Status

()

Core
Layout
RESOLVED FIXED
8 years ago
7 years ago

People

(Reporter: dbaron, Assigned: bz)

Tracking

({crash, topcrash})

Trunk
All
Windows XP
crash, topcrash
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [3.7a1 trunk topcrash], crash signature)

Attachments

(1 attachment)

(Reporter)

Description

8 years ago
Crashes at GetBodyColor started showing up in 2009-12-25 builds, presumably a regression from bug 500882.

http://crash-stats.mozilla.com/report/list?range_value=2&range_unit=weeks&signature=GetBodyColor&version=Firefox%3A3.7a1pre has more details

Looks like a null-dereference (crash address is always 0x14).

Stacks look a bit confused in crash-stats, but top 3 frames seem to make sense at first glance:


0 	xul.dll 	GetBodyColor 	layout/style/nsHTMLStyleSheet.cpp:413
1 	xul.dll 	nsHTMLStyleSheet::RulesMatching 	
2 	xul.dll 	EnumRulesMatching<ElementRuleProcessorData> 	layout/style/nsStyleSet.cpp:419
(Reporter)

Updated

8 years ago
Keywords: crash, topcrash
Whiteboard: [3.7a1 trunk topcrash]
> Looks like a null-dereference (crash address is always 0x14).

Yep, that's GetPrimaryFrame on a null content.
Created attachment 419205 [details] [diff] [review]
Fix
Assignee: nobody → bzbarsky
Status: NEW → ASSIGNED
Attachment #419205 - Flags: review?(dbaron)
(Reporter)

Comment 3

8 years ago
Comment on attachment 419205 [details] [diff] [review]
Fix

r=dbaron

I suspect the color of the document when it's a frameset never actually shows up, so we could just use GetBodyContent.
Attachment #419205 - Flags: review?(dbaron) → review+
Pushed http://hg.mozilla.org/mozilla-central/rev/f428c74b2326 with that change.
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Crash Signature: [@ GetBodyColor]
You need to log in before you can comment on or make changes to this bug.