Closed Bug 1525481 Opened 6 years ago Closed 6 years ago

crash near null in [@ mozilla::HTMLEditRules::WillOutdent]

Categories

(Core :: DOM: Editor, defect, P2)

Product:
Core
Component:
DOM: Editor
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla67
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox65 --- wontfix
firefox66 --- wontfix
firefox67 --- fixed

People

(Reporter: tsmith, Assigned: masayuki)

References

(Blocks 1 open bug)

Details

(Keywords: crash, testcase)

Attachments

(4 files)

testcase.html
(deleted), text/html
Details
Bug 1525481 - part 1: Make `SplitNodeTransaction::DoTransaction()` always check the result of `EditorBase::DoSplitNode()`
(deleted), text/x-phabricator-request
Details
Bug 1525481 - part 2: Make `EditorBase::DoSplitNode()` return error if split nodes are moved/removed unexpectedly
(deleted), text/x-phabricator-request
Details
Bug 1525481 - part 3: Make editor not expose internal errors to the web
(deleted), text/x-phabricator-request
Details
Attached file testcase.html (deleted) — 
==12217==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000078 (pc 0x7febe1663690 bp 0x7fffe363c4b0 sp 0x7fffe363c260 T0)
==12217==The signal is caused by a READ memory access.
==12217==Hint: address points to the zero page.
    #0 0x7febe166368f in operator bool src/obj-firefox/dist/include/nsCOMPtr.h:839:45
    #1 0x7febe166368f in IsSet src/obj-firefox/dist/include/mozilla/RangeBoundary.h:206
    #2 0x7febe166368f in mozilla::HTMLEditRules::WillOutdent(bool*, bool*) src/editor/libeditor/HTMLEditRules.cpp:5197
    #3 0x7febe164a8ee in mozilla::HTMLEditRules::WillDoAction(mozilla::EditSubActionInfo&, bool*, bool*) src/editor/libeditor/HTMLEditRules.cpp:700:14
    #4 0x7febe174e757 in mozilla::HTMLEditor::IndentOrOutdentAsSubAction(mozilla::EditSubAction) src/editor/libeditor/HTMLEditor.cpp:2461:24
    #5 0x7febe172fe87 in mozilla::HTMLEditor::OutdentAsAction() src/editor/libeditor/HTMLEditor.cpp:2437:17
    #6 0x7febe17707e4 in mozilla::OutdentCommand::DoCommand(char const*, nsISupports*) src/editor/libeditor/HTMLEditorCommands.cpp:510:29
    #7 0x7febdece6525 in nsControllerCommandTable::DoCommand(char const*, nsISupports*) src/dom/commandhandler/nsControllerCommandTable.cpp:140:26
    #8 0x7febdecddd0c in nsBaseCommandController::DoCommand(char const*) src/dom/commandhandler/nsBaseCommandController.cpp:123:25
    #9 0x7febdece250e in nsCommandManager::DoCommand(char const*, nsICommandParams*, mozIDOMWindowProxy*) src/dom/commandhandler/nsCommandManager.cpp:199:22
    #10 0x7febdf388275 in nsHTMLDocument::ExecCommand(nsTSubstring<char16_t> const&, bool, nsTSubstring<char16_t> const&, nsIPrincipal&, mozilla::ErrorResult&) src/dom/html/nsHTMLDocument.cpp:2816:18
    #11 0x7febde0502ab in mozilla::dom::HTMLDocument_Binding::execCommand(JSContext*, JS::Handle<JSObject*>, nsHTMLDocument*, JSJitMethodCallArgs const&) src/obj-firefox/dom/bindings/HTMLDocumentBinding.cpp:619:21
    #12 0x7febde5e8418 in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) src/dom/bindings/BindingUtils.cpp:3138:13
    #13 0x7febe62c630d in CallJSNative src/js/src/vm/Interpreter.cpp:441:13
    #14 0x7febe62c630d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:533
    #15 0x7febe62afc46 in CallFromStack src/js/src/vm/Interpreter.cpp:592:10
    #16 0x7febe62afc46 in Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3068
    #17 0x7febe6292f6d in js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:421:10
    #18 0x7febe62c6cb1 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:561:13
    #19 0x7febe62c8932 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) src/js/src/vm/Interpreter.cpp:604:8
    #20 0x7febe6e5acf6 in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) src/js/src/jsapi.cpp:2620:10
    #21 0x7febddbfd2c9 in mozilla::dom::EventHandlerNonNull::Call(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) src/obj-firefox/dom/bindings/EventHandlerBinding.cpp:266:37
    #22 0x7febdee93399 in void mozilla::dom::EventHandlerNonNull::Call<nsISupports*>(nsISupports* const&, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JS::Realm*) src/obj-firefox/dist/include/mozilla/dom/EventHandlerBinding.h:363:12
    #23 0x7febdee90629 in mozilla::JSEventHandler::HandleEvent(mozilla::dom::Event*) src/dom/events/JSEventHandler.cpp:205:12
    #24 0x7febdee4387a in mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*) src/dom/events/EventListenerManager.cpp:1054:51
    #25 0x7febdee45e53 in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) src/dom/events/EventListenerManager.cpp:1249:17
    #26 0x7febdee25c50 in HandleEvent src/obj-firefox/dist/include/mozilla/EventListenerManager.h:350:5
    #27 0x7febdee25c50 in mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:351
    #28 0x7febdee23e78 in mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:553:16
    #29 0x7febdee2aac3 in mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) src/dom/events/EventDispatcher.cpp:1044:11
    #30 0x7febe1cb359a in nsDocumentViewer::LoadComplete(nsresult) src/layout/base/nsDocumentViewer.cpp:1102:7
