Closed Bug 1682193 Opened 4 years ago Closed 4 years ago

Crash in [@ nsBaseContentList::cycleCollection::CanSkipReal] when inspecting with the browser toolbox the print preview from bug 1682159

Categories

(Core :: DOM: Core & HTML, defect, P3)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
86 Branch
Tracking Flags:
Tracking Status
firefox-esr78 --- unaffected
firefox83 --- wontfix
firefox84 --- wontfix
firefox85 --- fixed
firefox86 --- fixed

People

(Reporter: emilio, Assigned: emilio)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1682193 - Don't append null content nodes in InspectorUtils.getOverflowingChildrenOfElement. r=dholbert,#layout-reviewers
47 bytes, text/x-phabricator-request
jcristau
: approval-mozilla-beta+
Details | Review

Maybe Fission related. (DOMFissionEnabled=1)

Crash report: https://crash-stats.mozilla.org/report/index/d30b51c8-24dd-48ba-adfd-b59830201213

Reason: SIGSEGV /SEGV_MAPERR

Top 10 frames of crashing thread:

0 libxul.so nsBaseContentList::cycleCollection::CanSkipReal dom/base/nsContentList.cpp:59
1 libxul.so nsCycleCollector_forgetSkippable xpcom/base/nsCycleCollector.cpp:3858
2 libxul.so FireForgetSkippable dom/base/nsJSEnvironment.cpp:1134
3 libxul.so CCRunnerFired dom/base/nsJSEnvironment.cpp:1639
4 libxul.so mozilla::IdleTaskRunner::Run xpcom/threads/IdleTaskRunner.cpp:54
5 libxul.so mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:732
6 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1200
7 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:87
8 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:309
9 libxul.so nsBaseAppShell::Run widget/nsBaseAppShell.cpp:137

And add an assertion for this to fail earlier (in debug builds at
least).

The issue is that in paginated mode canvas frames (which are not
associated to a node) might overflow their page content frame.

Assignee: nobody → emilio
Status: NEW → ASSIGNED
Severity: -- → S3
Priority: -- → P3
Pushed by ealvarez@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/a47708d985da Don't append null content nodes in InspectorUtils.getOverflowingChildrenOfElement. r=dholbert

https://hg.mozilla.org/mozilla-central/rev/a47708d985da

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox86: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 86 Branch

The patch landed in nightly and beta is affected.
:emilio, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(emilio)

Comment on attachment 9192947 [details]
Bug 1682193 - Don't append null content nodes in InspectorUtils.getOverflowingChildrenOfElement. r=dholbert,#layout-reviewers

Beta/Release Uplift Approval Request

  • User impact if declined: Null pointer crashes when inspecting print preview.
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: none
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): null-check
  • String changes made/needed: none
Flags: needinfo?(emilio)
Attachment #9192947 - Flags: approval-mozilla-beta?

Comment on attachment 9192947 [details]
Bug 1682193 - Don't append null content nodes in InspectorUtils.getOverflowingChildrenOfElement. r=dholbert,#layout-reviewers

approved for 85.0b3

Attachment #9192947 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: