Closed Bug 978069 Opened 6 years ago Closed 6 years ago

crash in libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)

Categories

(Core :: DOM: Core & HTML, defect, critical)

30 Branch
x86
All
defect
Not set
critical

Tracking

()

RESOLVED FIXED
Tracking Status
firefox29 --- unaffected
firefox30 - affected

People

(Reporter: alice0775, Assigned: bzbarsky)

References

()

Details

(Keywords: crash, regression)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-091a21c5-782b-465b-9d04-9596a2140228.
=============================================================


Steps To Reproduce:
1. <input type="file">
2. Drag a Image file from Explorer. and drop it on "Browse..." button

3. Repeat Step.2 several times if necessary
4. Click "Browse..." button if necessaryif necesarry

5. Repeat from step.2 if necesarry

Actual Results:
Browser crashes.
Steps To Reproduce:
1. <input type="file">
2. Drag a Image file from desktop, and drop it on "Browse..." button

Regression window(m-i)
Good:
https://hg.mozilla.org/integration/mozilla-inbound/rev/26bfe4ef1bc2
Mozilla/5.0 (X11; Linux i686; rv:30.0) Gecko/20100101 Firefox/30.0 ID:20140226190714
Bad:
https://hg.mozilla.org/integration/mozilla-inbound/rev/26bfe4ef1bc2
Mozilla/5.0 (X11; Linux i686; rv:30.0) Gecko/20100101 Firefox/30.0 ID:20140226190714
Pushlog:
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=26bfe4ef1bc2&tochange=a40bcf02bb60

Regressed by:Bug 923054
Blocks: 923054
Keywords: regression
Crashes on windows7 too.
bp-bf7f777b-6e55-4fc8-9fe5-0805d2140228

https://hg.mozilla.org/mozilla-central/rev/58eca03214a6
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0 ID:20140228030206
Crash Signature: [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)] → [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)] [@ nsRefPtr<nsIDOMRange>::~nsRefPtr<nsIDOMRange>() | mozilla::dom::DataTransfer::~DataTransfer()]
OS: Linux → All
I assume bz just fixed this one by adding NS_IF_ADDREF.
Crash Signature: [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)] [@ nsRefPtr<nsIDOMRange>::~nsRefPtr<nsIDOMRange>() | mozilla::dom::DataTransfer::~DataTransfer()] → [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)]
OS: All → Linux
Crash Signature: [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)] → [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)] [@ nsRefPtr<nsIDOMRange>::~nsRefPtr<nsIDOMRange>() | mozilla::dom::DataTransfer::~DataTransfer()]
OS: Linux → All
Yeah, this is fixed by the patch in bug 977950.
Assignee: nobody → bzbarsky
Status: NEW → RESOLVED
Crash Signature: [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)] [@ nsRefPtr<nsIDOMRange>::~nsRefPtr<nsIDOMRange>() | mozilla::dom::DataTransfer::~DataTransfer()] → [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)]
Closed: 6 years ago
Depends on: 977950
OS: All → Linux
Resolution: --- → FIXED
Crash Signature: [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)] → [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)] [@ nsRefPtr<nsIDOMRange>::~nsRefPtr<nsIDOMRange>() | mozilla::dom::DataTransfer::~DataTransfer()]
OS: Linux → All
Will not be tracking based on info provided in Comment 4.
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.