454114 - Infinite recursion in crashtest setting up editor

Status: RESOLVED FIXED

(Core :: DOM: Core & HTML, defect)

Description

[Robert O'Callahan (:roc) (email my personal email if necessary)]

Attachment: fix

I ran crashtests locally and hit an infinite recursion crash. Here's the repeating part of the stack:

#81362 0x12cef5b9 in mozAutoDocUpdate::~mozAutoDocUpdate (this=0xbfffafd4) at mozAutoDocUpdate.h:66
#81363 0x12cef5f1 in mozAutoDocUpdate::~mozAutoDocUpdate (this=0xbfffafd4) at mozAutoDocUpdate.h:74
#81364 0x12de288c in nsCSSStyleSheet::SetDisabled (this=0x1e7f7730, aDisabled=0) at /Users/roc/mozilla-checkin/layout/style/nsCSSStyleSheet.cpp:1653
#81365 0x13453f6a in nsHTMLEditor::EnableExistingStyleSheet (this=0xaa0a00, aURL=@0xbfffb160) at /Users/roc/mozilla-checkin/editor/libeditor/html/nsHTMLEditor.cpp:3710
#81366 0x1345481f in nsHTMLEditor::AddOverrideStyleSheet (this=0xaa0a00, aURL=@0xbfffb160) at /Users/roc/mozilla-checkin/editor/libeditor/html/nsHTMLEditor.cpp:3592
#81367 0x1307592e in nsHTMLDocument::EditingStateChanged (this=0xc01e00) at /Users/roc/mozilla-checkin/content/html/document/src/nsHTMLDocument.cpp:3376
#81368 0x1307695c in nsHTMLDocument::EndUpdate (this=0xc01e00, aUpdateType=2) at /Users/roc/mozilla-checkin/content/html/document/src/nsHTMLDocument.cpp:3081
#81369 0x12cef5b9 in mozAutoDocUpdate::~mozAutoDocUpdate (this=0xbfffb2a4) at mozAutoDocUpdate.h:66
#81370 0x12cef5f1 in mozAutoDocUpdate::~mozAutoDocUpdate (this=0xbfffb2a4) at mozAutoDocUpdate.h:74

If you look at the code, this is fairly self-explanatory. There are various ways to fix this, e.g. make SetDisabled avoid doing an nsAutoDocUpdate if aDisabled == mIsDisabled, but I think the best way is to extend the re-entry check in EditingStateChanged.

Comment 1

[Robert O'Callahan (:roc) (email my personal email if necessary)]

Pushed adcd0ee05739.

Marking in-testsuite+ since I found this by running crashtests.