Closed Bug 1250560 Opened 8 years ago Closed 8 years ago

crash in mozilla::AccessibleCaretEventHub::HandleTouchEvent

Categories

(Core :: DOM: Selection, defect)

Product:
Core
Component:
DOM: Selection
Platform:
Unspecified
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla47
Tracking Flags:
Tracking Status
firefox47 --- fixed

People

(Reporter: snorp, Assigned: TYLin)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file, 2 obsolete files)

MozReview Request: Bug 1250560 - Fix crash in HandleTouchEvent. r?roc
58 bytes, text/x-review-board-request
roc
: review+
Details 
This bug was filed from the Socorro interface and is 
report bp-639caf82-2994-4bd9-9531-b974c2160220.
=============================================================
The crash stack looks strange.

Frame 0: AccessibleCaretEventHub::HandleTouchEvent
Frame 1: PresShell::HandleEvent() 

There should be AccessibleCaretEventHub::HandleEvent between frame 1 and 0.

Let's see if crash still happens with bug 1246918 and bug 1248847 landed.
Blocks: AccessibleCaret
I found an invaluable comment in this report [1], which says "When Pointer events enabled and multiple touches present Nightly crashes (as soon as a second simultaneous touch makes contact)"

I can reproduce this on prebuild Nightly after turn on "dom.w3c_pointer_events.enabled" and multi-touch on the screen.

[1] https://crash-stats.mozilla.com/report/index/fe14b6b8-59ad-4152-8693-2cadb2160226
Assignee: nobody → tlin
This patch is generatedy by applying clang-format on
AccessibleCaretEventHub.cpp.

Review commit: https://reviewboard.mozilla.org/r/37055/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/37055/
Attachment #8724520 - Flags: review?(roc)
When enabling "dom.w3c_pointer_events.enabled", we might get a
eTouchCancel event without any touch data. That is, aEvent->touches is
an empty array.

Since |id| and |point| are used only in eTouchStart, I move them into
the eTouchStart to fix the crash.

Review commit: https://reviewboard.mozilla.org/r/37057/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/37057/
Attachment #8724521 - Flags: review?(roc)
Blocks: 1251915
Comment on attachment 8724520 [details]
MozReview Request: Bug 1250560 Part 0 - Correct AccessibleCaretEventHub coding style by clang-format. r?roc

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/37055/diff/1-2/
Comment on attachment 8724521 [details]
MozReview Request: Bug 1250560 Part 1 - Fix crash in HandleTouchEvent. r?roc

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/37057/diff/1-2/
When enabling "dom.w3c_pointer_events.enabled", we might get a
eTouchCancel event without any touch data. That is, aEvent->touches is
an empty array. We need to make sure it's non-empty before accessing
aEvent->touches[0].

Review commit: https://reviewboard.mozilla.org/r/37089/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/37089/
Attachment #8724542 - Flags: review?(roc)
Attachment #8724520 - Attachment is obsolete: true
Attachment #8724520 - Flags: review?(roc)
Attachment #8724521 - Attachment is obsolete: true
Attachment #8724521 - Flags: review?(roc)
Comment on attachment 8724542 [details]
MozReview Request: Bug 1250560 - Fix crash in HandleTouchEvent. r?roc

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/37089/diff/1-2/
Comment on attachment 8724542 [details]
MozReview Request: Bug 1250560 - Fix crash in HandleTouchEvent. r?roc

https://reviewboard.mozilla.org/r/37089/#review33611
Attachment #8724542 - Flags: review?(roc) → review+
https://hg.mozilla.org/mozilla-central/rev/8ad96eb28e4f
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox47: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla47
Component: Layout → Selection
You need to log in before you can comment on or make changes to this bug.