    #31 0x7febe51a42f5 in nsDocShell::EndPageLoad(nsIWebProgress*, nsIChannel*, nsresult) src/docshell/base/nsDocShell.cpp:6625:21
    #32 0x7febe519fb2e in nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) src/docshell/base/nsDocShell.cpp:6422:7
    #33 0x7febe51a8cf7 in non-virtual thunk to nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) src/docshell/base/nsDocShell.cpp
    #34 0x7febd99cbc05 in nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, nsresult) src/uriloader/base/nsDocLoader.cpp:1236:3
    #35 0x7febd99ca7ec in nsDocLoader::doStopDocumentLoad(nsIRequest*, nsresult) src/uriloader/base/nsDocLoader.cpp:795:14
    #36 0x7febd99c5ff0 in nsDocLoader::DocLoaderIsEmpty(bool) src/uriloader/base/nsDocLoader.cpp:694:9
    #37 0x7febd99c8a8e in nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) src/uriloader/base/nsDocLoader.cpp:589:5
    #38 0x7febd99ca314 in non-virtual thunk to nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) src/uriloader/base/nsDocLoader.cpp
    #39 0x7febd71ef08f in mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult) src/netwerk/base/nsLoadGroup.cpp:575:22
    #40 0x7febdad2d89d in imgRequestProxy::RemoveFromLoadGroup() src/image/imgRequestProxy.cpp:401:15
    #41 0x7febdad36ffa in imgRequestProxy::OnLoadComplete(bool) src/image/imgRequestProxy.cpp:992:7
    #42 0x7febdad1510c in operator() src/image/ProgressTracker.cpp:330:13
    #43 0x7febdad1510c in void mozilla::image::ImageObserverNotifier<mozilla::image::ObserverTable const*>::operator()<void mozilla::image::SyncNotifyInternal<mozilla::image::ObserverTable const*>(mozilla::image::ObserverTable const* const&, bool, unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&)::'lambda5'(mozilla::image::IProgressObserver*)>(mozilla::image::ObserverTable const*) src/image/ProgressTracker.cpp:260
    #44 0x7febdad128b6 in void mozilla::image::SyncNotifyInternal<mozilla::image::ObserverTable const*>(mozilla::image::ObserverTable const* const&, bool, unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/image/ProgressTracker.cpp:329:5
    #45 0x7febdac6de30 in operator() src/image/ProgressTracker.cpp:348:5
    #46 0x7febdac6de30 in Read<(lambda at /builds/worker/workspace/build/src/image/ProgressTracker.cpp:347:19)> src/image/CopyOnWrite.h:155
    #47 0x7febdac6de30 in mozilla::image::ProgressTracker::SyncNotifyProgress(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/image/ProgressTracker.cpp:347
    #48 0x7febdac7b48d in mozilla::image::RasterImage::NotifyProgress(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::Maybe<unsigned int> const&, mozilla::image::DecoderFlags, mozilla::image::SurfaceFlags) src/image/RasterImage.cpp:1609:28
    #49 0x7febdac8c77f in NotifyForLoadEvent src/image/RasterImage.cpp:941:3
    #50 0x7febdac8c77f in mozilla::image::RasterImage::OnImageDataComplete(nsIRequest*, nsISupports*, nsresult, bool) src/image/RasterImage.cpp:924
    #51 0x7febdad25d60 in imgRequest::OnStopRequest(nsIRequest*, nsISupports*, nsresult) src/image/imgRequest.cpp:782:26
    #52 0x7febd7ba98de in mozilla::net::HttpChannelChild::DoOnStopRequest(nsIRequest*, nsresult, nsISupports*) src/netwerk/protocol/http/HttpChannelChild.cpp:1221:16
    #53 0x7febd7bb7f74 in mozilla::net::HttpChannelChild::OnStopRequest(nsresult const&, mozilla::net::ResourceTimingStruct const&, mozilla::net::nsHttpHeaderArray const&) src/netwerk/protocol/http/HttpChannelChild.cpp:1103:5
    #54 0x7febd7e93b71 in mozilla::net::ChannelEventQueue::FlushQueue() src/netwerk/ipc/ChannelEventQueue.cpp:90:12
    #55 0x7febd7eae0ce in CompleteResume src/obj-firefox/dist/include/mozilla/net/ChannelEventQueue.h:293:5
    #56 0x7febd7eae0ce in mozilla::net::ChannelEventQueue::ResumeInternal()::CompleteResumeRunnable::Run() src/netwerk/ipc/ChannelEventQueue.cpp:148
    #57 0x7febd6f36d55 in mozilla::SchedulerGroup::Runnable::Run() src/xpcom/threads/SchedulerGroup.cpp:292:32
    #58 0x7febd6f75e16 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1162:14
    #59 0x7febd6f7dbdd in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:474:10
    #60 0x7febd8225e0f in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:88:21
    #61 0x7febd811323e in RunInternal src/ipc/chromium/src/base/message_loop.cc:315:10
    #62 0x7febd811323e in RunHandler src/ipc/chromium/src/base/message_loop.cc:308
    #63 0x7febd811323e in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290
    #64 0x7febe13fb2d3 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
    #65 0x7febe5fe61be in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:908:20
    #66 0x7febd811323e in RunInternal src/ipc/chromium/src/base/message_loop.cc:315:10
    #67 0x7febd811323e in RunHandler src/ipc/chromium/src/base/message_loop.cc:308
    #68 0x7febd811323e in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290
    #69 0x7febe5fe5313 in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:746:34
    #70 0x561d51109874 in content_process_main src/browser/app/../../ipc/contentproc/plugin-container.cpp:49:28
    #71 0x561d51109874 in main src/browser/app/nsBrowserApp.cpp:265
Flags: in-testsuite?

