Closed Bug 1660537 Opened 5 years ago Closed 5 years ago

Crash in [@ nsFrameLoader::GetWindowDimensions]

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Windows 7
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
81 Branch
Tracking Flags:
Tracking Status
firefox-esr68 --- unaffected
firefox-esr78 --- fixed
firefox79 --- wontfix
firefox80 --- wontfix
firefox81 --- fixed

People

(Reporter: u608768, Assigned: u608768)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1660537 - Null check mOwnerContent in GetWindowDimensions, r?smaug
47 bytes, text/x-phabricator-request
RyanVM
: approval-mozilla-esr78+
Details | Review

Crash report: https://crash-stats.mozilla.org/report/index/9792dd15-fd37-4897-94fb-f91a40200820

Top 10 frames of crashing thread:

0 xul.dll nsFrameLoader::GetWindowDimensions dom/base/nsFrameLoader.cpp:2321
1 xul.dll nsFrameLoader::UpdatePositionAndSize dom/base/nsFrameLoader.cpp:2360
2 xul.dll nsSubDocumentFrame::ReflowFinished layout/generic/nsSubDocumentFrame.cpp:757
3 xul.dll mozilla::PresShell::HandlePostedReflowCallbacks layout/base/PresShell.cpp:3977
4 xul.dll mozilla::PresShell::DidDoReflow layout/base/PresShell.cpp:9431
5 xul.dll mozilla::PresShell::ProcessReflowCommands layout/base/PresShell.cpp:9826
6 xul.dll mozilla::PresShell::DoFlushPendingNotifications layout/base/PresShell.cpp:4239
7 xul.dll mozilla::dom::Document::FlushPendingNotifications dom/base/Document.cpp:10088
8 xul.dll mozilla::dom::Document::FlushPendingNotifications dom/base/Document.cpp:10084
9 xul.dll nsIContent::GetPrimaryFrame dom/base/Element.cpp:234

Pretty low volume, we've been seeing a few of these since 20200630195452.

This looks like it might be a missing null check on mOwnerContent on this line:
Document* doc = mOwnerContent->GetComposedDoc();

Do you want to write a patch for the null check, Kashav? If not, I could do it. I'm not familiar with this code, but it looks like a number of the other accesses of this field null check it.

Flags: needinfo?(kmadan)

Sure, I can do it.

Assignee: nobody → kmadan
Status: NEW → ASSIGNED
Flags: needinfo?(kmadan)
Pushed by kmadan@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c1105c441dfa Null check mOwnerContent in GetWindowDimensions, r=smaug

https://hg.mozilla.org/mozilla-central/rev/c1105c441dfa

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox81: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 81 Branch

Please nominate this for ESR78 approval when you get a chance.

status-firefox-esr68: --- → unaffected
Flags: needinfo?(kmadan)

Comment on attachment 9171464 [details]
Bug 1660537 - Null check mOwnerContent in GetWindowDimensions, r?smaug

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Fixes a long-standing crash.
  • User impact if declined: Crashes (relatively low volume, so not a huge impact)
  • Fix Landed on Version: 81
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Not risky. Adds a null pointer check that avoids the crash.
  • String or UUID changes made by this patch:
Flags: needinfo?(kmadan)
Attachment #9171464 - Flags: approval-mozilla-esr78?

Comment on attachment 9171464 [details]
Bug 1660537 - Null check mOwnerContent in GetWindowDimensions, r?smaug

Approved for 78.3esr.

Attachment #9171464 - Flags: approval-mozilla-esr78? → approval-mozilla-esr78+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: