Open
Bug 1913849
Opened 3 months ago
Updated 2 months ago
Crash in [@ nsINode::HasChildren]
Categories
(Core :: DOM: Selection, defect)
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox-esr128 | --- | unaffected |
| firefox129 | --- | unaffected |
| firefox130 | --- | unaffected |
| firefox131 | --- | fix-optional |
People
(Reporter: release-mgmt-account-bot, Unassigned, NeedInfo)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: crash, regression)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/12648604-f7b6-4ef3-a7ee-9f2c00240818
Reason: EXCEPTION_ACCESS_VIOLATION_READ
Top 10 frames of crashing thread:
0 xul.dll nsCOMPtr<nsIContent>::operator bool const xpcom/base/nsCOMPtr.h:767
0 xul.dll nsINode::HasChildren const dom/base/nsINode.h:672
0 xul.dll mozilla::ContentIteratorBase<nsINode*>::NextNode dom/base/ContentIterator.cpp:694
0 xul.dll mozilla::ContentIteratorBase<nsINode*>::Next dom/base/ContentIterator.cpp:798
0 xul.dll mozilla::dom::SelectionNodeCache::MaybeCollect::<lambda_3>::operator const dom/base/Selection.cpp:343
0 xul.dll nsBaseHashtable<nsPtrHashKey<const mozilla::dom::Selection>, nsTBaseHashSet<nsPtrHashKey<const nsINode> >, nsTBaseHashSet<nsPtrHashKey<const nsINode> >, nsDefaultConverter<nsTBaseHashSet<nsPtrHashKey<const nsINode> >, nsTBaseHashSet<nsPtrHashKey<const nsINode> > > >::EntryHandle::OrInsertWith xpcom/ds/nsBaseHashtable.h:726
0 xul.dll nsBaseHashtable<nsPtrHashKey<const mozilla::dom::Selection>, nsTBaseHashSet<nsPtrHashKey<const nsINode> >, nsTBaseHashSet<nsPtrHashKey<const nsINode> >, nsDefaultConverter<nsTBaseHashSet<nsPtrHashKey<const nsINode> >, nsTBaseHashSet<nsPtrHashKey<const nsINode> > > >::LookupOrInsertWith<`lambda at /builds/worker/checkouts/gecko/dom/base/Selection.cpp:329:56'>::<lambda_1>::operator const xpcom/ds/nsBaseHashtable.h:423
0 xul.dll nsBaseHashtable<nsPtrHashKey<const mozilla::dom::Selection>, nsTBaseHashSet<nsPtrHashKey<const nsINode> >, nsTBaseHashSet<nsPtrHashKey<const nsINode> >, nsDefaultConverter<nsTBaseHashSet<nsPtrHashKey<const nsINode> >, nsTBaseHashSet<nsPtrHashKey<const nsINode> > > >::WithEntryHandle<`lambda at /builds/worker/checkouts/gecko/xpcom/ds/nsBaseHashtable.h:422:34'>::<lambda_1>::operator const xpcom/ds/nsBaseHashtable.h:836
0 xul.dll nsTHashtable<nsBaseHashtableET<nsPtrHashKey<const mozilla::dom::Selection>, nsTBaseHashSet<nsPtrHashKey<const nsINode> > > >::WithEntryHandle<`lambda at /builds/worker/checkouts/gecko/xpcom/ds/nsBaseHashtable.h:835:15'>::<lambda_1>::operator const xpcom/ds/nsTHashtable.h:437
0 xul.dll PLDHashTable::WithEntryHandle xpcom/ds/PLDHashTable.h:605
By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:
- First crash report: 2024-08-18
- Process type: Content
- Is startup crash: No
- Has user comments: No
- Is null crash: Yes - 1 out of 8 crashes happened on null or near null memory address
|
||
Updated•3 months ago
|
Component: General → DOM: Selection
|
||
Comment 2•3 months ago
|
||
These are two different crash signatures btw. One is on Release and is likely GC/CC related, the other one is on Nightly and shows the stack trace above. That one is likely a regression from Bug 1867249.
Keywords: regression
Regressed by: 1867249
|
|
||
Updated•3 months ago
|
Severity: -- → S3
Flags: needinfo?(jjaschke)
|
|
||
Updated•3 months ago
|
Flags: needinfo?(jjaschke)
|
Reporter | |
Comment 3•3 months ago
|
||
Set release status flags based on info from the regressing bug 1867249
status-firefox129:
--- → unaffected
status-firefox130:
--- → unaffected
status-firefox-esr115:
--- → unaffected
status-firefox-esr128:
--- → unaffected
|
||
Updated•3 months ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•