Closed
Bug 1102210
Opened 10 years ago
Closed 10 years ago
crash in nsAndroidHistory::RemovePendingVisitURI(nsIURI*)
Categories
(Firefox for Android Graveyard :: Awesomescreen, defect)
Tracking
(firefox36 verified)
VERIFIED
FIXED
Firefox 36
| Tracking | Status | |
|---|---|---|
| firefox36 | --- | verified |
People
(Reporter: cos_flaviu, Assigned: mfinkle)
Details
(Keywords: crash)
Crash Data
Attachments
(2 files)
|
1.77 KB,
patch
|
rnewman
:
review+
|
Details | Diff | Splinter Review |
|
7.40 KB,
patch
|
rnewman
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-1a2f4f14-550d-4021-a657-e6b892141120.
=============================================================
Environment:
Device: HTC One M7 (Android 4.2.2);
Build: Nightly 36.0a1 (2014-10-20);
Steps to reproduce:
1. Go to bookmarks panel;
2. Long tap and choose 'Open in New Tab' option on a bookmark;
3. Repeat step 3 for a few more bookmarks.
Expected result:
All the bookmarks are successfully opened in new tab.
Actual result:
Firefox crashes.
Stack trace:
0 libxul.so nsAndroidHistory::RemovePendingVisitURI(nsIURI*) mobile/android/components/build/nsAndroidHistory.cpp
1 libxul.so nsAndroidHistory::VisitURI(nsIURI*, nsIURI*, unsigned int) mobile/android/components/build/nsAndroidHistory.cpp
2 libxul.so nsDocShell::AddURIVisit(nsIURI*, nsIURI*, nsIURI*, unsigned int, unsigned int) docshell/base/nsDocShell.cpp
3 libxul.so nsDocShell::OnRedirectStateChange(nsIChannel*, nsIChannel*, unsigned int, unsigned int) docshell/base/nsDocShell.cpp
4 libxul.so nsDocLoader::AsyncOnChannelRedirect(nsIChannel*, nsIChannel*, unsigned int, nsIAsyncVerifyRedirectCallback*) uriloader/base/nsDocLoader.cpp
5 libxul.so nsAsyncRedirectVerifyHelper::DelegateOnChannelRedirect(nsIChannelEventSink*, nsIChannel*, nsIChannel*, unsigned int) netwerk/base/src/nsAsyncRedirectVerifyHelper.cpp
6 libxul.so nsAsyncRedirectVerifyHelper::Run() netwerk/base/src/nsAsyncRedirectVerifyHelper.cpp
7 libxul.so nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp
8 libxul.so NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp
9 libxul.so mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp
10 libxul.so MessageLoop::RunInternal() ipc/chromium/src/base/message_loop.cc
11 libxul.so MessageLoop::Run() ipc/chromium/src/base/message_loop.cc
12 libxul.so nsBaseAppShell::Run() widget/nsBaseAppShell.cpp
13 libxul.so nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp
14 libxul.so XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp
15 libxul.so XREMain::XRE_main(int, char**, nsXREAppData const*) toolkit/xre/nsAppRunner.cpp
16 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp
17 libxul.so GeckoStart toolkit/xre/nsAndroidStartup.cpp
18 libmozglue.so Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun mozglue/android/APKOpen.cpp
Ø 19 libdvm.so libdvm.so@0x20392
Ø 20 dalvik-heap (deleted) dalvik-heap (deleted)@0x46b44e
Ø 21 data@app@org.mozilla.fennec-1.apk@classes.dex data@app@org.mozilla.fennec-1.apk@classes.dex@0x5999c0
Ø 22 libdvm.so libdvm.so@0x532cd
Ø 23 data@app@org.mozilla.fennec-1.apk@classes.dex data@app@org.mozilla.fennec-1.apk@classes.dex@0x5999be
24 libmozglue.so Java_org_mozilla_gecko_mozglue_GeckoLoader_loadNSSLibsNative mozglue/android/APKOpen.cpp
25 @0xbffffffe
Ø 26 libc.so libc.so@0x118f1
Ø 27 libc.so libc.so@0xcff3
Ø 28 libdvm.so libdvm.so@0x55fb5
Ø 29 dalvik-heap (deleted) dalvik-heap (deleted)@0x4d57f6
Ø 30 libdvm.so libdvm.so@0x7ea01
Ø 31 dalvik-heap (deleted) dalvik-heap (deleted)@0x10de
Ø 32 libdvm.so libdvm.so@0x2cb86
Ø 33 libdvm.so libdvm.so@0x693bb
Ø 34 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x347e
Ø 35 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x3e42f2
Ø 36 dalvik-heap (deleted) dalvik-heap (deleted)@0x46b44e
Ø 37 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x3e42de
Ø 38 data@app@org.mozilla.fennec-1.apk@classes.dex data@app@org.mozilla.fennec-1.apk@classes.dex@0x5eb06f
Ø 39 libdvm.so libdvm.so@0x76d17
Ø 40 data@app@org.mozilla.fennec-1.apk@classes.dex data@app@org.mozilla.fennec-1.apk@classes.dex@0x5eb06f
Ø 41 dalvik-heap (deleted) dalvik-heap (deleted)@0x46b44e
Ø 42 data@app@org.mozilla.fennec-1.apk@classes.dex data@app@org.mozilla.fennec-1.apk@classes.dex@0x5eb06f
Ø 43 data@app@org.mozilla.fennec-1.apk@classes.dex data@app@org.mozilla.fennec-1.apk@classes.dex@0x727ffe
Ø 44 data@app@org.mozilla.fennec-1.apk@classes.dex data@app@org.mozilla.fennec-1.apk@classes.dex@0xfada6
Ø 45 dalvik-heap (deleted) dalvik-heap (deleted)@0x122aaab9
Ø 46 libdvm.so libdvm.so@0x55ebb
Ø 47 dalvik-heap (deleted) dalvik-heap (deleted)@0x122aaab9
Ø 48 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x3e42de
