Closed Bug 1503565 Opened Last year Closed Last year

Crash in mozilla::EditorBase::BeginPlaceholderTransaction


(Core :: DOM: Editor, defect, P1, critical)




Tracking Status
firefox-esr60 --- unaffected
firefox63 --- unaffected
firefox64 --- unaffected
firefox65 + fixed


(Reporter: marcia, Assigned: masayuki)



(Keywords: crash, regression)

Crash Data


(1 file)

This bug was filed from the Socorro interface and is
report bp-574a3e46-2a4d-4482-a917-82de40181031.

Seen while looking at nightly crash data: Small volume Windows and Mac crash which looks to have started in 20181030224027.

Looks as if Bug 1465702 landed in the regression time frame:

ni on :masayuki

Top 10 frames of crashing thread:

0 xul.dll mozilla::EditorBase::BeginPlaceholderTransaction editor/libeditor/EditorBase.cpp:948
1 xul.dll nsresult mozilla::HTMLEditor::BlobReader::OnResult editor/libeditor/HTMLEditorDataTransfer.cpp:1032
2 xul.dll mozilla::SlurpBlobEventListener::HandleEvent editor/libeditor/HTMLEditorDataTransfer.cpp:1105
3 xul.dll nsresult mozilla::EventListenerManager::HandleEventSubType dom/events/EventListenerManager.cpp:1107
4 xul.dll void mozilla::EventTargetChainItem::HandleEvent dom/events/EventDispatcher.cpp:424
5 xul.dll static void mozilla::EventTargetChainItem::HandleEventTargetChain dom/events/EventDispatcher.cpp:641
6 xul.dll mozilla::EventDispatcher::Dispatch dom/events/EventDispatcher.cpp:1156
7 xul.dll mozilla::EventDispatcher::DispatchDOMEvent dom/events/EventDispatcher.cpp:1237
8 xul.dll mozilla::DOMEventTargetHelper::DispatchEvent dom/base/nsWindowRoot.cpp:77
9 xul.dll mozilla::dom::EventTarget::DispatchEvent dom/events/EventTarget.cpp:205

Flags: needinfo?(masayuki)
Thanks. If I missed to find an entrance of handling edit action, editor crash around nullptr access. Yes, so, this should be regression of bug 1465702.
Assignee: nobody → masayuki
Blocks: 1465702
Flags: needinfo?(masayuki)
HTMLEditor::BlobReader::OnResult() is a callback method and it calls
non-public method of HTMLEditor, DoInsertHTMLWithContext().  So,
DoInsertHTMLWithContext() may need caller to have already created
AutoEditActionDataSetter instance.  Therefore, BlobReader should keep
EditAction which is the purpose of creating it and its OnResult() should
create AutoEditActionDataSetter instance with it.
Adding another signature seen in nightly, which affects all three platforms.
Crash Signature: [@ mozilla::EditorBase::BeginPlaceholderTransaction] → [@ mozilla::EditorBase::BeginPlaceholderTransaction] [@ mozilla::EditorBase::DoTransactionInternal]
OS: Windows 10 → All
Hardware: Unspecified → All
(In reply to Marcia Knous [:marcia - needinfo? me] from comment #4)
> Adding another signature seen in nightly, which affects all three platforms.

It's really different bug. It is important which class calls editor's non-public method when it's not called by editor's method.
Crash Signature: [@ mozilla::EditorBase::BeginPlaceholderTransaction] [@ mozilla::EditorBase::DoTransactionInternal] → [@ mozilla::EditorBase::BeginPlaceholderTransaction]
Pushed by
Make HTMLEditor::BlobReader::OnResult() create AutoEditActionDataSetter r=m_kato
Priority: -- → P1
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
You need to log in before you can comment on or make changes to this bug.