Closed Bug 761086 Opened 13 years ago Closed 13 years ago

crash in inDOMUtils::GetRuleNodeForContent @ nsINode::IsElement with Inspector

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Version:
15 Branch
Platform:
All
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla16
Tracking Flags:
Tracking Status
firefox15 + fixed

People

(Reporter: scoobidiver, Assigned: bzbarsky)

Details

(Keywords: crash, regression, Whiteboard: [qa?])

Crash Data

Attachments

(1 file)

Fix
1.05 KB, patch
smaug
: review+
akeybl
: approval-mozilla-aurora+
Details | Diff | Splinter Review
It first appeared in 15.0a1/20120507. The regression range might be (discontinuous): http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=94ce5f33a9ea&tochange=448f554f6acb All comments talk about the element inspector. Signature nsINode::IsElement() More Reports Search UUID 19681c62-263f-4e27-8682-709602120604 Date Processed 2012-06-04 03:47:37 Uptime 32012 Last Crash 3.6 days before submission Install Age 13.7 hours since version was first installed. Install Time 2012-06-03 14:03:57 Product Firefox Version 15.0a1 Build ID 20120603030523 Release Channel nightly OS Windows NT OS Version 6.1.7601 Service Pack 1 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 37 stepping 2 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x18 App Notes AdapterVendorID: 0x8086, AdapterDeviceID: 0x0046, AdapterSubsysID: 215a17aa, AdapterDriverVersion: 8.15.10.2401 D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ WebGL? EGL? EGL+ GL Context? GL Context+ WebGL+ EMCheckCompatibility True Total Virtual Memory 4294836224 Available Virtual Memory 3044982784 System Memory Use Percentage 58 Available Page File 3805892608 Available Physical Memory 1676779520 Frame Module Signature Source 0 xul.dll nsINode::IsElement obj-firefox/dist/include/nsINode.h:368 1 xul.dll inDOMUtils::GetRuleNodeForContent layout/inspector/src/inDOMUtils.cpp:295 2 xul.dll inDOMUtils::GetCSSStyleRules layout/inspector/src/inDOMUtils.cpp:170 3 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:70 4 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2356 5 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1500 6 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:310 7 mozjs.dll js::Interpret js/src/jsinterp.cpp:2512 8 mozjs.dll js::CallObject::createForFunction js/src/vm/ScopeObject.cpp:199 9 mozjs.dll js::Invoke js/src/jsinterp.cpp:358 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=nsINode%3A%3AIsElement%28%29
I can (and should) certainly fix this on the layout end by null-checking the element in inDOMUtils::GetCSSStyleRules and throwing when null, but why is the element inspector passing in null, exactly? Throwing will likely break whatever element inspector code is passing null. I guess it's also possible that the element inspector is passing some random non-DOM JS object, not null.
Paul: this is something related to the Inspector. Can you please take a look? Thanks!
Attached patch FixSplinter Review
Well, let's just throw instead of crashing
Attachment #630416 - Flags: review?(bugs)
Assignee: nobody → bzbarsky
tracking-firefox15: --- → ?
Whiteboard: [need review]
Attachment #630416 - Flags: review?(bugs) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/41838b80cb57
Flags: in-testsuite?
Whiteboard: [need review]
Target Milestone: --- → mozilla16
Comment on attachment 630416 [details] [diff] [review] Fix [Approval Request Comment] Bug caused by (feature/regressing bug #): Probably landing of some inspector changes User impact if declined: Crashes in some circumstances that I don't understand Testing completed (on m-c, etc.): None. The patch just adds a null-check on the crashing codepath. Risk to taking this patch (and alternatives if risky): Low risk: just a null-check. Might replace crashes with the inspector tool not working right in some edge case, perhaps. String or UUID changes made by this patch: None.
Attachment #630416 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/41838b80cb57
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment on attachment 630416 [details] [diff] [review] Fix [Triage Comment] Low risk null check. Approved for Aurora 15.
Attachment #630416 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Verified the crash stats on the Socorro interface https://crash-stats.mozilla.com/report/list?query_search=signature&query_type=contains&reason_type=contains&range_value=1&range_unit=weeks&hang_type=any&process_type=any&signature=nsINode%3A%3AIsElement%28%29. It seems that crashes with this signature are still happening, but they are also associated to bug 772459 (which has not been fixed yet). Are there any STR/guidelines QA can verify this fix with?
Whiteboard: [qa?]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: