Closed Bug 761086 Opened 9 years ago Closed 9 years ago

crash in inDOMUtils::GetRuleNodeForContent @ nsINode::IsElement with Inspector


(Core :: Layout, defect)

15 Branch
Windows 7
Not set



Tracking Status
firefox15 + fixed


(Reporter: scoobidiver, Assigned: bzbarsky)


(Keywords: crash, regression, Whiteboard: [qa?])

Crash Data


(1 file)

It first appeared in 15.0a1/20120507. The regression range might be (discontinuous):

All comments talk about the element inspector.

Signature 	nsINode::IsElement() More Reports Search
UUID	19681c62-263f-4e27-8682-709602120604
Date Processed	2012-06-04 03:47:37
Uptime	32012
Last Crash	3.6 days before submission
Install Age	13.7 hours since version was first installed.
Install Time	2012-06-03 14:03:57
Product	Firefox
Version	15.0a1
Build ID	20120603030523
Release Channel	nightly
OS	Windows NT
OS Version	6.1.7601 Service Pack 1
Build Architecture	x86
Build Architecture Info	GenuineIntel family 6 model 37 stepping 2
Crash Address	0x18
App Notes 	
AdapterVendorID: 0x8086, AdapterDeviceID: 0x0046, AdapterSubsysID: 215a17aa, AdapterDriverVersion:
D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ WebGL? EGL? EGL+ GL Context? GL Context+ WebGL+ 
EMCheckCompatibility	True	
Total Virtual Memory	4294836224
Available Virtual Memory	3044982784
System Memory Use Percentage	58
Available Page File	3805892608
Available Physical Memory	1676779520

Frame 	Module 	Signature 	Source
0 	xul.dll 	nsINode::IsElement 	obj-firefox/dist/include/nsINode.h:368
1 	xul.dll 	inDOMUtils::GetRuleNodeForContent 	layout/inspector/src/inDOMUtils.cpp:295
2 	xul.dll 	inDOMUtils::GetCSSStyleRules 	layout/inspector/src/inDOMUtils.cpp:170
3 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:70
4 	xul.dll 	XPCWrappedNative::CallMethod 	js/xpconnect/src/XPCWrappedNative.cpp:2356
5 	xul.dll 	XPC_WN_CallMethod 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1500
6 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:310
7 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:2512
8 	mozjs.dll 	js::CallObject::createForFunction 	js/src/vm/ScopeObject.cpp:199
9 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:358

More reports at:
I can (and should) certainly fix this on the layout end by null-checking the element in inDOMUtils::GetCSSStyleRules and throwing when null, but why is the element inspector passing in null, exactly?  Throwing will likely break whatever element inspector code is passing null.

I guess it's also possible that the element inspector is passing some random non-DOM JS object, not null.
Paul: this is something related to the Inspector. Can you please take a look? Thanks!
Attached patch FixSplinter Review
Well, let's just throw instead of crashing
Attachment #630416 - Flags: review?(bugs)
Assignee: nobody → bzbarsky
Whiteboard: [need review]
Attachment #630416 - Flags: review?(bugs) → review+
Flags: in-testsuite?
Whiteboard: [need review]
Target Milestone: --- → mozilla16
Comment on attachment 630416 [details] [diff] [review]

[Approval Request Comment]
Bug caused by (feature/regressing bug #): Probably landing of some inspector
User impact if declined: Crashes in some circumstances that I don't understand
Testing completed (on m-c, etc.):  None.  The patch just adds a null-check on the   crashing codepath.
Risk to taking this patch (and alternatives if risky): Low risk: just a
   null-check.  Might replace crashes with the inspector tool not working right
   in some edge case, perhaps.
String or UUID changes made by this patch: None.
Attachment #630416 - Flags: approval-mozilla-aurora?
Closed: 9 years ago
Resolution: --- → FIXED
Comment on attachment 630416 [details] [diff] [review]

[Triage Comment]
Low risk null check. Approved for Aurora 15.
Attachment #630416 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Verified the crash stats on the Socorro interface

It seems that crashes with this signature are still happening, but they are also associated to bug 772459 (which has not been fixed yet). Are there any STR/guidelines QA can verify this fix with?
Whiteboard: [qa?]
You need to log in before you can comment on or make changes to this bug.