The default bug view has changed. See this FAQ.

Crash [@ nsIRange::UnregisterCommonAncestor] with designMode

VERIFIED FIXED in Firefox 11

Status

()

Core
DOM
--
critical
VERIFIED FIXED
5 years ago
5 years ago

People

(Reporter: Jesse Ruderman, Assigned: mats)

Tracking

(Blocks: 1 bug, {crash, testcase, verified-beta})

Trunk
mozilla12
crash, testcase, verified-beta
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(firefox9 unaffected, firefox10 unaffected, firefox11 verified, firefox12 verified)

Details

(Whiteboard: [inbound][qa!])

Attachments

(5 attachments)

(Reporter)

Description

5 years ago
Created attachment 584240 [details]
testcase (crashes Firefox when closed)

1. Load the testcase.
2. Close the tab or quit Firefox.

Result: Crash [@ nsIRange::UnregisterCommonAncestor]
(Reporter)

Comment 1

5 years ago
Created attachment 584241 [details]
stack trace

Updated

5 years ago
Assignee: nobody → matspal

Updated

5 years ago
status-firefox11: --- → affected
status-firefox12: --- → affected
tracking-firefox11: --- → ?
tracking-firefox12: --- → ?
(Assignee)

Updated

5 years ago
Component: Document Navigation → DOM
OS: Mac OS X → All
QA Contact: docshell → general
Hardware: x86_64 → All
(Assignee)

Comment 2

5 years ago
Created attachment 584315 [details] [diff] [review]
fix

Make the nsGkAtoms::range property transferable otherwise it's deleted by adoptNode.
Attachment #584315 - Flags: review?(bugs)
(Assignee)

Comment 3

5 years ago
Created attachment 584316 [details] [diff] [review]
Jesse's test
(Assignee)

Comment 4

5 years ago
Created attachment 584317 [details] [diff] [review]
Another crash test

A similar test that crashes without using document.designMode

Comment 5

5 years ago
Comment on attachment 584315 [details] [diff] [review]
fix

Ah, of course.

The patch should go to Aurora too, right?
Attachment #584315 - Flags: review?(bugs) → review+
(Assignee)

Comment 6

5 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/902a4ec5c870
https://hg.mozilla.org/integration/mozilla-inbound/rev/ae7fa68bf1c1
https://hg.mozilla.org/integration/mozilla-inbound/rev/4e7281c6c2e9
status-firefox12: affected → fixed
tracking-firefox12: ? → ---
Flags: in-testsuite+
Whiteboard: [inbound]
Target Milestone: --- → mozilla12
(Assignee)

Comment 7

5 years ago
Comment on attachment 584315 [details] [diff] [review]
fix

> The patch should go to Aurora too, right?

Yes.  It's a low-risk crash fix.
Attachment #584315 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/902a4ec5c870
https://hg.mozilla.org/mozilla-central/rev/ae7fa68bf1c1
https://hg.mozilla.org/mozilla-central/rev/4e7281c6c2e9
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED

Comment 9

5 years ago
Comment on attachment 584315 [details] [diff] [review]
fix

[triage comment]
Approved for aurora. Simple crash fix.
Attachment #584315 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
(Assignee)

Comment 10

5 years ago
https://hg.mozilla.org/releases/mozilla-aurora/rev/b9e5451b1cee
https://hg.mozilla.org/releases/mozilla-aurora/rev/c22595601b71
https://hg.mozilla.org/releases/mozilla-aurora/rev/06335a118a5a
status-firefox10: --- → unaffected
status-firefox11: affected → fixed
status-firefox9: --- → unaffected
tracking-firefox11: ? → ---
Whiteboard: [inbound] → [inbound][qa+]
No crashes loading the test case from comment 0. This is verified fixed on Firefox 11b1:
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0
Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20100101 Firefox/11.0
Status: RESOLVED → VERIFIED
status-firefox11: fixed → verified
Keywords: verified-beta
Whiteboard: [inbound][qa+] → [inbound][qa+][qa!:11]
Status: VERIFIED → RESOLVED
Last Resolved: 5 years ago5 years ago
No crashes loading the test case from comment 0. This is verified fixed on Firefox 12b2:
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20100101 Firefox/12.0
Status: RESOLVED → VERIFIED
status-firefox12: fixed → verified
Whiteboard: [inbound][qa+][qa!:11] → [inbound][qa!]
I cannot duplicate the tab with the test case. Could be something related to this fix ?
(Reporter)

Comment 14

5 years ago
Paul, what do you mean by "duplicate the tab"?
http://www.technospot.net/blogs/how-to-duplicate-firefox-3-tabs/
(Reporter)

Comment 16

5 years ago
Paul, that's related to http://hg.mozilla.org/mozilla-central/annotate/a30fd69f1e0c/browser/components/sessionstore/src/nsSessionStore.js#l2193, not this patch. Can you file a new bug report in the "Session Restore" component, and mention the bug number here?
Sure Jesse.
Bug 739531 filed.
You need to log in before you can comment on or make changes to this bug.