Crash in [@ InvalidArrayIndex_CRASH | nsHtml5Highlighter::Push]
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
People
(Reporter: mccr8, Unassigned)
References
Details
(Keywords: crash)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/17cdaf7f-67de-4485-863c-30ab60210819
MOZ_CRASH Reason: ElementAt(aIndex = 18446744073709551615, aLength = 0)
Top 10 frames of crashing thread:
0 libxul.so InvalidArrayIndex_CRASH xpcom/ds/nsTArray.cpp:28
1 libxul.so nsHtml5Highlighter::Push parser/html/nsHtml5Highlighter.cpp:652
2 libxul.so nsHtml5Highlighter::StartCharacters parser/html/nsHtml5Highlighter.cpp:509
3 libxul.so nsHtml5Highlighter::Transition parser/html/nsHtml5Highlighter.cpp:418
4 libxul.so int nsHtml5Tokenizer::stateLoop<nsHtml5ViewSourcePolicy> parser/html/nsHtml5Tokenizer.cpp:3576
5 libxul.so nsHtml5Tokenizer::tokenizeBuffer parser/html/nsHtml5Tokenizer.cpp:438
6 libxul.so nsHtml5StreamParser::ParseAvailableData parser/html/nsHtml5StreamParser.cpp:1906
7 libxul.so nsHtml5StreamParser::DoDataAvailable parser/html/nsHtml5StreamParser.cpp:1604
8 libxul.so nsHtml5StreamParser::DoDataAvailableBuffer parser/html/nsHtml5StreamParser.cpp:1520
9 libxul.so nsHtml5DataAvailable::Run parser/html/nsHtml5StreamParser.cpp:1634
18446744073709551615 is -1. My guess is that this is happening in nsHtml5Highlighter::Push() inside CurrentNode(), which does mStack[mStack.Length() - 1];, which will end up trying to get the -1'th element if mStack is empty. I only see two crashes from a single installation so maybe it isn't a big deal.
|
Reporter | |
Comment 1•4 years ago
|
||
Looks like it is actually 3 crashes from 2 installations.
|
||
Comment 2•4 years ago
|
||
For now, let's guess that this is bug 1726374 and let's see if this goes away once that lands.
|
|
||
Comment 3•4 years ago
|
||
Looking at the stack, bug 1541822 is another possible cause.
|
||
Comment 4•4 years ago
|
||
Closing because no crashes reported for 12 weeks.
Description
•