Closed Bug 1154676 Opened 9 years ago Closed 9 years ago

[Mac][XULRunner] Crash in xulrunner(XUL) in nsChildView.mm in the handler scrollbarSystemMetricChanged on show Cocoa window with embedding.

Categories

(Core Graveyard :: Embedding: Mac, defect)

Product:
Core Graveyard
Component:
Embedding: Mac
Version:
37 Branch
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox40 fixed)

Status:
RESOLVED FIXED
Milestone:
mozilla40
Tracking Flags:
Tracking Status
firefox40 --- fixed

People

(Reporter: dimas_000, Assigned: dimas_000)

Details

Attachments

(1 file)

patch
947 bytes, patch
mstange
: review+
Details | Diff | Splinter Review 
User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; Tablet PC 2.0)

Steps to reproduce:

XULRunner embedding on MAC OS X 10.10 in Cocoa application.
(I used XULRunner release build with symbol information and disabled optimization)



Actual results:

Crash in XULrunner(XUL module) in nsChildView.mm in the handler scrollbarSystemMetricChanged after XULrunner embedding succeed initialization.
I have my Cocoa application started up and even html content rendered on given uri. But after 2-3 seconds I got crash on processing next message loop event in the scrollbarSystemMetricChanged event handler in XUL.

The top of crash stack:
OS Version:            Mac OS X 10.10.2

Crashed Thread:        0  Dispatch queue: com.apple.main-thread
Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000000
    Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
    0   XUL                           <>0x0000000112cf9694 -[ChildView scrollbarSystemMetricChanged] + 132
    1   com.apple.CoreFoundation      <>0x00007fff8f561cdc __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 12
    2   com.apple.CoreFoundation      <>0x00007fff8f453244 _CFXNotificationPost + 3140
    3   com.apple.Foundation          <>0x00007fff96433c31 -[NSNotificationCenter postNotificationName:object:userInfo:] + 66
    4   com.apple.CoreFoundation      <>0x00007fff8f4c356c __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 12
    5   com.apple.CoreFoundation      <>0x00007fff8f4b5675 __CFRunLoopDoBlocks + 341
    6   com.apple.CoreFoundation      <>0x00007fff8f4b51b6 __CFRunLoopRun + 1814
    7   com.apple.CoreFoundation      <>0x00007fff8f4b4858 CFRunLoopRunSpecific + 296
    8   com.apple.HIToolbox           <>0x00007fff9a10daef RunCurrentEventLoopInMode + 235
    9   com.apple.HIToolbox           <>0x00007fff9a10d86a ReceiveNextEventCommon + 431
    10  com.apple.HIToolbox           <>0x00007fff9a10d6ab _BlockUntilNextEventMatchingListInModeWithFilter + 71
    11  com.apple.AppKit              <>0x00007fff9a53df81 _DPSNextEvent + 964
    12  com.apple.AppKit              <>0x00007fff9a53d730 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 194
    13  com.apple.AppKit              <>0x00007fff9a531593 -[NSApplication run] + 594



Expected results:

Please add check on NULL pointer (nsIPresShell*) returned  from the call listener->GetPresShell() before calling ReconstructFrames() method in the /mozilla-release/widget/cocoansChildView.mm in the handler scrollbarSystemMetricChanged.(in a way like you do in nsChildView::BackingScaleFactorChanged())

The working  patch is:
   if (mGeckoChild) {
     nsIWidgetListener* listener = mGeckoChild->GetWidgetListener();
     if (listener) {
-      listener->GetPresShell()->ReconstructFrames();
+      nsIPresShell* presShell = listener->GetPresShell();
+      if (presShell) {
+        presShell->ReconstructFrames();
+      }
     }
   }

After the patch I have my Cocoa application normally working on MAC OS X 10.10 with XULrunner embedded.

Looking at the XUL code returned NULL pointer on the call listener->GetPresShell() is possible assuming default implementation of the method GetPresShell() returns NULL.
OS: Windows 8 → Mac OS X
The change you suggested looks good.

Do you know why scrollbarSystemMetricChanged is called? Are you changing the scrollbar system preference when it happens?
Assignee: nobody → dimas_000
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Attached patch patchSplinter Review 

        Attachment #8592906 -
        Flags: review+

    
    

    
  
I have not done so deep investigation. My guess is, I use wxWidgets GUI framework which wraps Cocoa on MAC. So, wxWidgets might do something which lead to scrollbarSystemMetricChanged fired.
Blocks: 1156393
No longer blocks: 1156393

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/84304d9d0082
Status: ASSIGNED → RESOLVED
Closed: 9 years ago

          status-firefox40:
          --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla40
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: