Closed Bug 1267929 Opened 8 years ago Closed 8 years ago

crash in nsRange::CloneRange

Categories

(Firefox for Android Graveyard :: Text Selection, defect)

Unspecified
Android
defect
Not set
critical

Tracking

(firefox48 fixed, firefox49 fixed)

RESOLVED FIXED
Firefox 49
Tracking Status
firefox48 --- fixed
firefox49 --- fixed

People

(Reporter: n.nethercote, Assigned: TYLin)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is 
report bp-ed28a77c-f045-4a57-aee1-378152160427.
=============================================================

This is the #1 topcrash on Fennec Nightly, happening multiple times per day. (For Fennec Nightly that's a strong signal.)

It started in Nightly 20160422030223. Bug 1265750 seems likely to be the cause, because the timeline matches, and the crashing stack traces contain multiple source code locations last touched in that bug:

> 0 	libxul.so 	nsRange::CloneRange 	xpcom/glue/nsCOMPtr.h
> 1 	libxul.so 	mozilla::AccessibleCaretManager::ExtendPhoneNumberSelection 	layout/base/AccessibleCaretManager.cpp
> 2 	libxul.so 	mozilla::AccessibleCaretManager::SelectMoreIfPhoneNumber 	layout/base/AccessibleCaretManager.cpp
> 3 	libxul.so 	mozilla::AccessibleCaretManager::SelectWord 	layout/base/AccessibleCaretManager.cpp
> 4 	libxul.so 	mozilla::AccessibleCaretManager::SelectWordOrShortcut 	layout/base/AccessibleCaretManager.cpp
> 5 	libxul.so 	mozilla::AccessibleCaretEventHub::LongTapState::OnLongTap 	layout/base/AccessibleCaretEventHub.cpp
> 6 	libxul.so 	mozilla::AccessibleCaretEventHub::HandleMouseEvent 	layout/base/AccessibleCaretEventHub.cpp
> 7 	libxul.so 	PresShell::HandleEvent 	layout/base/nsPresShell.cpp
capella, can you please investigate?
Flags: needinfo?(markcapella)
Blocks: 1265750
fyi, workaround in m-c is disable this functionality
"layout.accessiblecaret.extend_selection_for_phone_number" -> false
Flags: needinfo?(markcapella)
I think we should bail out if GetAnchorFocusRange() is nullptr. I'll fix this.
Assignee: nobody → tlin
Status: NEW → ASSIGNED
Comment on attachment 8745937 [details]
MozReview Request: Bug 1267929 - Bail out from ExtendPhoneNumberSelection if GetAnchorFocusRange() is nullptr.

https://reviewboard.mozilla.org/r/49187/#review46041
Attachment #8745937 - Flags: review?(mats) → review+
https://hg.mozilla.org/mozilla-central/rev/bd3b4cd56590
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 49
Comment on attachment 8745937 [details]
MozReview Request: Bug 1267929 - Bail out from ExtendPhoneNumberSelection if GetAnchorFocusRange() is nullptr.

Approval Request Comment
[Feature/regressing bug #]: Bug 1265750 causes Fennec crashes
[User impact if declined]: Fennec crashes
[Describe test coverage new/current, TreeHerder]: Landed on central, and pass all try tests.
[Risks and why]: Low. Simple nullptr check and early return.
[String/UUID change made/needed]: none
Attachment #8745937 - Flags: approval-mozilla-aurora?
Comment on attachment 8745937 [details]
MozReview Request: Bug 1267929 - Bail out from ExtendPhoneNumberSelection if GetAnchorFocusRange() is nullptr.

Improve aurora stability, taking it.
Attachment #8745937 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.