Closed Bug 1503565 Opened Last year Closed Last year

Crash in mozilla::EditorBase::BeginPlaceholderTransaction

Categories

(Core :: DOM: Editor, defect, P1, critical)

defect

Tracking

()

RESOLVED FIXED
mozilla65
Tracking Status
firefox-esr60 --- unaffected
firefox63 --- unaffected
firefox64 --- unaffected
firefox65 + fixed

People

(Reporter: marcia, Assigned: masayuki)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is
report bp-574a3e46-2a4d-4482-a917-82de40181031.
=============================================================

Seen while looking at nightly crash data: https://bit.ly/2ziXxZ9. Small volume Windows and Mac crash which looks to have started in 20181030224027.

Looks as if Bug 1465702 landed in the regression time frame: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=4c7772c170a1848c4e57fea0087c351fd2288859&tochange=be32f4014f92d0ab717621997e0d36c9bc1c479b

ni on :masayuki

Top 10 frames of crashing thread:

0 xul.dll mozilla::EditorBase::BeginPlaceholderTransaction editor/libeditor/EditorBase.cpp:948
1 xul.dll nsresult mozilla::HTMLEditor::BlobReader::OnResult editor/libeditor/HTMLEditorDataTransfer.cpp:1032
2 xul.dll mozilla::SlurpBlobEventListener::HandleEvent editor/libeditor/HTMLEditorDataTransfer.cpp:1105
3 xul.dll nsresult mozilla::EventListenerManager::HandleEventSubType dom/events/EventListenerManager.cpp:1107
4 xul.dll void mozilla::EventTargetChainItem::HandleEvent dom/events/EventDispatcher.cpp:424
5 xul.dll static void mozilla::EventTargetChainItem::HandleEventTargetChain dom/events/EventDispatcher.cpp:641
6 xul.dll mozilla::EventDispatcher::Dispatch dom/events/EventDispatcher.cpp:1156
7 xul.dll mozilla::EventDispatcher::DispatchDOMEvent dom/events/EventDispatcher.cpp:1237
8 xul.dll mozilla::DOMEventTargetHelper::DispatchEvent dom/base/nsWindowRoot.cpp:77
9 xul.dll mozilla::dom::EventTarget::DispatchEvent dom/events/EventTarget.cpp:205

=============================================================
Flags: needinfo?(masayuki)
Thanks. If I missed to find an entrance of handling edit action, editor crash around nullptr access. Yes, so, this should be regression of bug 1465702.
Assignee: nobody → masayuki
Blocks: 1465702
Status: NEW → ASSIGNED
Flags: needinfo?(masayuki)
HTMLEditor::BlobReader::OnResult() is a callback method and it calls
non-public method of HTMLEditor, DoInsertHTMLWithContext().  So,
DoInsertHTMLWithContext() may need caller to have already created
AutoEditActionDataSetter instance.  Therefore, BlobReader should keep
EditAction which is the purpose of creating it and its OnResult() should
create AutoEditActionDataSetter instance with it.
Adding another signature seen in nightly, which affects all three platforms.
Crash Signature: [@ mozilla::EditorBase::BeginPlaceholderTransaction] → [@ mozilla::EditorBase::BeginPlaceholderTransaction] [@ mozilla::EditorBase::DoTransactionInternal]
OS: Windows 10 → All
Hardware: Unspecified → All
(In reply to Marcia Knous [:marcia - needinfo? me] from comment #4)
> Adding another signature seen in nightly, which affects all three platforms.

It's really different bug. It is important which class calls editor's non-public method when it's not called by editor's method.
Crash Signature: [@ mozilla::EditorBase::BeginPlaceholderTransaction] [@ mozilla::EditorBase::DoTransactionInternal] → [@ mozilla::EditorBase::BeginPlaceholderTransaction]
Pushed by masayuki@d-toybox.com:
https://hg.mozilla.org/integration/autoland/rev/3fb088581428
Make HTMLEditor::BlobReader::OnResult() create AutoEditActionDataSetter r=m_kato
Priority: -- → P1
https://hg.mozilla.org/mozilla-central/rev/3fb088581428
Status: ASSIGNED → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
You need to log in before you can comment on or make changes to this bug.