Closed
Bug 828180
Opened 12 years ago
Closed 12 years ago
crash in nsIContent::IsHTML
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
VERIFIED
FIXED
mozilla21
People
(Reporter: scoobidiver, Assigned: peterv)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
2.24 KB,
patch
|
bzbarsky
:
review+
akeybl
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
It first showed up in 20.0a1/20130106. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=d8ca3e1c469e&tochange=20d1a5916ef6
I suspect bug 824907.
Signature nsIContent::IsHTML(nsIAtom*) More Reports Search
UUID 4b217ab7-4816-494e-b648-7580a2130109
Date Processed 2013-01-09 07:08:17
Uptime 142
Last Crash 2.5 minutes before submission
Install Age 5.0 minutes since version was first installed.
Install Time 2013-01-09 07:03:25
Product Firefox
Version 21.0a1
Build ID 20130108033457
Release Channel nightly
OS Windows NT
OS Version 5.1.2600 Service Pack 3
Build Architecture x86
Build Architecture Info GenuineIntel family 15 model 4 stepping 1
Crash Reason EXCEPTION_ACCESS_VIOLATION_READ
Crash Address 0xc
App Notes
AdapterVendorID: 0x8086, AdapterDeviceID: 0x2562, AdapterSubsysID: 25628086, AdapterDriverVersion: 6.14.10.4020
D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers-
EMCheckCompatibility True
Adapter Vendor ID 0x8086
Adapter Device ID 0x2562
Total Virtual Memory 2147352576
Available Virtual Memory 1822892032
System Memory Use Percentage 57
Available Page File 1947811840
Available Physical Memory 452120576
Frame Module Signature Source
0 xul.dll nsIContent::IsHTML obj-firefox/dist/include/nsIContent.h:281
1 xul.dll mozilla::dom::HTMLTableElement::SetTHead obj-firefox/dist/include/mozilla/dom/HTMLTableElement.h:65
2 xul.dll mozilla::dom::HTMLTableElementBinding::set_tHead obj-firefox/dom/bindings/HTMLTableElementBinding.cpp:174
3 xul.dll mozilla::dom::HTMLTableElementBinding::genericSetter obj-firefox/dom/bindings/HTMLTableElementBinding.cpp:989
4 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:391
5 mozjs.dll js::Invoke js/src/jsinterp.cpp:439
6 mozjs.dll js::Shape::set js/src/jsscopeinlines.h:315
7 mozjs.dll js::baseops::SetPropertyHelper js/src/jsobj.cpp:3686
8 mozjs.dll js::Interpret js/src/jsinterp.cpp:2307
9 mozjs.dll js::RunScript js/src/jsinterp.cpp:340
10 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:406
11 mozjs.dll js::Invoke js/src/jsinterp.cpp:439
12 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5806
13 xul.dll nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1432
14 xul.dll nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJS.cpp:580
...
More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsIContent%3A%3AIsHTML%28nsIAtom*%29
Assignee | ||
Comment 1•12 years ago
|
||
Bleh.
Comment 2•12 years ago
|
||
Comment on attachment 699639 [details] [diff] [review]
v1
r=me
We need to get this on Aurora too, right?
Attachment #699639 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Comment 3•12 years ago
|
||
Comment on attachment 699639 [details] [diff] [review]
v1
https://hg.mozilla.org/integration/mozilla-inbound/rev/68c146972e78
[Approval Request Comment]
Bug caused by (feature/regressing bug #): 824907
User impact if declined: null crash
Testing completed (on m-c, etc.): on inbound, has crashtest
Risk to taking this patch (and alternatives if risky): low-risk, just adding null-check
String or UUID changes made by this patch: none
Attachment #699639 -
Flags: approval-mozilla-aurora?
Comment 4•12 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
Reporter | ||
Updated•12 years ago
|
Comment 5•12 years ago
|
||
Comment on attachment 699639 [details] [diff] [review]
v1
Null check crash fix, approving for Aurora 20.
Attachment #699639 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 6•12 years ago
|
||
Comment 8•12 years ago
|
||
There are a few crashes after the fix from 2013-01-10, with this signature, [@ nsIContent::IsHTML(nsIAtom*)], in the Socorro reports from last month: https://crash-stats.mozilla.com/report/list?query_search=signature&query_type=contains&reason_type=contains&range_value=4&range_unit=weeks&hang_type=any&process_type=any&signature=nsIContent%3A%3AIsHTML%28nsIAtom%2A%29
- 14 crashes on 19.0.2
- a few crashes on Firefox 20 beta: 1, 2, 4 and 5
Any suggestions?
Comment 9•12 years ago
|
||
Totally different stacks on those, as far as I can tell.
Comment 10•12 years ago
|
||
In this case, marking this as verified fixed on Firefox 20, based on comment 9.
Comment 11•11 years ago
|
||
In the Socorro reports from last month, there are some crashes with [@ nsIContent::IsHTML(nsIAtom*)] signature on Firefox 21:
- beta 6: 8 crashes;
- beta 4: 2 crashes;
- beta 3: 3 crashes;
- beta 1: 1 crash.
Could anyone please verify if those are related with this issue?
Comment 12•11 years ago
|
||
Scoobidiver, could you please look into whether the crashes Alexandra is seeing in crash-stats for Firefox 21 are related to this bug?
Flags: needinfo?(scoobidiver)
Reporter | ||
Comment 13•11 years ago
|
||
(In reply to Anthony Hughes, Mozilla QA (:ashughes) from comment #12)
> Scoobidiver, could you please look into whether the crashes Alexandra is
> seeing in crash-stats for Firefox 21 are related to this bug?
None of crashes in 20.0.1 and 21.0 have mozilla::dom::HTMLTableElement::SetTHead in the stack trace so they are a different issue.
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•