Hi Masayuki, your footprints are there. Could you please take a look? Thanks!

Flags: needinfo?(masayuki)

Hmm, that's odd. I cannot understand what's the problem only from the stack... But fortunately, this crash is reproducible with Nightly. So, it's easy to investigate this.

Assignee: nobody → masayuki
Status: NEW → ASSIGNED
Flags: needinfo?(masayuki)

Wow... With debug build, I hit another MOZ_ASSERT before the crash...

Assertion failure: mStartOfRightNode.Offset() == mNewLeftNode->Length(), at m:/src/editor/libeditor/SplitNodeTransaction.cpp:108
#01: mozilla::TransactionManager::DoTransaction (m:\src\editor\txmgr\TransactionManager.cpp:69)
#02: mozilla::EditorBase::DoTransactionInternal (m:\src\editor\libeditor\EditorBase.cpp:767)
#03: mozilla::EditorBase::SplitNodeWithTransaction<nsCOMPtr<nsINode>,nsCOMPtr<nsIContent> > (m:\src\editor\libeditor\EditorBase.cpp:1450)
#04: mozilla::EditorBase::SplitNodeDeepWithTransaction<nsINode *,nsIContent *> (m:\src\editor\libeditor\EditorBase.cpp:3693)
#05: mozilla::HTMLEditRules::SplitRangeOffFromBlock (m:\src\editor\libeditor\HTMLEditRules.cpp:5564)
#06: mozilla::HTMLEditRules::OutdentPartOfBlock (m:\src\editor\libeditor\HTMLEditRules.cpp:5580)
#07: mozilla::HTMLEditRules::OutdentAroundSelection (m:\src\editor\libeditor\HTMLEditRules.cpp:5505)
#08: mozilla::HTMLEditRules::WillOutdent (m:\src\editor\libeditor\HTMLEditRules.cpp:5149)
#09: mozilla::HTMLEditRules::WillDoAction (m:\src\editor\libeditor\HTMLEditRules.cpp:700)
#10: mozilla::HTMLEditor::IndentOrOutdentAsSubAction (m:\src\editor\libeditor\HTMLEditor.cpp:2461)
#11: mozilla::HTMLEditor::OutdentAsAction (m:\src\editor\libeditor\HTMLEditor.cpp:2437)
#12: mozilla::OutdentCommand::DoCommand (m:\src\editor\libeditor\HTMLEditorCommands.cpp:510)
#13: nsControllerCommandTable::DoCommand (m:\src\dom\commandhandler\nsControllerCommandTable.cpp:140)
#14: nsBaseCommandController::DoCommand (m:\src\dom\commandhandler\nsBaseCommandController.cpp:123)
#15: nsCommandManager::DoCommand (m:\src\dom\commandhandler\nsCommandManager.cpp:0)
#16: nsHTMLDocument::ExecCommand (m:\src\dom\html\nsHTMLDocument.cpp:2853)
#17: mozilla::dom::HTMLDocument_Binding::execCommand (m:\fx64-dbg\dom\bindings\HTMLDocumentBinding.cpp:620)
#18: mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy,mozilla::dom::binding_detail::ThrowExceptions> (m:\src\dom\bindings\BindingUtils.cpp:3140)
#19: CallJSNative (m:\src\js\src\vm\Interpreter.cpp:442)
#20: js::InternalCallOrConstruct (m:\src\js\src\vm\Interpreter.cpp:534)
#21: InternalCall (m:\src\js\src\vm\Interpreter.cpp:589)
#22: Interpret (m:\src\js\src\vm\Interpreter.cpp:3066)
#23: js::RunScript (m:\src\js\src\vm\Interpreter.cpp:422)
#24: js::InternalCallOrConstruct (m:\src\js\src\vm\Interpreter.cpp:562)
#25: InternalCall (m:\src\js\src\vm\Interpreter.cpp:589)
#26: js::Call (m:\src\js\src\vm\Interpreter.cpp:605)
#27: JS::Call (m:\src\js\src\jsapi.cpp:2616)
#28: mozilla::dom::EventHandlerNonNull::Call (m:\fx64-dbg\dom\bindings\EventHandlerBinding.cpp:266)
