macOS Crash in [@ mozilla::layers::AsyncPanZoomController::OnPan]
Categories
(Core :: Panning and Zooming, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr78 | --- | unaffected |
| firefox88 | --- | unaffected |
| firefox89 | --- | fixed |
| firefox90 | --- | fixed |
People
(Reporter: aryx, Assigned: hiro)
References
(Regression)
Details
(Keywords: crash, regression, Whiteboard: [proton-uplift])
Crash Data
Attachments
(2 files)
|
(deleted),
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
|
Details |
|
(deleted),
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
|
Details |
8 crashes on 5+ installations
Crash report: https://crash-stats.mozilla.org/report/index/3fa90e29-095a-469d-a3f5-4032d0210426
Reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Top 10 frames of crashing thread:
0 XUL mozilla::layers::AsyncPanZoomController::OnPan gfx/layers/apz/src/AsyncPanZoomController.cpp:2680
1 XUL mozilla::layers::AsyncPanZoomController::HandleInputEvent gfx/layers/apz/src/AsyncPanZoomController.cpp:1094
2 XUL mozilla::layers::InputQueue::ProcessQueue gfx/layers/apz/src/InputQueue.cpp:955
3 XUL mozilla::layers::InputQueue::ReceivePanGestureInput gfx/layers/apz/src/InputQueue.cpp:469
4 XUL mozilla::layers::InputQueue::ReceiveInputEvent gfx/layers/apz/src/InputQueue.cpp:53
5 XUL mozilla::layers::APZCTreeManager::ReceiveInputEvent gfx/layers/apz/src/APZCTreeManager.cpp:1671
6 XUL {virtual override thunk}
7 XUL nsChildView::DispatchAPZWheelInputEvent widget/cocoa/nsChildView.mm:1985
8 XUL -[ChildView scrollWheel:] widget/cocoa/nsChildView.mm:3382
9 AppKit -[NSWindow _reallySendEvent:isDelayedEvent:]
|
Assignee | |
Comment 1•3 years ago
|
||
Looks like mAnimation is nullptr even if mState is OVERSCROLL_ANIMATION. Though I don't see why it happens, adding a null check would be a fix.
|
|
Assignee | |
Comment 2•3 years ago
|
||
mAnimation = nullptr;
SetState(NOTHING);
We should reverse this order?
|
|
Assignee | |
Comment 3•3 years ago
|
||
|
|
Assignee | |
Comment 4•3 years ago
|
||
Depends on D113291
|
||
Comment 6•3 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/3f6178ca6303
https://hg.mozilla.org/mozilla-central/rev/243729640a19
|
|
Assignee | |
Comment 7•3 years ago
|
||
Comment on attachment 9218255 [details]
Bug 1707519 - Set the APZC state NOTHING prior to nullify mAnimation. r?botond
Beta/Release Uplift Approval Request
- User impact if declined: [Required for MR1 / Proton] crash
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce: We don't know ways to reproduce this crash unfortunately
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): The change is pretty simple, and there is an additional null checking change (D113292) to avoid the crash
- String changes made/needed: none
|
|
Assignee | |
Updated•3 years ago
|
|
|
Assignee | |
Updated•3 years ago
|
|
||
Comment 8•3 years ago
|
||
Comment on attachment 9218255 [details]
Bug 1707519 - Set the APZC state NOTHING prior to nullify mAnimation. r?botond
Approved for 89 beta 6, thanks.
|
|
||
Comment 9•3 years ago
|
||
Comment on attachment 9218256 [details]
Bug 1707519 - Add a null check to avoid crashes when mAnimation instance is not an OverscrollAnimation. r?botond
Approved for 89 beta 6, thanks.
|
|
||
Comment 10•3 years ago
|
||
| bugherder uplift | ||
|
||
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
||
Updated•3 years ago
|
Description
•