Closed
Bug 448993
Opened 16 years ago
Closed 16 years ago
Crash [@ nsRange::CutContents] using deleteContents after extractContents and GC
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
VERIFIED
FIXED
mozilla1.9.1b3
People
(Reporter: jruderman, Assigned: smaug)
References
Details
(4 keywords)
Crash Data
Attachments
(4 files, 2 obsolete files)
644 bytes,
text/html
|
Details | |
725 bytes,
patch
|
Details | Diff | Splinter Review | |
3.15 KB,
patch
|
sicking
:
review+
sicking
:
superreview+
beltzner
:
approval1.9.1+
|
Details | Diff | Splinter Review |
2.22 KB,
patch
|
Details | Diff | Splinter Review |
I've been hitting this crash a lot during automated testing.
Assignee | ||
Updated•16 years ago
|
Assignee: nobody → Olli.Pettay
Assignee | ||
Comment 1•16 years ago
|
||
The fix for bug 335998 would fix this one too, but let's see if I find some temporary fix for the crash.
![]() |
||
Updated•16 years ago
|
Depends on: strongparent
Assignee | ||
Comment 2•16 years ago
|
||
So bug 335998 changed us to cut nodes, which means that just before CC b's parentNode is c, which parentNode is a document fragment, which isn't kept alive. Before bug 335998, c's parent is null. Keeping the document fragment alive by changing r.extractContents(); to var df = r.extractContents(); prevents the crash.
Assignee | ||
Comment 3•16 years ago
|
||
Attachment #332171 -
Flags: superreview?(jonas)
Attachment #332171 -
Flags: review?(jonas)
Assignee | ||
Updated•16 years ago
|
Attachment #332171 -
Flags: superreview?(jonas)
Attachment #332171 -
Flags: review?(jonas)
Reporter | ||
Comment 4•16 years ago
|
||
I assume you meant to refer to bug 332148 in comment 2.
Blocks: 332148
Assignee | ||
Comment 5•16 years ago
|
||
Attachment #332171 -
Attachment is obsolete: true
Attachment #332173 -
Flags: superreview?(jonas)
Attachment #332173 -
Flags: review?(jonas)
Comment 6•16 years ago
|
||
Whoops. I know the point was made in bug 332148 about making mochitests instead of xpcshell tests. Do we plan on adding this testcase as a mochitest and granting privileges, or should we perhaps use a xpcshell test and just call gc()?
Seems bad that IsDetached() can return false but mRoot be null. Should we also set mIsDetached in ::NodeWillBeDestroyed?
Or are there more cases when we are detached with a null mRoot so we need to check for that anyway?
Assignee | ||
Comment 9•16 years ago
|
||
I don't think we want to mark range detached, because that would prevent using a valid range after mRoot has been deleted.
But you can't really use the range if the root goes away anyway since lots of the nodes between the start and end point might have gone away (at which point the endpoints would no longer be connected). Should we make ranges hold a strong reference to the root? (effectively we'd do that anyway once we make nodes hold strong reference to their parent)
Attachment #332173 -
Flags: superreview?(jonas)
Attachment #332173 -
Flags: review?(jonas)
Comment on attachment 332173 [details] [diff] [review] er, this one, fix for now Resetting request, i think we'll want to detach or hold a strong reference to the root.
Assignee | ||
Comment 12•16 years ago
|
||
Ok, I'll make the mRoot strong, after bug 463410.
Depends on: 463410
Assignee | ||
Updated•16 years ago
|
Flags: blocking1.9.1?
Assignee | ||
Comment 13•16 years ago
|
||
Attachment #349162 -
Flags: superreview?(jonas)
Attachment #349162 -
Flags: review?(jonas)
Assignee | ||
Comment 14•16 years ago
|
||
Attachment #349163 -
Flags: superreview?(jonas)
Attachment #349163 -
Flags: review?(jonas)
Assignee | ||
Updated•16 years ago
|
Attachment #349162 -
Attachment is obsolete: true
Attachment #349162 -
Flags: superreview?(jonas)
Attachment #349162 -
Flags: review?(jonas)
Attachment #349163 -
Flags: superreview?(jonas)
Attachment #349163 -
Flags: superreview+
Attachment #349163 -
Flags: review?(jonas)
Attachment #349163 -
Flags: review+
Assignee | ||
Updated•16 years ago
|
Attachment #349163 -
Flags: approval1.9.1?
Updated•16 years ago
|
Flags: in-testsuite?
Assignee | ||
Comment 15•16 years ago
|
||
Updated•16 years ago
|
Attachment #349163 -
Flags: approval1.9.1? → approval1.9.1+
Comment 16•16 years ago
|
||
Comment on attachment 349163 [details] [diff] [review] +missing file a191=beltzner
Assignee | ||
Comment 17•16 years ago
|
||
This needs approval for Bug 463410 too.
Comment 18•16 years ago
|
||
The patch here has approval, so should be ready to land. Not blocking...
Flags: blocking1.9.1? → blocking1.9.1-
Assignee | ||
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Whiteboard: [needs-1.9.1-landing]
Updated•16 years ago
|
Depends on: 471126
Comment 20•16 years ago
|
||
(In reply to comment #19) > fixed on trunk and 1.9.1 Please include links to changesets to trunk and 1.9.1 fixes in the comments next time. Thanks. Verified on Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2a1pre) Gecko/20090310 Minefield/3.2a1pre and Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b4pre) Gecko/20090310 Shiretoko/3.1b4pre Ubiquity/0.1.5
Status: RESOLVED → VERIFIED
Keywords: fixed1.9.1 → verified1.9.1
Updated•13 years ago
|
Crash Signature: [@ nsRange::CutContents]
Updated•11 years ago
|
Component: DOM: Traversal-Range → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•