Closed
Bug 828180
Opened 10 years ago
Closed 10 years ago
crash in nsIContent::IsHTML
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
VERIFIED
FIXED
mozilla21
People
(Reporter: scoobidiver, Assigned: peterv)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
2.24 KB,
patch
|
bzbarsky
:
review+
akeybl
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
It first showed up in 20.0a1/20130106. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=d8ca3e1c469e&tochange=20d1a5916ef6 I suspect bug 824907. Signature nsIContent::IsHTML(nsIAtom*) More Reports Search UUID 4b217ab7-4816-494e-b648-7580a2130109 Date Processed 2013-01-09 07:08:17 Uptime 142 Last Crash 2.5 minutes before submission Install Age 5.0 minutes since version was first installed. Install Time 2013-01-09 07:03:25 Product Firefox Version 21.0a1 Build ID 20130108033457 Release Channel nightly OS Windows NT OS Version 5.1.2600 Service Pack 3 Build Architecture x86 Build Architecture Info GenuineIntel family 15 model 4 stepping 1 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0xc App Notes AdapterVendorID: 0x8086, AdapterDeviceID: 0x2562, AdapterSubsysID: 25628086, AdapterDriverVersion: 6.14.10.4020 D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- EMCheckCompatibility True Adapter Vendor ID 0x8086 Adapter Device ID 0x2562 Total Virtual Memory 2147352576 Available Virtual Memory 1822892032 System Memory Use Percentage 57 Available Page File 1947811840 Available Physical Memory 452120576 Frame Module Signature Source 0 xul.dll nsIContent::IsHTML obj-firefox/dist/include/nsIContent.h:281 1 xul.dll mozilla::dom::HTMLTableElement::SetTHead obj-firefox/dist/include/mozilla/dom/HTMLTableElement.h:65 2 xul.dll mozilla::dom::HTMLTableElementBinding::set_tHead obj-firefox/dom/bindings/HTMLTableElementBinding.cpp:174 3 xul.dll mozilla::dom::HTMLTableElementBinding::genericSetter obj-firefox/dom/bindings/HTMLTableElementBinding.cpp:989 4 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:391 5 mozjs.dll js::Invoke js/src/jsinterp.cpp:439 6 mozjs.dll js::Shape::set js/src/jsscopeinlines.h:315 7 mozjs.dll js::baseops::SetPropertyHelper js/src/jsobj.cpp:3686 8 mozjs.dll js::Interpret js/src/jsinterp.cpp:2307 9 mozjs.dll js::RunScript js/src/jsinterp.cpp:340 10 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:406 11 mozjs.dll js::Invoke js/src/jsinterp.cpp:439 12 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5806 13 xul.dll nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1432 14 xul.dll nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJS.cpp:580 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=nsIContent%3A%3AIsHTML%28nsIAtom*%29
|
Assignee | |
Comment 1•10 years ago
|
||
Bleh.
|
||
Comment 2•10 years ago
|
||
Comment on attachment 699639 [details] [diff] [review] v1 r=me We need to get this on Aurora too, right?
Attachment #699639 -
Flags: review?(bzbarsky) → review+
|
|
Assignee | |
Comment 3•10 years ago
|
||
Comment on attachment 699639 [details] [diff] [review] v1 https://hg.mozilla.org/integration/mozilla-inbound/rev/68c146972e78 [Approval Request Comment] Bug caused by (feature/regressing bug #): 824907 User impact if declined: null crash Testing completed (on m-c, etc.): on inbound, has crashtest Risk to taking this patch (and alternatives if risky): low-risk, just adding null-check String or UUID changes made by this patch: none
Attachment #699639 -
Flags: approval-mozilla-aurora?
|
||
Comment 4•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/68c146972e78
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
|
Reporter | |
Updated•10 years ago
|
|
||
Comment 5•10 years ago
|
||
Comment on attachment 699639 [details] [diff] [review] v1 Null check crash fix, approving for Aurora 20.
Attachment #699639 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
||
Comment 8•10 years ago
|
||
There are a few crashes after the fix from 2013-01-10, with this signature, [@ nsIContent::IsHTML(nsIAtom*)], in the Socorro reports from last month: https://crash-stats.mozilla.com/report/list?query_search=signature&query_type=contains&reason_type=contains&range_value=4&range_unit=weeks&hang_type=any&process_type=any&signature=nsIContent%3A%3AIsHTML%28nsIAtom%2A%29 - 14 crashes on 19.0.2 - a few crashes on Firefox 20 beta: 1, 2, 4 and 5 Any suggestions?
|
|
||
Comment 9•10 years ago
|
||
Totally different stacks on those, as far as I can tell.
|
|
||
Comment 10•10 years ago
|
||
In this case, marking this as verified fixed on Firefox 20, based on comment 9.
|
||
Comment 11•10 years ago
|
||
In the Socorro reports from last month, there are some crashes with [@ nsIContent::IsHTML(nsIAtom*)] signature on Firefox 21: - beta 6: 8 crashes; - beta 4: 2 crashes; - beta 3: 3 crashes; - beta 1: 1 crash. Could anyone please verify if those are related with this issue?
|
||
Comment 12•10 years ago
|
||
Scoobidiver, could you please look into whether the crashes Alexandra is seeing in crash-stats for Firefox 21 are related to this bug?
Flags: needinfo?(scoobidiver)
|
|
Reporter | |
Comment 13•10 years ago
|
||
(In reply to Anthony Hughes, Mozilla QA (:ashughes) from comment #12) > Scoobidiver, could you please look into whether the crashes Alexandra is > seeing in crash-stats for Firefox 21 are related to this bug? None of crashes in 20.0.1 and 21.0 have mozilla::dom::HTMLTableElement::SetTHead in the stack trace so they are a different issue.
|
||
Updated•4 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•