#29: mozilla::dom::EventHandlerNonNull::Call<nsISupports *> (m:\fx64-dbg\dist\include\mozilla\dom\EventHandlerBinding.h:363)
#30: mozilla::JSEventHandler::HandleEvent (m:\src\dom\events\JSEventHandler.cpp:206)
#31: mozilla::EventListenerManager::HandleEventSubType (m:\src\dom\events\EventListenerManager.cpp:1042)
#32: mozilla::EventListenerManager::HandleEventInternal (m:\src\dom\events\EventListenerManager.cpp:1239)
#33: mozilla::EventTargetChainItem::HandleEvent (m:\src\dom\events\EventDispatcher.cpp:354)
#34: mozilla::EventTargetChainItem::HandleEventTargetChain (m:\src\dom\events\EventDispatcher.cpp:555)
#35: mozilla::EventDispatcher::Dispatch (m:\src\dom\events\EventDispatcher.cpp:1044)
#36: nsDocumentViewer::LoadComplete (m:\src\layout\base\nsDocumentViewer.cpp:1103)
#37: nsDocShell::EndPageLoad (m:\src\docshell\base\nsDocShell.cpp:6626)
#38: nsDocShell::OnStateChange (m:\src\docshell\base\nsDocShell.cpp:6423)
#39: nsDocLoader::DoFireOnStateChange (m:\src\uriloader\base\nsDocLoader.cpp:1236)
#40: nsDocLoader::doStopDocumentLoad (m:\src\uriloader\base\nsDocLoader.cpp:794)
#41: nsDocLoader::DocLoaderIsEmpty (m:\src\uriloader\base\nsDocLoader.cpp:684)
#42: nsDocLoader::OnStopRequest (m:\src\uriloader\base\nsDocLoader.cpp:590)
#43: mozilla::net::nsLoadGroup::RemoveRequest (m:\src\netwerk\base\nsLoadGroup.cpp:575)
#44: mozilla::dom::Document::DoUnblockOnload (m:\src\dom\base\Document.cpp:7716)
#45: mozilla::dom::Document::DispatchContentLoadedEvents (m:\src\dom\base\Document.cpp:4802)
#46: mozilla::detail::RunnableMethodImpl<mozilla::dom::Document ,void (mozilla::dom::Document::(),1,mozilla::RunnableKind::Standard>::Run (m:\fx64-dbg\dist\include\nsThreadUtils.h:1174)
#47: mozilla::SchedulerGroup::Runnable::Run (m:\src\xpcom\threads\SchedulerGroup.cpp:292)
#48: nsThread::ProcessNextEvent (m:\src\xpcom\threads\nsThread.cpp:1149)
#49: NS_ProcessNextEvent (m:\src\xpcom\threads\nsThreadUtils.cpp:474)
#50: mozilla::ipc::MessagePump::Run (m:\src\ipc\glue\MessagePump.cpp:88)
#51: MessageLoop::RunHandler (m:\src\ipc\chromium\src\base\message_loop.cc:309)
#52: MessageLoop::Run (m:\src\ipc\chromium\src\base\message_loop.cc:291)
#53: nsBaseAppShell::Run (m:\src\widget\nsBaseAppShell.cpp:139)
#54: nsAppShell::Run (m:\src\widget\windows\nsAppShell.cpp:411)
#55: XRE_RunAppShell (m:\src\toolkit\xre\nsEmbedFunctions.cpp:908)
#56: mozilla::ipc::MessagePumpForChildProcess::Run (m:\src\ipc\glue\MessagePump.cpp:238)
#57: MessageLoop::RunHandler (m:\src\ipc\chromium\src\base\message_loop.cc:309)
#58: MessageLoop::Run (m:\src\ipc\chromium\src\base\message_loop.cc:291)
#59: XRE_InitChildProcess (m:\src\toolkit\xre\nsEmbedFunctions.cpp:750)
#60: NS_internal_main (m:\src\browser\app\nsBrowserApp.cpp:265)
#61: wmain (m:\src\toolkit\xre\nsWindowsWMain.cpp:129)
#62: __scrt_common_main_seh (f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl:283)
#63: BaseThreadInitThunk[C:\WINDOWS\System32\KERNEL32.DLL +0x181f4]
#64: RtlUserThreadStart[C:\WINDOWS\SYSTEM32\ntdll.dll +0x6a251]