Ø 49 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x3e42de
Ø 50 libdvm.so libdvm.so@0x5311f
Ø 51 dalvik-heap (deleted) dalvik-heap (deleted)@0x46b44e
Ø 52 libdvm.so libdvm.so@0x55cf9
Ø 53 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x3e42de
Ø 54 data@app@org.mozilla.fennec-1.apk@classes.dex data@app@org.mozilla.fennec-1.apk@classes.dex@0x3b160a
Ø 55 dalvik-heap (deleted) dalvik-heap (deleted)@0x46b44e
Ø 56 libdvm.so libdvm.so@0x204fe
Ø 57 libdvm.so libdvm.so@0x29822
Ø 58 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x3f43ce
Ø 59 libdvm.so libdvm.so@0x2ee56
Ø 60 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x3f43ce
Ø 61 dalvik-heap (deleted) dalvik-heap (deleted)@0x4c3f06
Ø 62 data@app@org.mozilla.fennec-1.apk@classes.dex data@app@org.mozilla.fennec-1.apk@classes.dex@0x598fe0
Ø 63 libdvm.so libdvm.so@0x693bb
Ø 64 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x3f43ce
Ø 65 dalvik-heap (deleted) dalvik-heap (deleted)@0x4c3f06
Ø 66 libdvm.so libdvm.so@0x693e5
Ø 67 libdvm.so libdvm.so@0x5c3dd
Ø 68 data@app@org.mozilla.fennec-1.apk@classes.dex data@app@org.mozilla.fennec-1.apk@classes.dex@0x676545
Ø 69 dalvik-heap (deleted) dalvik-heap (deleted)@0x122aaab9
Ø 70 libdvm.so libdvm.so@0x5c33b
Ø 71 libdvm.so libdvm.so@0x5c33b
Ø 72 libc.so libc.so@0xe4ba
Ø 73 libc.so libc.so@0xdba6
|
Assignee | |
Comment 1•10 years ago
|
||
Of course, aLastVisitedURI can be null. Patch coming.
Assignee: nobody → mark.finkle
|
|
Assignee | |
Comment 2•10 years ago
|
||
This should fix the crash. I'm going to try and make a test for this stuff too.
|
|
Assignee | |
Comment 3•10 years ago
|
||
Comment on attachment 8526094 [details] [diff] [review]
history-crash v0.1
I am still fighting with some tests, but wanted to move this along to fix the crash
Attachment #8526094 -
Flags: review?(rnewman)
|
||
Comment 4•10 years ago
|
||
Comment on attachment 8526094 [details] [diff] [review]
history-crash v0.1
Review of attachment 8526094 [details] [diff] [review]:
-----------------------------------------------------------------
Oops.
Attachment #8526094 -
Flags: review?(rnewman) → review+
|
|
Assignee | |
Comment 5•10 years ago
|
||
This is similar to the testTrackingProtection approach. I again use a promise-based helper to handle page loads, but also add a promise-based sleep to help get the timing right.
As with the promise-based load helper, the promise-based sleep seems to be used a lot in our tests. As with the tracking protection tests, I switched from using the deprecated Promise.jsm approach to the new JS Promise approach.
Three tests are run:
1. Simple HTML file. No redirects, so one history visit is expected.
2. 301 redirect via an SJS file. The 301 redirect should be ignored, so one history visit is expected.
3. JS redirection via an SJS file. The redirection is not hidden, so we see two history visits: the JS redirector and the final HTML page.
The pending history visits are flushed after at most three (3) seconds, so we need to wait for longer than that. I picked four (4) seconds and it works fine locally.
Try run: https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=c1daf1e823a2
Attachment #8526432 -
Flags: review?(rnewman)
|
|
Assignee | |
Comment 6•10 years ago
|
||
(In reply to Mark Finkle (:mfinkle) from comment #5)
> Try run:
> https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=c1daf1e823a2
That one did not run robocop tests.
This one does:
https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=e64f6ec423b6
Android 2.3 RC3 and Android 4.0 RC5 are both green \o/
|
||
Comment 7•10 years ago
|
||
rank #3 on trunk
|
|
Assignee | |
Comment 8•10 years ago
|
||
Landed the crash fix:
https://hg.mozilla.org/integration/fx-team/rev/1c41bf100a3d
Waiting to close until we get the test.
Keywords: leave-open
|
|
||
Comment 9•10 years ago
|
||
Comment on attachment 8526432 [details] [diff] [review]
historyservice-tests v0.1
Review of attachment 8526432 [details] [diff] [review]:
-----------------------------------------------------------------
Bless you. You are the test king.
If this runs and passes, I'm happy.
Attachment #8526432 -
Flags: review?(rnewman) → review+
|
|
Assignee | |
Comment 10•10 years ago
|
||
Keywords: leave-open
https://hg.mozilla.org/mozilla-central/rev/1c41bf100a3d
https://hg.mozilla.org/mozilla-central/rev/65205034ed90
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 36
|
||
Comment 12•10 years ago
|
||
Verified as fixed in Firefox for Android 36.0a1 (2014-11-23)
Device: Asus Transformer Pad TF300T (Android 4.2.1)
Status: RESOLVED → VERIFIED
status-firefox36:
--- → verified
|
||
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•