Crash [@ nsUserFontSet::LogMessage] removing a stylesheet while a font loads

RESOLVED FIXED in mozilla23

Status

()

defect
--
critical
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: jruderman, Assigned: jtd)

Tracking

(Blocks 1 bug, {assertion, testcase})

Trunk
mozilla23
x86_64
macOS
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(4 attachments)

1. mkdir -p ~/px/y
2. cp ~/Desktop/prefs.js ~/px/y/
3. firefox -profile ~/px/y/ ~/Desktop/h.html

prefs.js:
  user_pref("security.fileuri.strict_origin_policy", false);

The testcase timing is fragile.  You might have to try with several setTimeout values, CLEARING THE PROFILE DIRECTORY each time (!?).
Posted file stack
Assignee: nobody → jdaggett
Did you mean to leave an un-closed comment in the <style> section?  Guessing not...
GetParentStyleSheet can null the parent sheet pointer but return NS_OK, so need to null-check this before use.
Attachment #732668 - Flags: review?(dbaron)
Comment on attachment 732668 [details] [diff] [review]
patch, null-check the result of GetParentStyleSheet

>+    // bug 856402 - GetParentStyleSheet can return a null sheet ptr

I'd drop the bug number, but add "if the style sheet is removed while the font is loading", so that the comment explains why it can be null

r=dbaron
Attachment #732668 - Flags: review?(dbaron) → review+
Crash Signature: [@ NS_DebugBreak | nsCOMPtr<nsIDOMCSSStyleSheet>::operator->()]
https://hg.mozilla.org/mozilla-central/rev/cec16f7093d6
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla23
(In reply to John Daggett (:jtd) from comment #3)
> Did you mean to leave an un-closed comment in the <style> section?  Guessing
> not...

I did mean to do that.  The script removes the comment, activating the contents of the stylesheet.

There might be a better way to construct a testcase ;)
You need to log in before you can comment on or make changes to this bug.