Crash [@ nsUserFontSet::LogMessage] removing a stylesheet while a font loads

RESOLVED FIXED in mozilla23

Status

()

--
critical
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: jruderman, Assigned: jtd)

Tracking

(Blocks: 1 bug, {assertion, testcase})

Trunk
mozilla23
x86_64
Mac OS X
assertion, testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(4 attachments)

(Reporter)

Description

6 years ago
Created attachment 731618 [details]
testcase (see comment 0)

1. mkdir -p ~/px/y
2. cp ~/Desktop/prefs.js ~/px/y/
3. firefox -profile ~/px/y/ ~/Desktop/h.html

prefs.js:
  user_pref("security.fileuri.strict_origin_policy", false);

The testcase timing is fragile.  You might have to try with several setTimeout values, CLEARING THE PROFILE DIRECTORY each time (!?).
(Reporter)

Comment 1

6 years ago
Created attachment 731619 [details]
stack
(Reporter)

Comment 2

6 years ago
Created attachment 731620 [details]
stack (context + blame)
(Assignee)

Updated

6 years ago
Assignee: nobody → jdaggett
(Assignee)

Comment 3

6 years ago
Did you mean to leave an un-closed comment in the <style> section?  Guessing not...
(Assignee)

Comment 4

6 years ago
Created attachment 732668 [details] [diff] [review]
patch, null-check the result of GetParentStyleSheet

GetParentStyleSheet can null the parent sheet pointer but return NS_OK, so need to null-check this before use.
Attachment #732668 - Flags: review?(dbaron)
Comment on attachment 732668 [details] [diff] [review]
patch, null-check the result of GetParentStyleSheet

>+    // bug 856402 - GetParentStyleSheet can return a null sheet ptr

I'd drop the bug number, but add "if the style sheet is removed while the font is loading", so that the comment explains why it can be null

r=dbaron
Attachment #732668 - Flags: review?(dbaron) → review+

Updated

6 years ago
Crash Signature: [@ NS_DebugBreak | nsCOMPtr<nsIDOMCSSStyleSheet>::operator->()]
https://hg.mozilla.org/mozilla-central/rev/cec16f7093d6
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla23
(Reporter)

Comment 8

6 years ago
(In reply to John Daggett (:jtd) from comment #3)
> Did you mean to leave an un-closed comment in the <style> section?  Guessing
> not...

I did mean to do that.  The script removes the comment, activating the contents of the stylesheet.

There might be a better way to construct a testcase ;)
You need to log in before you can comment on or make changes to this bug.