Crash in Storage: 0xb67000 + 551716 in UITableView _createPreparedCellForGlobalRow:withIndexPath:willDisplay:

RESOLVED FIXED

Status

()

--
critical
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: rnewman, Assigned: sleroux)

Tracking

({crash})

unspecified
ARM
iOS
crash

Firefox Tracking Flags

(fxios1.2+)

Details

Attachments

(2 attachments)

(Reporter)

Description

3 years ago
Build 1113, iPad (4th generation Model A1460), iOS 9.1.

Incident Identifier: 0D1BD707-EE7B-49AC-B064-B5C7A4F98E68
Beta Identifier:     13C53378-D60C-4AB8-A9FC-92BB9B152996
Hardware Model:      iPad3,6
Process:             Client [377]
Path:                /private/var/mobile/Containers/Bundle/Application/B61768B8-2CF9-4223-B13A-7EE5B84C2A91/Client.app/Client
Identifier:          org.mozilla.ios.Firefox
Version:             1113 (1.1)
Beta:                YES
Code Type:           ARM (Native)
Parent Process:      launchd [1]

Date/Time:           2015-10-23 12:24:11.11 +0200
Launch Time:         2015-10-23 12:16:33.33 +0200
OS Version:          iOS 9.1 (13B143)
Report Version:      105

Exception Type:  EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000001, 0x00000000e7ffdefe
Triggered by Thread:  0

Global Trace Buffer (reverse chronological seconds):
189.991552   CFNetwork                 	0x00000000220d079d TCP Conn 0x180cf790 complete. fd: 15, err: 0
189.992593   CFNetwork                 	0x00000000220d189f TCP Conn 0x180cf790 event 1. err: 0
190.019957   CFNetwork                 	0x00000000220d191d TCP Conn 0x180cf790 started
192.964688   CFNetwork                 	0x0000000022050a91 TCP Conn 0x18366420 SSL Handshake DONE
193.065312   CFNetwork                 	0x00000000220d079d TCP Conn 0x18270420 complete. fd: 21, err: 0
193.066865   CFNetwork                 	0x00000000220d189f TCP Conn 0x18270420 event 1. err: 0
193.510848   CFNetwork                 	0x00000000220509cb TCP Conn 0x18366420 starting SSL negotiation
193.511203   CFNetwork                 	0x00000000220d079d TCP Conn 0x18366420 complete. fd: 19, err: 0
193.512555   CFNetwork                 	0x00000000220d189f TCP Conn 0x18366420 event 1. err: 0
194.052377   CFNetwork                 	0x00000000220d191d TCP Conn 0x18366420 started
194.125980   CFNetwork                 	0x00000000220d079d TCP Conn 0x180e0d10 complete. fd: 30, err: 0

Thread 0 name:
Thread 0 Crashed:
0   Storage                       	0x00bedb24 0xb67000 + 551716
1   Client                        	0x00248dc0 0x4b000 + 2088384
2   Client                        	0x00246f98 0x4b000 + 2080664
3   UIKit                         	0x26ca4d62 -[UITableView _createPreparedCellForGlobalRow:withIndexPath:willDisplay:] + 678 (UITableView.m:10409)
4   UIKit                         	0x26ca4e88 -[UITableView _createPreparedCellForGlobalRow:willDisplay:] + 68 (UITableView.m:10441)
5   UIKit                         	0x26c94df4 -[UITableView _updateVisibleCellsNow:isRecursive:] + 2268 (UITableView.m:2237)
6   UIKit                         	0x26ca946e -[UITableView _performWithCachedTraitCollection:] + 78 (UITableView.m:12163)
7   UIKit                         	0x26a4f5ae -[UITableView layoutSubviews] + 178 (UITableView.m:7183)
8   UIKit                         	0x26961cc2 -[UIView(CALayerDelegate) layoutSublayersOfLayer:] + 694 (UIView.m:11681)
9   QuartzCore                    	0x26229b04 -[CALayer layoutSublayers] + 128 (CALayer.mm:8823)
10  QuartzCore                    	0x26225200 CA::Layer::layout_if_needed(CA::Transaction*) + 352 (CALayer.mm:8702)
11  QuartzCore                    	0x26225090 CA::Layer::layout_and_display_if_needed(CA::Transaction*) + 16 (CALayer.mm:2509)
12  QuartzCore                    	0x262245b0 CA::Context::commit_transaction(CA::Transaction*) + 368 (CAContextInternal.mm:1627)
13  QuartzCore                    	0x26224262 CA::Transaction::commit() + 614 (CATransactionInternal.mm:417)
14  UIKit                         	0x26958c1c _afterCACommitHandler + 176 (UIApplication.m:2338)
15  CoreFoundation                	0x227f4090 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 20 (CFRunLoop.c:1622)
16  CoreFoundation                	0x227f2386 __CFRunLoopDoObservers + 282 (CFRunLoop.c:1717)
17  CoreFoundation                	0x227f27c4 __CFRunLoopRun + 972 (CFRunLoop.c:711)
18  CoreFoundation                	0x227450d8 CFRunLoopRunSpecific + 516 (CFRunLoop.c:2814)
19  CoreFoundation                	0x22744ecc CFRunLoopRunInMode + 108 (CFRunLoop.c:2844)
20  GraphicsServices              	0x2b93faf8 GSEventRunModal + 160 (GSEvent.c:2247)
21  UIKit                         	0x269ce2dc UIApplicationMain + 144 (UIApplication.m:3668)
22  Client                        	0x00076484 0x4b000 + 177284
23  libdyld.dylib                 	0x34b58872 start + 2 (start_glue.s:66)
(Reporter)

