Closed
Bug 619045
Opened 14 years ago
Closed 13 years ago
crash [@ nsHtml5TreeOpExecutor::RunScript(nsIContent*)], [@ nsHtml5TreeOpExecutor::RunScript] (Mac and linux)
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
RESOLVED
FIXED
mozilla2.0b12
People
(Reporter: wsmwk, Assigned: timeless)
References
Details
(Keywords: crash, topcrash)
Crash Data
Attachments
(1 file, 1 obsolete file)
|
811 bytes,
patch
|
timeless
:
review+
jst
:
approval2.0+
|
Details | Diff | Splinter Review |
crash [@ nsHtml5TreeOpExecutor::RunScript(nsIContent*)] bp-bdcdc9b2-e9b2-4de2-aaa8-4b68d2101213 EXCEPTION_ACCESS_VIOLATION_READ 0x0 0 xul.dll nsHtml5TreeOpExecutor::RunScript 1 xul.dll nsHtml5TreeOpExecutor::RunFlushLoop parser/html/nsHtml5TreeOpExecutor.cpp:525 2 xul.dll nsHtml5ExecutorFlusher::Run parser/html/nsHtml5StreamParser.cpp:153 3 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:626 4 nspr4.dll PR_AssertCurrentThreadOwnsLock nsprpub/pr/src/threads/combined/prulock.c:404 5 nspr4.dll PR_AssertCurrentThreadOwnsLock nsprpub/pr/src/threads/combined/prulock.c:404 6 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110 7 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:202 8 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:176 9 xul.dll nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:192 10 xul.dll xul.dll@0xb1c91b
there's no line number for the crashing frame :(
nsHtml5TreeOpExecutor::RunScript(nsIContent* aScriptElement)
{
nsCOMPtr<nsIScriptElement> sele = do_QueryInterface(aScriptElement);
QI could fail (not likely) leading to a crash of sele-> later:
if (mFragmentMode) {
if (mPreventScriptExecution) {
sele->PreventExecution();
if (sele->GetScriptDeferred() || sele->GetScriptAsync()) {
nsCOMPtr<nsIHTMLDocument> htmlDocument = do_QueryInterface(mDocument);
QI could fail (not likely) leading to a crash of htmlDocument-> here:
htmlDocument->ScriptLoading(sele);
if (rv == NS_ERROR_HTMLPARSER_BLOCK) {
mParser could be null here:
mParser->BlockParser();
} else {
// mParser may have been nulled out by now, but the flusher deals
Since there's a comment worrying about this, that's where my money is. I've grabbed a dump. I'll try to look tonight.
|
Reporter | |
Comment 2•14 years ago
|
||
timeless, I found Mac crasher has line#s bp-a16f1ddb-da8c-4ec7-86de-ebd8f2101214 0 XUL nsHtml5TreeOpExecutor::RunScript parser/html/nsHtml5TreeOpExecutor.cpp:736 1 XUL nsHtml5TreeOpExecutor::RunFlushLoop parser/html/nsHtml5TreeOpExecutor.cpp:525 2 XUL nsHtml5ExecutorReflusher::Run parser/html/nsHtml5TreeOpExecutor.cpp:90 3 XUL nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:609 4 XUL NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:208 this linux crash ends at same line# but has different stack bp-fc18ce99-d617-4236-82f1-3f6a22101209
|
||
Comment 3•14 years ago
|
||
So it sounds like the parsers gets stopped but the script blocks. I have no idea how those two things could occur at the same time, but I guess a null check is needed to deal.
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #497633 -
Flags: review?(hsivonen)
Attachment #497633 -
Flags: approval2.0?
|
|
||
Comment 6•14 years ago
|
||
Comment on attachment 497633 [details] [diff] [review] patch r=hsivonen if you add {} braces around mParser->BlockParser();.
Attachment #497633 -
Flags: review?(hsivonen) → review+
Attachment #497633 -
Attachment is obsolete: true
Attachment #497751 -
Flags: review+
Attachment #497751 -
Flags: approval2.0?
Attachment #497633 -
Flags: approval2.0?
|
||
Comment 8•13 years ago
|
||
Comment on attachment 497751 [details] [diff] [review] {}d Mass minusing patch approval that don't have high return. Please renominate if this is more important for 2.0 than it appears.
Attachment #497751 -
Flags: approval2.0? → approval2.0-
Comment on attachment 497751 [details] [diff] [review] {}d Renomming, this is a simple null check that stops crashes.
Attachment #497751 -
Flags: approval2.0- → approval2.0?
|
|
Reporter | |
Comment 10•13 years ago
|
||
> Renomming, this is a simple null check that stops crashes. plus it's a topcrash for 4.0b11, #71. so consider this a second nomination. nsHtml5TreeOpExecutor::RunScript is the Mac and linux sig and there is also a crash deserving of another bug ... nsCOMPtr_base::assign_from_qi(nsQueryInterface, nsID const&) | nsHtml5TreeOpExecutor::RunScript(nsIContent*) bp-edbae1a4-1862-47a2-8b90-4c4512110213 EXCEPTION_ACCESS_VIOLATION_READ 0xfffffffff00ebfce 0 xul.dll nsCOMPtr_base::assign_from_qi obj-firefox/xpcom/build/nsCOMPtr.cpp:96 1 xul.dll nsHtml5TreeOpExecutor::RunScript parser/html/nsHtml5TreeOpExecutor.cpp:688 2 xul.dll nsHtml5TreeOpExecutor::RunFlushLoop parser/html/nsHtml5TreeOpExecutor.cpp:525 3 xul.dll nsHtml5ExecutorFlusher::Run parser/html/nsHtml5TreeOpExecutor.cpp:90 4 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:633 5 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110
Keywords: topcrash
OS: Windows Vista → All
Summary: crash [@ nsHtml5TreeOpExecutor::RunScript(nsIContent*)] → crash [@ nsHtml5TreeOpExecutor::RunScript(nsIContent*)], [@ nsHtml5TreeOpExecutor::RunScript] (Mac and linux)
|
|
||
Updated•13 years ago
|
Attachment #497751 -
Flags: approval2.0? → approval2.0+
|
|
||
Updated•13 years ago
|
Keywords: checkin-needed
|
||
Comment 11•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/45b687344b21
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla2.0b12
|
||
Updated•13 years ago
|
Crash Signature: [@ nsHtml5TreeOpExecutor::RunScript(nsIContent*)]
[@ nsHtml5TreeOpExecutor::RunScript]
You need to log in
before you can comment on or make changes to this bug.
Description
•