Closed Bug 1554072 Opened 6 years ago Closed 6 years ago

Crash in [@ mozilla::dom::Document::CreateElement]

Categories

(Core :: XUL, defect, P1)

Product:
Core
Component:
XUL
Version:
68 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla69
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox67 --- unaffected
firefox67.0.1 --- unaffected
firefox68 --- unaffected
firefox69 --- fixed

People

(Reporter: calixte, Assigned: bdahl)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Bug 1554072 - Only crash in debug builds when using createElement with XUL. r=bzbarsky
47 bytes, text/x-phabricator-request
Details | Review

This bug is for crash report bp-5cc01802-d56f-4fdf-981c-da5080190524.

Top 10 frames of crashing thread:

0 xul.dll mozilla::dom::Document::CreateElement dom/base/Document.cpp:5531
1 xul.dll static bool mozilla::dom::Document_Binding::createElement dom/bindings/DocumentBinding.cpp:1367
2 xul.dll mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions> dom/bindings/BindingUtils.cpp:3165
3 xul.dll js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:538
4 xul.dll static bool InternalCall js/src/vm/Interpreter.cpp:593
5 xul.dll static bool Interpret js/src/vm/Interpreter.cpp:3085
6 xul.dll js::RunScript js/src/vm/Interpreter.cpp:423
7 xul.dll js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:566
8 xul.dll static bool InternalCall js/src/vm/Interpreter.cpp:593
9 xul.dll js::Call js/src/vm/Interpreter.cpp:609

There are 34 crashes (from 7 installations) in nightly 69 with buildid 20190523215203. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1551320.
The moz_crash_reason is: MOZ_RELEASE_ASSERT(false) (CreateElement() not allowed in XUL document.)

[1] https://hg.mozilla.org/mozilla-central/rev?node=6d063a63bece

Flags: needinfo?(bdahl)
Priority: -- → P1
QA Whiteboard: [qa-regression-triage]

Changing to all as there are crashes on Mac, Linux and Windows.

OS: Windows 10 → All
Hardware: Unspecified → All

We really need a JS stack here to figure out where createElement is still being called. I need to figure out how to create a sanitized chrome only JS stack, but in the mean time we can just make this a debug only assert.

Flags: needinfo?(bdahl)

Temporary solution until we get sanitized chrome JS stacks for the crash
reporter.

Assignee: nobody → bdahl
Pushed by bdahl@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e495155bbdd1 Only crash in debug builds when using createElement with XUL. r=bzbarsky

https://hg.mozilla.org/mozilla-central/rev/e495155bbdd1

Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox69: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla69
QA Whiteboard: [qa-regression-triage]
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: