Closed
Bug 1525831
Opened 5 years ago
Closed 5 years ago
Crash in ShadowRoot.cpp
Categories
(Core :: DOM: Core & HTML, defect, P2)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla67
Tracking | Status | |
---|---|---|
firefox67 | --- | fixed |
People
(Reporter: fabrice, Assigned: fabrice)
Details
Attachments
(1 file)
740 bytes,
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
I have seen this crash in a js module creating a Custom Element:
#0 0x00007f9eb0b496a0 in __GI___nanosleep
(requested_time=requested_time@entry=0x7ffc62e8dd30, remaining=remaining@entry=0x7ffc62e8dd30)
at ../sysdeps/unix/sysv/linux/nanosleep.c:28
#1 0x00007f9eb0b495aa in __sleep (seconds=0) at ../sysdeps/posix/sleep.c:55
#2 0x00007f9ea6699a50 in ah_crap_handler(int) (signum=11)
at /media/fabrice/c13a996b-93e3-43ce-a1ab-9fb508c2cdbb/dev/gecko-dev/toolkit/xre/nsSigHandlers.cpp:95
#3 0x00007f9ea668186a in nsProfileLock::FatalSignalHandler(int, siginfo_t*, void*)
(signo=11, info=0x7ffc62e8dff0, context=0x7ffc62e8dec0)
at /media/fabrice/c13a996b-93e3-43ce-a1ab-9fb508c2cdbb/dev/gecko-dev/toolkit/profile/nsProfileLock.cpp:174
#4 0x00007f9ea74c530b in WasmTrapHandler(int, siginfo_t*, void*)
(signum=11, info=0x7ffc62e8dff0, context=<optimized out>)
at /media/fabrice/c13a996b-93e3-43ce-a1ab-9fb508c2cdbb/dev/gecko-dev/js/src/wasm/WasmSignalHandlers.cpp:928
#5 0x00007f9eb0f9edd0 in <signal handler called> () at /lib/x86_64-linux-gnu/libpthread.so.0
#6 0x00007f9ea34ae824 in nsCOMPtr<nsIContent>::operator->() const (this=<optimized out>)
at /media/fabrice/c13a996b-93e3-43ce-a1ab-9fb508c2cdbb/dev/gecko-dev/obj-quetzal/dist/include/nsCOMPtr.h:842
#7 0x00007f9ea3bc33ef in mozilla::dom::ShadowRoot::GetEventTargetParent(mozilla::EventChainPreVisitor&)
(this=0x7f9e96e95190, aVisitor=...)
at /media/fabrice/c13a996b-93e3-43ce-a1ab-9fb508c2cdbb/dev/gecko-dev/dom/base/ShadowRoot.cpp:460
#8 0x00007f9ea4a2a25f in mozilla::EventTargetChainItem::GetEventTargetParent(mozilla::EventChainPreVisitor&) (this=0x7f9e9ef21058, aVisitor=...)
at /media/fabrice/c13a996b-93e3-43ce-a1ab-9fb508c2cdbb/dev/gecko-dev/dom/events/EventDispatcher.cpp:419
#9 0x00007f9ea4a2ba85 in mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) (aTarget=<optimized out>, aPresContext=0x7f9e988d8800, aEvent=
0x7f9e96930e50, aDOMEvent=<optimized out>, aEventStatus=0x7ffc62e8e954, aCallback=0x0, aTargets=0x0)
at /media/fabrice/c13a996b-93e3-43ce-a1ab-9fb508c2cdbb/dev/gecko-dev/dom/events/EventDispatcher.cpp:959
#10 0x00007f9ea4a2d714 in mozilla::EventDispatcher::DispatchDOMEvent(nsISupports*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsPresContext*, nsEventStatus*)
(aTarget=0x7f9e9a769ae0, aEvent=<optimized out>, aDOMEvent=<optimized out>, aPresContext=0x7f9e988d8800, aEventStatus=0x7ffc62e8e954)
at /media/fabrice/c13a996b-93e3-43ce-a1ab-9fb508c2cdbb/dev/gecko-dev/dom/events/EventDispatcher.cpp:1138
#11 0x00007f9ea3c3c8ec in nsINode::DispatchEvent(mozilla::dom::Event&, mozilla::dom::CallerType, mozilla::ErrorResult&) (this=0x7f9e9a769ae0, aEvent=..., aCallerType=mozilla::dom::CallerType::System, aRv=...)
at /media/fabrice/c13a996b-93e3-43ce-a1ab-9fb508c2cdbb/dev/gecko-dev/dom/base/nsINode.cpp:1028
#12 0x00007f9ea3a7e03b in nsContentUtils::DispatchChromeEvent(mozilla::dom::Document*, nsISupports*, nsTSubstring<char16_t> const&, mozilla::CanBubble, mozilla::Cancelable, bool*)
(aDoc=<optimized out>, aTarget=<optimized out>, aEventName=
..., aCanBubble=<optimized out>, aCancelable=<optimized out>, aDefaultAction=0x0)
at /media/fabrice/c13a996b-93e3-43ce-a1ab-9fb508c2cdbb/dev/gecko-dev/dom/base/nsContentUtils.cpp:4248
#13 0x00007f9ea3bfe652 in nsContentSink::NotifyDocElementCreated(mozilla::dom::Document*)
(aDoc=0x7f9e96b9b000)
I'll see if I can reproduce it with a smaller test case than my current code.
Assignee | ||
Comment 1•5 years ago
|
||
That fixes it for me, no idea if that is a symptom of some other issue though.
Assignee: nobody → fabrice
Attachment #9042014 -
Flags: review?(bugs)
Comment 2•5 years ago
|
||
What JS module? UAWidget thingie? I wouldn't be surprised if UAWidgets cause still more issues.
Comment 3•5 years ago
|
||
Comment on attachment 9042014 [details] [diff] [review] shadowroot.patch I guess we can take this, but this does hint a problem, probably someone is dispatching an event in a wrong way or something.
Attachment #9042014 -
Flags: review?(bugs) → review+
Assignee | ||
Comment 4•5 years ago
|
||
(In reply to Olli Pettay [:smaug] (massive needinfo queue, ping on IRC on anything urgent) from comment #2)
What JS module? UAWidget thingie? I wouldn't be surprised if UAWidgets cause still more issues.
No, that's regular content JS.
Summary: Crash in → Crash in ShadowRoot.cpp
Comment 5•5 years ago
|
||
Oh, I see, we're dispatching to document. So there must be shadowDOM somewhere in chrome code.
Updated•5 years ago
|
Priority: -- → P2
Pushed by opettay@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/f6c8336fa7d2 let originaltarget be non-nsIContent in ShadowRoot, r=smaug
Comment 7•5 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox67:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
You need to log in
before you can comment on or make changes to this bug.
Description
•