Closed
Bug 1267929
Opened 8 years ago
Closed 8 years ago
crash in nsRange::CloneRange
Categories
(Firefox for Android Graveyard :: Text Selection, defect)
Tracking
(firefox48 fixed, firefox49 fixed)
RESOLVED
FIXED
Firefox 49
People
(Reporter: n.nethercote, Assigned: TYLin)
References
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
58 bytes,
text/x-review-board-request
|
MatsPalmgren_bugz
:
review+
Sylvestre
:
approval-mozilla-aurora+
|
Details |
This bug was filed from the Socorro interface and is report bp-ed28a77c-f045-4a57-aee1-378152160427. ============================================================= This is the #1 topcrash on Fennec Nightly, happening multiple times per day. (For Fennec Nightly that's a strong signal.) It started in Nightly 20160422030223. Bug 1265750 seems likely to be the cause, because the timeline matches, and the crashing stack traces contain multiple source code locations last touched in that bug: > 0 libxul.so nsRange::CloneRange xpcom/glue/nsCOMPtr.h > 1 libxul.so mozilla::AccessibleCaretManager::ExtendPhoneNumberSelection layout/base/AccessibleCaretManager.cpp > 2 libxul.so mozilla::AccessibleCaretManager::SelectMoreIfPhoneNumber layout/base/AccessibleCaretManager.cpp > 3 libxul.so mozilla::AccessibleCaretManager::SelectWord layout/base/AccessibleCaretManager.cpp > 4 libxul.so mozilla::AccessibleCaretManager::SelectWordOrShortcut layout/base/AccessibleCaretManager.cpp > 5 libxul.so mozilla::AccessibleCaretEventHub::LongTapState::OnLongTap layout/base/AccessibleCaretEventHub.cpp > 6 libxul.so mozilla::AccessibleCaretEventHub::HandleMouseEvent layout/base/AccessibleCaretEventHub.cpp > 7 libxul.so PresShell::HandleEvent layout/base/nsPresShell.cpp
Comment 2•8 years ago
|
||
fyi, workaround in m-c is disable this functionality "layout.accessiblecaret.extend_selection_for_phone_number" -> false
Flags: needinfo?(markcapella)
Assignee | ||
Comment 3•8 years ago
|
||
I think we should bail out if GetAnchorFocusRange() is nullptr. I'll fix this.
Assignee: nobody → tlin
Status: NEW → ASSIGNED
Assignee | ||
Comment 4•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/49187/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/49187/
Attachment #8745937 -
Flags: review?(mats)
Comment 5•8 years ago
|
||
Comment on attachment 8745937 [details] MozReview Request: Bug 1267929 - Bail out from ExtendPhoneNumberSelection if GetAnchorFocusRange() is nullptr. https://reviewboard.mozilla.org/r/49187/#review46041
Attachment #8745937 -
Flags: review?(mats) → review+
Comment 7•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/bd3b4cd56590
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox49:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 49
Assignee | ||
Comment 8•8 years ago
|
||
Comment on attachment 8745937 [details] MozReview Request: Bug 1267929 - Bail out from ExtendPhoneNumberSelection if GetAnchorFocusRange() is nullptr. Approval Request Comment [Feature/regressing bug #]: Bug 1265750 causes Fennec crashes [User impact if declined]: Fennec crashes [Describe test coverage new/current, TreeHerder]: Landed on central, and pass all try tests. [Risks and why]: Low. Simple nullptr check and early return. [String/UUID change made/needed]: none
Attachment #8745937 -
Flags: approval-mozilla-aurora?
Assignee | ||
Updated•8 years ago
|
status-firefox48:
--- → affected
Comment 9•8 years ago
|
||
Comment on attachment 8745937 [details] MozReview Request: Bug 1267929 - Bail out from ExtendPhoneNumberSelection if GetAnchorFocusRange() is nullptr. Improve aurora stability, taking it.
Attachment #8745937 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Updated•3 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•