Closed
Bug 1055456
Opened 10 years ago
Closed 10 years ago
Crash in [@ nsTypeAheadFind::GetSearchContainers]
Categories
(Toolkit :: Find Toolbar, defect)
Tracking
()
VERIFIED
FIXED
mozilla34
People
(Reporter: smaug, Assigned: smaug)
References
Details
(Keywords: regression, topcrash)
Crash Data
Attachments
(1 file)
|
(deleted),
patch
|
mrbkap
:
review+
|
Details | Diff | Splinter Review |
https://crash-stats.mozilla.com/report/index/335cd18c-3f3f-40ee-9f70-c99232140819 (This is a blocker for me to use e10s builds. They crash all the time. "Search for text when I start typing" enabled)
This is the #4 topcrasher for Firefox 34.0a1 for the last 7 days with 182/11183 crashes. It happens on Mac, Windows, and Linux. The crash signature first appeared 2012-04-08 but the recent crashes only started up again with the 2014081703 build. Comments from other crash reports: "This crash seems to happen on about:newtab when I press a key with the focus on the page. It doesn't happen in about:blank, and doesn't seem to depend on whether about:newtab is in Blank or Classic mode. " "I tried to search in my downloads - I pressed Ctrl+F on 'all downloads' tab and started to type '.24'. on first char window became blank and then Firefox died. RIP. "
Crash Signature: [@ nsTypeAheadFind::GetSearchContainers(nsISupports*, nsISelectionController*, bool, bool, nsIPresShell**, nsPresContext**) ]
status-firefox34:
--- → affected
Keywords: topcrash
|
||
Updated•10 years ago
|
tracking-firefox34:
--- → +
|
||
Updated•10 years ago
|
Summary: [E10s] [@ nsTypeAheadFind::GetSearchContainers] → Crash in [@ nsTypeAheadFind::GetSearchContainers]
|
Assignee | |
Comment 2•10 years ago
|
||
I explicitly filed this for e10s, since that is where this is happening for me.
(In reply to Olli Pettay [:smaug] from comment #2) > I explicitly filed this for e10s, since that is where this is happening for > me. I hit it on a non-E10S nightly and it's nearly the same stack: https://crash-stats.mozilla.com/report/index/3d49e6ad-749f-40b1-8b02-edccd2140826
|
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → bugs
|
|
Assignee | |
Comment 5•10 years ago
|
||
Nothing guarantees a binding has anonymous content.
|
|
Assignee | |
Comment 6•10 years ago
|
||
As far as I see, this is a null+offset crash. So better to null check the return value of GetAnonymousContent(). And there is no need to null check 'child' since do_QueryInterface is null safe.
Attachment #8479935 -
Flags: review?(mrbkap)
|
|
Assignee | |
Comment 7•10 years ago
|
||
Comment on attachment 8479935 [details] [diff] [review] null check Wait, this isn't enough. There would be just more null pointer crashes.
Attachment #8479935 -
Flags: review?(mrbkap)
|
|
Assignee | |
Comment 8•10 years ago
|
||
Comment on attachment 8479935 [details] [diff] [review] null check No, this should be fine. searchRootNode points to non-null rootNode, if we don't have anonContent.
Attachment #8479935 -
Flags: review?(mrbkap)
|
||
Comment 9•10 years ago
|
||
Comment on attachment 8479935 [details] [diff] [review] null check Review of attachment 8479935 [details] [diff] [review]: ----------------------------------------------------------------- Sorry, I should have caught this in my original review.
Attachment #8479935 -
Flags: review?(mrbkap) → review+
|
|
Assignee | |
Comment 10•10 years ago
|
||
m-i is closed :( I don't expect a null check needing a tryserver run.
Keywords: checkin-needed
|
||
Comment 11•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/47f8093426c4
Keywords: checkin-needed
|
||
Comment 12•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/47f8093426c4
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla34
|
||
Updated•10 years ago
|
Keywords: regression
This crash signature stopped showing up so I'm marking it verified based on crash-stats.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•