Crash in FlushPendingNotifications from nsTextInputSelectionImpl::ScrollSelectionIntoView

RESOLVED FIXED in Firefox 66

Status

()

defect
P3
normal
RESOLVED FIXED
8 months ago
5 months ago

People

(Reporter: emilio, Assigned: emilio)

Tracking

(Depends on 1 bug, Blocks 1 bug)

unspecified
mozilla66
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox66 fixed)

Details

Attachments

(2 attachments)

Flushing just the shell is not quite sound, since it doesn't flush parent
documents, and also has the side effect of ensuring the shell is not destroying
and the document is not in the bfcache.
I think this is slightly better fix given the amount of offenders we have that
don't make sure this is the case.

Generally we get through the flush just fine, but there's code that relies on
nsIDocument::GetShell to return something meaningful, like the styleset code
that gets a pres context.
Priority: -- → P3
Assignee: nobody → emilio
Pushed by emilio@crisal.io:
https://hg.mozilla.org/integration/autoland/rev/da799f611f33
Flush the document, not the shell, in Selection::ScrollIntoView. r=bzbarsky
https://hg.mozilla.org/integration/autoland/rev/8f22c3daa581
Don't flush if the document is in the bfcache. r=bzbarsky
Status: NEW → RESOLVED
Closed: 7 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
You need to log in before you can comment on or make changes to this bug.