Closed
Bug 924681
Opened 11 years ago
Closed 11 years ago
crash in nsPresContext::GetPrimaryFrameFor(nsIContent*)
Categories
(Core :: DOM: Events, defect)
Tracking
()
People
(Reporter: nhirata, Assigned: smaug)
References
Details
(Keywords: crash, Whiteboard: [b2g-crash])
Crash Data
Attachments
(1 file, 1 obsolete file)
(deleted),
patch
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-3b4505d2-dd02-4227-bced-ff0872131002.
=============================================================
Crashing Thread
Frame Module Signature Source
0 libxul.so nsPresContext::GetPrimaryFrameFor(nsIContent*) layout/base/nsPresContext.h
1 libxul.so nsEventStateManager::FireContextClick() content/events/src/nsEventStateManager.cpp
2 libxul.so nsEventStateManager::sClickHoldCallback(nsITimer*, void*) content/events/src/nsEventStateManager.cpp
3 libxul.so nsTimerImpl::Fire() xpcom/threads/nsTimerImpl.cpp
4 libxul.so nsTimerEvent::Run() xpcom/threads/nsTimerImpl.cpp
5 libxul.so nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp
6 libxul.so NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp
7 libxul.so mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp
8 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp
9 libxul.so MessageLoop::RunInternal() ipc/chromium/src/base/message_loop.cc
10 libxul.so MessageLoop::Run() ipc/chromium/src/base/message_loop.cc
11 libxul.so nsBaseAppShell::Run() widget/xpwidgets/nsBaseAppShell.cpp
12 libxul.so XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp
13 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp
14 libxul.so MessageLoop::RunInternal() ipc/chromium/src/base/message_loop.cc
15 libxul.so MessageLoop::Run() ipc/chromium/src/base/message_loop.cc
16 libxul.so XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp
17 plugin-container main ipc/app/MozillaRuntimeMain.cpp
18 libc.so __libc_init bionic/libc/bionic/libc_init_dynamic.c
19 @0xb0001dc5
Looks like one could potentially play around with the pulse.me and crash
Reporter | ||
Comment 1•11 years ago
|
||
Comment 2•11 years ago
|
||
I think I'm hitting this in b2g desktop mochitests. This is intermittent, and doesn't seem to be related to a specific test (if I disable one test, others just crash in its place).
Log file with crash stack:
https://tbpl.mozilla.org/php/getParsedLog.php?id=29893368&tree=Cedar&full=1
Though there are many other jobs with different tests that hit the crash: https://tbpl.mozilla.org/?tree=Cedar&showall=1&jobname=b2g (see the Bg M(1)'s)
Andrew, do you think you could get someone to look into this? I don't think I'll be able to get around this by disabling tests, so this blocks b2g desktop mochitests.
Blocks: 931116
Flags: needinfo?(overholt)
Comment 3•11 years ago
|
||
Gregor, fyi this is blocking me from rolling b2g desktop mochitests out on tbpl.
Comment 4•11 years ago
|
||
Olli, this seems like your area of expertise.
Component: Layout → DOM: Events
Flags: needinfo?(overholt)
Assignee | ||
Comment 5•11 years ago
|
||
Looks like a null pointer crash (offset from null).
FireContextClick() is, IIRC, used currently only in b2g.
We could also just cancel the timer in few more places, but I think this patch is just fine.
Assignee: nobody → bugs
Attachment #825468 -
Flags: review?(masayuki)
Comment 6•11 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #5)
> Created attachment 825468 [details] [diff] [review]
> null check
>
> Looks like a null pointer crash (offset from null).
> FireContextClick() is, IIRC, used currently only in b2g.
>
> We could also just cancel the timer in few more places, but I think this
> patch is just fine.
So this looks like it would fix the crash, which is great, but I think we'll still have the root problem that the presentation is intermittently null on b2g desktop for some reason (similar to bug 927586). I anticipate new failures after this.
I guess we'll see how this goes and I'll file a new bug if this doesn't fix the root problem. Thanks for the quick patch though!
Assignee | ||
Comment 7•11 years ago
|
||
The patch should be valid. We don't cancel the possible timeout when mPresContext becomes null, and
that is the root problem.
b2g-desktop may use iframes in some unusual way and expect that there is presentation always.
But that doesn't sound like this bug.
Comment 8•11 years ago
|
||
Comment on attachment 825468 [details] [diff] [review]
null check
If you don't mind, please add {} before landing.
Attachment #825468 -
Flags: review?(masayuki) → review+
Assignee | ||
Comment 9•11 years ago
|
||
I knew you were going to ask that :)
Assignee | ||
Comment 10•11 years ago
|
||
Assignee | ||
Comment 11•11 years ago
|
||
Comment 12•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
Updated•11 years ago
|
Attachment #825468 -
Attachment is obsolete: true
Updated•11 years ago
|
blocking-b2g: --- → koi+
status-b2g-v1.2:
--- → affected
Comment 14•11 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•