78820 in mozilla::dom::HTMLDocument_Binding::execCommand(JSContext*, JS::Handle<JSObject*>, nsHTMLDocument*, JSJitMethodCallArgs const&) src/obj-firefox/dom/bindings/HTMLDocumentBinding.cpp:577:21
#15 0x7fab20322529 in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) src/dom/bindings/BindingUtils.cpp:3296:13
#16 0x7fab2919cf6b in CallJSNative src/js/src/vm/Interpreter.cpp:448:15
#17 0x7fab2919cf6b in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:536
#18 0x7fab291868b3 in CallFromStack src/js/src/vm/Interpreter.cpp:593:12
#19 0x7fab291868b3 in Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3266
#20 0x7fab2916c43e in js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:428:12
#21 0x7fab2919da7e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:560:15
#22 0x7fab2919f812 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) src/js/src/vm/Interpreter.cpp:606:10
#23 0x7fab2824027d in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) src/js/src/jsapi.cpp:2866:12
#24 0x7fab1f922eca in mozilla::dom::EventHandlerNonNull::Call(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) src/obj-firefox/dom/bindings/EventHandlerBinding.cpp:264:37
#25 0x7fab20be788a in void mozilla::dom::EventHandlerNonNull::Call<nsISupports*>(nsISupports* const&, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JS::Realm*) src/obj-firefox/dist/include/mozilla/dom/EventHandlerBinding.h:363:12
#26 0x7fab20be4c97 in mozilla::JSEventHandler::HandleEvent(mozilla::dom::Event*) src/dom/events/JSEventHandler.cpp:214:12
#27 0x7fab20b985b5 in mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*) src/dom/events/EventListenerManager.cpp:1111:52
#28 0x7fab20b9a6b7 in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) src/dom/events/EventListenerManager.cpp:1342:20
#29 0x7fab20b7e159 in HandleEvent src/obj-firefox/dist/include/mozilla/EventListenerManager.h:390:5
#30 0x7fab20b7e159 in mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:420
#31 0x7fab20b7c413 in mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:637:16
#32 0x7fab20b82bfe in mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) src/dom/events/EventDispatcher.cpp:1112:9
#33 0x7fab23816a04 in nsDocumentViewer::LoadComplete(nsresult) src/layout/base/nsDocumentViewer.cpp:1167:7
#34 0x7fab2667f45c in nsDocShell::EndPageLoad(nsIWebProgress*, nsIChannel*, nsresult) src/docshell/base/nsDocShell.cpp:7095:21
#35 0x7fab2667a0ea in nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) src/docshell/base/nsDocShell.cpp:6888:7
#36 0x7fab26683d37 in non-virtual thunk to nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) src/docshell/base/nsDocShell.cpp
#37 0x7fab1baa6c15 in nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, nsresult) src/uriloader/base/nsDocLoader.cpp:1313:3
#38 0x7fab1baa583c in nsDocLoader::doStopDocumentLoad(nsIRequest*, nsresult) src/uriloader/base/nsDocLoader.cpp:856:14
#39 0x7fab1baa1341 in nsDocLoader::DocLoaderIsEmpty(bool) src/uriloader/base/nsDocLoader.cpp:745:9
#40 0x7fab1baa3e28 in nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) src/uriloader/base/nsDocLoader.cpp:631:5
#41 0x7fab1baa5364 in non-virtual thunk to nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) src/uriloader/base/nsDocLoader.cpp
#42 0x7fab19544867 in mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult) src/netwerk/base/nsLoadGroup.cpp:629:28
#43 0x7fab1d3aaea7 in DoUnblockOnload src/dom/base/nsDocument.cpp:8422:18
#44 0x7fab1d3aaea7 in nsDocument::UnblockOnload(bool) src/dom/base/nsDocument.cpp:8344
#45 0x7fab1d38430b in nsIDocument::DispatchContentLoadedEvents() src/dom/base/nsDocument.cpp:5216:3
#46 0x7fab1d4ee68b in applyImpl<nsIDocument, void (nsIDocument::*)()> src/obj-firefox/dist/include/nsThreadUtils.h:1178:12
#47 0x7fab1d4ee68b in apply<nsIDocument, void (nsIDocument::*)()> src/obj-firefox/dist/include/nsThreadUtils.h:1184
#48 0x7fab1d4ee68b in mozilla::detail::RunnableMethodImpl<nsIDocument*, void (nsIDocument::*)(), true, (mozilla::RunnableKind)0>::Run() src/obj-firefox/dist/include/nsThreadUtils.h:1229
#49 0x7fab19288465 in mozilla::SchedulerGroup::Runnable::Run() src/xpcom/threads/SchedulerGroup.cpp:337:32
#50 0x7fab192c61a0 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1161:14
#51 0x7fab192cef45 in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:519:10
#52 0x7fab1a4e09de in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:97:21
#53 0x7fab1a3e172c in RunInternal src/ipc/chromium/src/base/message_loop.cc:325:10
#54 0x7fab1a3e172c in RunHandler src/ipc/chromium/src/base/message_loop.cc:318
#55 0x7fab1a3e172c in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:298
#56 0x7fab22f99006 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:158:27
#57 0x7fab2742d5ce in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:944:22
#58 0x7fab1a3e172c in RunInternal src/ipc/chromium/src/base/message_loop.cc:325:10
#59 0x7fab1a3e172c in RunHandler src/ipc/chromium/src/base/message_loop.cc:318
#60 0x7fab1a3e172c in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:298
#61 0x7fab2742c685 in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:770:34
#62 0x561174361ba1 in content_process_main src/browser/app/../../ipc/contentproc/plugin-container.cpp:50:30
#63 0x561174361ba1 in main src/browser/app/nsBrowserApp.cpp:287
#64 0x7fab3b57b82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#65 0x561174290f4c in _start (firefox+0x2cf4c)
Flags: in-testsuite?
|
||
Updated•7 years ago
|
Crash Signature: [@ mozilla::EditorBase::CanContainTag ]
Priority: -- → P2
|
Reporter | |
Updated•6 years ago
|
|
|
Reporter | |
Comment 1•6 years ago
|
||
A Pernosco session is available here: https://pernos.co/debug/eL-ypPm05gc8TYnURrPU1w/index.html
status-firefox68:
--- → wontfix
status-firefox69:
--- → wontfix
status-firefox70:
--- → affected
status-firefox71:
--- → affected
status-firefox-esr68:
--- → affected
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•