Priority: -- → P2

Oddly, SplitNodeTransaction::DoTransaction() checks the result of
EditorBase::DoSplitNode() only when it's not allowed to change Selection.
We should make it always check the result.

We should stop handling splitting nodes if mutation event listeners move or
remove the split nodes unexpectedly because the post processors may not be
able to keep handling the nodes. For example, if a node is moved to outside
of editing host, we shouldn't touch it anymore due to non-editable.

This patch makes EditorBase::DoSplitNode() return new error for making
any parent callers stop their job, but note that the following patch makes
any public methods expose the new error as exception for compatibility with
Chrome.

As far as I've tested, Chrome does not throw exception even when editor is
destroyed or editor content is modified unexpectedly. So, we should return
NS_OK from most public methods of editor when internal methods return
NS_ERROR_EDITOR_DESTROYED or NS_ERROR_EDITOR_UNEXPECTED_DOM_TREE.

I think that we need similar patches of part 2 everywhere editor touches the DOM tree. But it require a lot of time to find such points. So, we should fix only the split node case only for the actual crash bug in this bug.

FYI: Part 3 touches all methods which create AutoEditActionDataSetter instance. So, each one should be public or semi-public method which called by a public method but not called by protected methods.

Pushed by masayuki@d-toybox.com: https://hg.mozilla.org/integration/autoland/rev/ec7fb1d81571 part 1: Make `SplitNodeTransaction::DoTransaction()` always check the result of `EditorBase::DoSplitNode()` r=m_kato https://hg.mozilla.org/integration/autoland/rev/b68a329b15d4 part 2: Make `EditorBase::DoSplitNode()` return error if split nodes are moved/removed unexpectedly r=m_kato https://hg.mozilla.org/integration/autoland/rev/81adda1cb3f2 part 3: Make editor not expose internal errors to the web r=m_kato
status-firefox65: --- → wontfix
status-firefox66: --- → wontfix
status-firefox-esr60: --- → unaffected
Flags: in-testsuite? → in-testsuite+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: