Closed
Bug 978069
Opened 11 years ago
Closed 11 years ago
crash in libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| firefox29 | --- | unaffected |
| firefox30 | - | affected |
People
(Reporter: alice0775, Assigned: bzbarsky)
References
()
Details
(Keywords: crash, regression)
Crash Data
This bug was filed from the Socorro interface and is
report bp-091a21c5-782b-465b-9d04-9596a2140228.
=============================================================
Steps To Reproduce:
1. <input type="file">
2. Drag a Image file from Explorer. and drop it on "Browse..." button
3. Repeat Step.2 several times if necessary
4. Click "Browse..." button if necessaryif necesarry
5. Repeat from step.2 if necesarry
Actual Results:
Browser crashes.
|
Reporter | |
Updated•11 years ago
|
|
|
Reporter | |
Comment 1•11 years ago
|
||
Steps To Reproduce:
1. <input type="file">
2. Drag a Image file from desktop, and drop it on "Browse..." button
Regression window(m-i)
Good:
https://hg.mozilla.org/integration/mozilla-inbound/rev/26bfe4ef1bc2
Mozilla/5.0 (X11; Linux i686; rv:30.0) Gecko/20100101 Firefox/30.0 ID:20140226190714
Bad:
https://hg.mozilla.org/integration/mozilla-inbound/rev/26bfe4ef1bc2
Mozilla/5.0 (X11; Linux i686; rv:30.0) Gecko/20100101 Firefox/30.0 ID:20140226190714
Pushlog:
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=26bfe4ef1bc2&tochange=a40bcf02bb60
Regressed by:Bug 923054
Blocks: 923054
Keywords: regression
|
|
Reporter | |
Updated•11 years ago
|
|
|
Reporter | |
Comment 2•11 years ago
|
||
Crashes on windows7 too.
bp-bf7f777b-6e55-4fc8-9fe5-0805d2140228
https://hg.mozilla.org/mozilla-central/rev/58eca03214a6
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0 ID:20140228030206
Crash Signature: [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)] → [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)]
[@ nsRefPtr<nsIDOMRange>::~nsRefPtr<nsIDOMRange>() | mozilla::dom::DataTransfer::~DataTransfer()]
OS: Linux → All
|
||
Comment 3•11 years ago
|
||
I assume bz just fixed this one by adding NS_IF_ADDREF.
Crash Signature: [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)]
[@ nsRefPtr<nsIDOMRange>::~nsRefPtr<nsIDOMRange>() | mozilla::dom::DataTransfer::~DataTransfer()] → [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)]
OS: All → Linux
|
|
Reporter | |
Updated•11 years ago
|
Crash Signature: [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)] → [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)]
[@ nsRefPtr<nsIDOMRange>::~nsRefPtr<nsIDOMRange>() | mozilla::dom::DataTransfer::~DataTransfer()]
OS: Linux → All
|
|
Assignee | |
Comment 4•11 years ago
|
||
Yeah, this is fixed by the patch in bug 977950.
Assignee: nobody → bzbarsky
Status: NEW → RESOLVED
Crash Signature: [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)]
[@ nsRefPtr<nsIDOMRange>::~nsRefPtr<nsIDOMRange>() | mozilla::dom::DataTransfer::~DataTransfer()] → [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)]
Closed: 11 years ago
Depends on: 977950
OS: All → Linux
Resolution: --- → FIXED
|
|
Assignee | |
Updated•11 years ago
|
Crash Signature: [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)] → [@ libxul.so@0x3838e68 | mozilla::dom::HTMLInputElement::cycleCollection::Traverse(void*, nsCycleCollectionTraversalCallback&)]
[@ nsRefPtr<nsIDOMRange>::~nsRefPtr<nsIDOMRange>() | mozilla::dom::DataTransfer::~DataTransfer()]
OS: Linux → All
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•