Comment 1

3 years ago
Created attachment 8679476 [details]
Crash
Severity: normal → critical
tracking-fxios: --- → ?
(Assignee)

Updated

3 years ago
tracking-fxios: ? → 1.2+
Flags: needinfo?(sleroux)
(Assignee)

Updated

3 years ago
Assignee: nobody → sleroux
Flags: needinfo?(sleroux)
(Assignee)

Updated

3 years ago
Status: NEW → ASSIGNED
(Assignee)

Comment 2

3 years ago
Symbolicated:

SQLiteBookmarkFolder.subscript.getter (in Storage) (SQLiteBookmarks.swift:41)
specialized BookmarksPanel.tableView(UITableView, cellForRowAtIndexPath : NSIndexPath) -> UITableViewCell (BookmarksPanel.swift:103)
BookmarksPanel.tableView(UITableView, cellForRowAtIndexPath : NSIndexPath) -> UITableViewCell (BookmarksPanel.swift:0)

Funny enough - the place where it crashes has this comment:

        // TODO: this is fragile.
        return bookmark as! BookmarkFolder
(Assignee)

Comment 3

3 years ago
Which scenario would this not be a BookmarkFolder?

class SQLiteBookmarkFolder: BookmarkFolder {
    private let cursor: Cursor<BookmarkNode>
    override var count: Int {
        return cursor.count
    }

    override subscript(index: Int) -> BookmarkNode {
        let bookmark = cursor[index]
        if let item = bookmark as? BookmarkItem {
            return item
        }

        // TODO: this is fragile.
        return bookmark as! BookmarkFolder
    }

    init(guid: String, title: String, children: Cursor<BookmarkNode>) {
        self.cursor = children
        super.init(guid: guid, title: title)
    }
}
Flags: needinfo?(rnewman)
(Reporter)

Comment 4

3 years ago
The query doesn't return anything but folders and bookmarks, so that cast should always succeed… if bookmark isn't nil.

It could fail if our cursor index is out of bounds. The subscript operation will quietly return nil, and the cast will fail with EXC_BREAKPOINT.


BUT OH HEY LOOK

http://stackoverflow.com/questions/26147424/crash-in-uitableview-sending-message-to-deallocated-uiviewcontroller
Flags: needinfo?(rnewman)
(Assignee)

Comment 5

3 years ago
Sweet - that works.

I've had to do this in the past but never new why but came across this: http://stackoverflow.com/questions/15016348/set-delegates-to-nil-under-arc (see the accepted answer). Looks with UITableViews/UIScrollViews if there is an animation in-progress, the view outlives the VC so when the data source asks for data its gone.
(Assignee)

Comment 6

3 years ago
Created attachment 8680111 [details] [review]
https://github.com/mozilla/firefox-ios/pull/1201

I wasn't able to reproduce this crash but I think having this patch should prevent the issue or at least be useful to have.
Attachment #8680111 - Flags: review?(rnewman)
(Reporter)

Comment 7

3 years ago
Comment on attachment 8680111 [details] [review]
https://github.com/mozilla/firefox-ios/pull/1201

r+ with comment.

Does this apply to other view controllers?
Attachment #8680111 - Flags: review?(rnewman) → review+
(Assignee)

Comment 8

3 years ago
This will apply to any view controllers that subclass SiteTableViewController which I believe includes Bookmarks, History, and Search. This doesn't include SettingsTableViewController or RemoteTabs but those use UITableViewController as their parent.
(Assignee)

Comment 9

3 years ago
Merged

cbc210e9a1033f2195fc0b25b8f7709853cdce47
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.