Last Comment Bug 775972 - crash in nsGenericElement::BindToTree
: crash in nsGenericElement::BindToTree
: crash, regression
Product: Core
Classification: Components
Component: DOM (show other bugs)
: 17 Branch
: All Windows 7
-- critical (vote)
: mozilla17
Assigned To: Olli Pettay [:smaug]
: Andrew Overholt [:overholt]
Depends on:
Blocks: 773945
  Show dependency treegraph
Reported: 2012-07-20 08:07 PDT by Scoobidiver (away)
Modified: 2012-07-22 15:58 PDT (History)
3 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

patch (2.85 KB, patch)
2012-07-20 14:52 PDT, Olli Pettay [:smaug]
bzbarsky: review+
Details | Diff | Splinter Review

Description User image Scoobidiver (away) 2012-07-20 08:07:37 PDT
It's a low volume crash but there's a spike in crashes from 17.0a1/20120720. The regression range for the spike is:
It might be a regression from bug 773945.

Signature 	nsGenericElement::BindToTree(nsIDocument*, nsIContent*, nsIContent*, bool) More Reports Search
UUID	3fa7aeaa-d5e4-43f9-9529-881732120720
Date Processed	2012-07-20 14:55:00
Uptime	11
Last Crash	16 seconds before submission
Install Age	11.6 minutes since version was first installed.
Install Time	2012-07-20 14:42:43
Product	Firefox
Version	17.0a1
Build ID	20120720030549
Release Channel	nightly
OS	Windows NT
OS Version	6.1.7600
Build Architecture	x86
Build Architecture Info	GenuineIntel family 6 model 23 stepping 10
Crash Address	0xc
App Notes 	
AdapterVendorID: 0x8086, AdapterDeviceID: 0x2a42, AdapterSubsysID: 00000000, AdapterDriverVersion:
EMCheckCompatibility	True
Adapter Vendor ID	0x8086
Adapter Device ID	0x2a42
Total Virtual Memory	2147352576
Available Virtual Memory	1903738880
System Memory Use Percentage	67
Available Page File	977223680
Available Physical Memory	320991232

Frame 	Module 	Signature 	Source
0 	xul.dll 	nsGenericElement::BindToTree 	content/base/src/nsGenericElement.cpp:2076
1 	xul.dll 	nsXULElement::BindToTree 	content/xul/content/src/nsXULElement.cpp:702
2 	xul.dll 	nsGenericElement::BindToTree 	content/base/src/nsGenericElement.cpp:2069
3 	xul.dll 	nsINode::doInsertChildAt 	content/base/src/nsINode.cpp:1304
4 	xul.dll 	nsGenericElement::InsertChildAt 	content/base/src/nsGenericElement.cpp:2617
5 	xul.dll 	nsINode::ReplaceOrInsertBefore 	content/base/src/nsINode.cpp:1886
6 	xul.dll 	nsINode::AppendChild 	obj-firefox/dist/include/nsINode.h:504
7 	xul.dll 	nsIDOMNode_AppendChild 	obj-firefox/js/xpconnect/src/dom_quickstubs.cpp:5395
8 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:344
9 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:2425
10 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:355
11 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:387
12 	mozjs.dll 	JS_CallFunctionValue 	js/src/jsapi.cpp:5577
13 	xul.dll 	nsXPCWrappedJSClass::CallMethod 	js/xpconnect/src/XPCWrappedJSClass.cpp:1436
14 	xul.dll 	nsXPCWrappedJS::CallMethod 	js/xpconnect/src/XPCWrappedJS.cpp:580
15 	xul.dll 	PrepareAndDispatch 	xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:85
16 	xul.dll 	SharedStub 	xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:112
17 	xul.dll 	nsEventListenerManager::HandleEventInternal 	content/events/src/nsEventListenerManager.cpp:869
18 	xul.dll 	nsEventTargetChainItem::HandleEventTargetChain 	content/events/src/nsEventDispatcher.cpp:316
19 	xul.dll 	nsRefPtr<nsIRunnable>::~nsRefPtr<nsIRunnable> 	obj-firefox/dist/include/nsAutoPtr.h:874
20 	xul.dll 	nsRunnable::Release 	obj-firefox/xpcom/build/nsThreadUtils.cpp:27
21 	xul.dll 	nsDocument::EndLoad 	content/base/src/nsDocument.cpp:4218

More reports at:*%2C+nsIContent*%2C+nsIContent*%2C+bool%29
Comment 1 User image Boris Zbarsky [:bz] (still a bit busy) 2012-07-20 12:03:11 PDT
That looks like a null-deref crash.  I wonder what's null...  Olli, could our id flags be off?
Comment 2 User image Olli Pettay [:smaug] 2012-07-20 12:10:11 PDT
Ah, I guess so
Comment 3 User image Olli Pettay [:smaug] 2012-07-20 14:52:07 PDT
Created attachment 644485 [details] [diff] [review]

In other places we check the length of ID, and empty ID is no-ID.

If there are still some other similar crashes after this patch landed, 
please file a new bug and CC me.
Comment 4 User image Boris Zbarsky [:bz] (still a bit busy) 2012-07-20 14:53:33 PDT
Comment on attachment 644485 [details] [diff] [review]

Comment 5 User image Olli Pettay [:smaug] 2012-07-20 14:57:16 PDT

Note You need to log in before you can comment on or make changes to this bug.