Crash in [@ nsRange::UnregisterCommonAncestor]
Categories
(Core :: DOM: Editor, defect, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox66 | --- | unaffected |
| firefox67 | --- | unaffected |
| firefox68 | --- | fixed |
People
(Reporter: calixte, Assigned: masayuki)
References
(Blocks 1 open bug)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file, 1 obsolete file)
This bug is for crash report bp-888f20de-d1a4-4d3d-9154-364850190319.
Top 10 frames of crashing thread:
0 libxul.so nsRange::UnregisterCommonAncestor dom/base/nsINode.h:1795
1 libxul.so nsRange::SetSelection dom/base/nsRange.cpp:1025
2 libxul.so mozilla::dom::Selection::Clear dom/base/Selection.cpp:1170
3 libxul.so mozilla::dom::Selection::RemoveAllRanges dom/base/Selection.cpp:1921
4 libxul.so mozilla::dom::Selection::cycleCollection::Unlink dom/base/Selection.cpp:708
5 libxul.so nsCycleCollector::Collect xpcom/base/nsCycleCollector.cpp:3084
6 libxul.so nsCycleCollector_collectSlice xpcom/base/nsCycleCollector.cpp:3956
7 libxul.so nsJSContext::RunCycleCollectorSlice dom/base/nsJSEnvironment.cpp:1470
8 libxul.so ICCRunnerFired dom/base/nsJSEnvironment.cpp:1521
9 libxul.so mozilla::IdleTaskRunner::Run android-ndk/sources/cxx-stl/llvm-libc++/include/functional:1924
There are 11 crashes (from 11 installations) in nightly 68 starting with buildid 20190318133954. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1533293.
[1] https://hg.mozilla.org/mozilla-central/rev?node=19cff61f4fed
|
Assignee | |
Comment 1•5 years ago
|
||
Hmm, I have no idea about the relation with bug 1533293. However, it's in unlinking. So, mRegisteredCommonAncestor may have already gone. So, looks like that it reqires nullptr check here.
I'll take this next week if nobody takes this.
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 2•5 years ago
|
||
nsRange::SetSelection() may be called during unlinking. Therefore,
mRegisteredCommonAncestor may have already been unlinked. This patch
makes it check whether it's nullptr or not before using it to call
UnregisterCommonAncestor().
|
|
Assignee | |
Comment 3•5 years ago
|
||
When adding an range via Selection::AddItem() and only when it's caused by
user's operation, the range may be split at non-selectable content. This is
done in nsRange::ExcludeNonSelectableNodes() but it modifies the given range
as the first range. Then, Selection::AddRangeInternal() calls
Selection::SelectFrames() with the range which may have been modified by
nsRange::ExcludeNonSelectableNodes().
Therefore, only the frames between first child of <body> element and
previous element of first non-selectable content are painted as selection
after user does "Select All".
Selection::Extend() calls Selection::SelectFrames() by itself for all
existing ranges. Therefore, this patch creates new method and makes both
Selection::Extend() and Selection::SetStartAndEndInternal() call it only
when the result is not only one range.
|
||
Comment 4•5 years ago
|
||
Comment on attachment 9053541 [details]
Bug 1536852 - part 4: Make Selection::SetStartAndEndInternal() select frames by itself
Revision D24871 was moved to bug 1533293. Setting attachment 9053541 [details] to obsolete.
Pushed by masayuki@d-toybox.com: https://hg.mozilla.org/integration/autoland/rev/cf8e8b5019b8 Make nsRange::SetSelection() check mRegisteredCommonAncestor before calling UnregisterCommonAncestor() r=smaug
|
||
Comment 6•5 years ago
|
||
| bugherder | ||
|
|
||
Comment 7•3 years ago
|
||
Hmm, somehow I managed to not clear the old needinfo here.
Description
•