Closed
Bug 713417
Opened 13 years ago
Closed 13 years ago
Crash [@ nsIRange::UnregisterCommonAncestor] with designMode
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
VERIFIED
FIXED
mozilla12
Tracking | Status | |
---|---|---|
firefox9 | --- | unaffected |
firefox10 | --- | unaffected |
firefox11 | --- | verified |
firefox12 | --- | verified |
People
(Reporter: jruderman, Assigned: MatsPalmgren_bugz)
Details
(Keywords: crash, testcase, verified-beta, Whiteboard: [inbound][qa!])
Attachments
(5 files)
340 bytes,
text/html
|
Details | |
15.86 KB,
text/plain
|
Details | |
891 bytes,
patch
|
smaug
:
review+
christian
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
729 bytes,
patch
|
Details | Diff | Splinter Review | |
1.26 KB,
patch
|
Details | Diff | Splinter Review |
1. Load the testcase.
2. Close the tab or quit Firefox.
Result: Crash [@ nsIRange::UnregisterCommonAncestor]
Reporter | ||
Comment 1•13 years ago
|
||
Updated•13 years ago
|
Assignee: nobody → matspal
Updated•13 years ago
|
status-firefox11:
--- → affected
status-firefox12:
--- → affected
tracking-firefox11:
--- → ?
tracking-firefox12:
--- → ?
Assignee | ||
Updated•13 years ago
|
Component: Document Navigation → DOM
OS: Mac OS X → All
QA Contact: docshell → general
Hardware: x86_64 → All
Assignee | ||
Comment 2•13 years ago
|
||
Make the nsGkAtoms::range property transferable otherwise it's deleted by adoptNode.
Attachment #584315 -
Flags: review?(bugs)
Assignee | ||
Comment 3•13 years ago
|
||
Assignee | ||
Comment 4•13 years ago
|
||
A similar test that crashes without using document.designMode
Comment 5•13 years ago
|
||
Comment on attachment 584315 [details] [diff] [review]
fix
Ah, of course.
The patch should go to Aurora too, right?
Attachment #584315 -
Flags: review?(bugs) → review+
Assignee | ||
Comment 6•13 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/902a4ec5c870
https://hg.mozilla.org/integration/mozilla-inbound/rev/ae7fa68bf1c1
https://hg.mozilla.org/integration/mozilla-inbound/rev/4e7281c6c2e9
tracking-firefox12:
? → ---
Flags: in-testsuite+
Whiteboard: [inbound]
Target Milestone: --- → mozilla12
Assignee | ||
Comment 7•13 years ago
|
||
Comment on attachment 584315 [details] [diff] [review]
fix
> The patch should go to Aurora too, right?
Yes. It's a low-risk crash fix.
Attachment #584315 -
Flags: approval-mozilla-aurora?
Comment 8•13 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/902a4ec5c870
https://hg.mozilla.org/mozilla-central/rev/ae7fa68bf1c1
https://hg.mozilla.org/mozilla-central/rev/4e7281c6c2e9
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment on attachment 584315 [details] [diff] [review]
fix
[triage comment]
Approved for aurora. Simple crash fix.
Attachment #584315 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Assignee | ||
Comment 10•13 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/b9e5451b1cee
https://hg.mozilla.org/releases/mozilla-aurora/rev/c22595601b71
https://hg.mozilla.org/releases/mozilla-aurora/rev/06335a118a5a
Comment 11•13 years ago
|
||
No crashes loading the test case from comment 0. This is verified fixed on Firefox 11b1:
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0
Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20100101 Firefox/11.0
Status: RESOLVED → VERIFIED
Keywords: verified-beta
Whiteboard: [inbound][qa+] → [inbound][qa+][qa!:11]
Updated•13 years ago
|
Status: VERIFIED → RESOLVED
Closed: 13 years ago → 13 years ago
Comment 12•13 years ago
|
||
No crashes loading the test case from comment 0. This is verified fixed on Firefox 12b2:
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20100101 Firefox/12.0
Status: RESOLVED → VERIFIED
Whiteboard: [inbound][qa+][qa!:11] → [inbound][qa!]
Comment 13•13 years ago
|
||
I cannot duplicate the tab with the test case. Could be something related to this fix ?
Reporter | ||
Comment 14•13 years ago
|
||
Paul, what do you mean by "duplicate the tab"?
Comment 15•13 years ago
|
||
Reporter | ||
Comment 16•13 years ago
|
||
Paul, that's related to http://hg.mozilla.org/mozilla-central/annotate/a30fd69f1e0c/browser/components/sessionstore/src/nsSessionStore.js#l2193, not this patch. Can you file a new bug report in the "Session Restore" component, and mention the bug number here?
Comment 17•13 years ago
|
||
Sure Jesse.
Bug 739531 filed.
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•