Closed
Bug 1370762
Opened 8 years ago
Closed 8 years ago
Crash in mozilla::dom::Selection::ToString
Categories
(Core :: DOM: Selection, defect)
Tracking
()
RESOLVED
FIXED
mozilla55
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox53 | --- | unaffected |
| firefox54 | --- | unaffected |
| firefox55 | --- | fixed |
People
(Reporter: kanru, Assigned: TYLin)
References
(Blocks 1 open bug)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
This bug was filed from the Socorro interface and is
report bp-e4f77a45-6549-4be8-b733-32e7d0170606.
=============================================================
30 crashes on FennecAndroid in the past 3 months.
mozilla::dom::Selection::ToString
mozilla::AccessibleCaretManager::StringifiedSelection
mozilla::AccessibleCaretManager::SelectMoreIfPhoneNumber
mozilla::AccessibleCaretManager::SelectWord
mozilla::AccessibleCaretManager::SelectWordOrShortcut
mozilla::AccessibleCaretEventHub::LongTapState::OnLongTap
mozilla::AccessibleCaretEventHub::HandleMouseEvent
mozilla::PresShell::HandleEvent
nsViewManager::DispatchEvent
nsView::HandleEvent
nsWindow::DispatchEvent
mozilla::layers::APZCCallbackHelper::DispatchWidgetEvent
mozilla::layers::APZCCallbackHelper::DispatchSynthesizedMouseEvent
mozilla::layers::APZEventState::FireContextmenuEvents
mozilla::layers::APZEventState::ProcessLongTap
mozilla::layers::ChromeProcessController::HandleTap
mozilla::detail::RunnableMethodImpl<T>::Run
nsThread::ProcessNextEvent
NS_ProcessNextEvent
mozilla::ipc::MessagePump::Run
MessageLoop::Run
nsBaseAppShell::Run
nsAppStartup::Run
XREMain::XRE_mainRun
Missing a null check? Please consider to wrap the return value with mozilla::Maybe.
Flags: needinfo?(tlin)
|
Assignee | |
Comment 1•8 years ago
|
||
> Missing a null check? Please consider to wrap the return value with mozilla::Maybe.
Yes. I think we'll need to check whether GetSelection() is nullptr or not. Which return value do you mean here?
Assignee: nobody → tlin
Blocks: AccessibleCaret
Status: NEW → ASSIGNED
Flags: needinfo?(tlin) → needinfo?(kchen)
|
Reporter | |
Comment 2•8 years ago
|
||
(In reply to Ting-Yu Lin [:TYLin] (UTC+8) from comment #1)
> > Missing a null check? Please consider to wrap the return value with mozilla::Maybe.
>
> Yes. I think we'll need to check whether GetSelection() is nullptr or not.
> Which return value do you mean here?
I mean the return value of GetSelection()
Flags: needinfo?(kchen)
| Comment hidden (mozreview-request) |
|
||
Comment 4•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8875591 [details]
Bug 1370762 - Null check GetSelection() before calling Stringify().
https://reviewboard.mozilla.org/r/147014/#review151126
Attachment #8875591 -
Flags: review?(mtseng) → review+
|
|
Assignee | |
Comment 5•8 years ago
|
||
(In reply to Kan-Ru Chen [:kanru] (UTC+8) from comment #2)
> I mean the return value of GetSelection()
In gecko, it seems unusual to wrap a pointer in mozilla::Maybe instead of checking the validity of the pointer.
Pushed by tlin@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/33765075ea48
Null check GetSelection() before calling Stringify(). r=mtseng
|
|
Reporter | |
Comment 7•8 years ago
|
||
(In reply to Ting-Yu Lin [:TYLin] (UTC+8) from comment #5)
> (In reply to Kan-Ru Chen [:kanru] (UTC+8) from comment #2)
> > I mean the return value of GetSelection()
>
> In gecko, it seems unusual to wrap a pointer in mozilla::Maybe instead of
> checking the validity of the pointer.
Yes, and I consider that a bad practice ;-)
We have MOZ_MUST_USE to enforce that a return value must be used. We have mozilla::Result to enforce that a fallible function's result are checked. I think mozilla::Maybe should be used when a return value is nullable.
Anyway, thanks for fixing this.
|
|
Assignee | |
Comment 8•8 years ago
|
||
Re comment 7:
> I think mozilla::Maybe should be used when a return value is nullable.
I guess this means when mozilla::Maybe wraps a pointer type, the responsibility of null check is on the callee side, which must wrap the non-nullptr pointer in Some.
|
|
Reporter | |
Comment 9•8 years ago
|
||
(In reply to Ting-Yu Lin [:TYLin] (UTC+8) from comment #8)
> Re comment 7:
> > I think mozilla::Maybe should be used when a return value is nullable.
>
> I guess this means when mozilla::Maybe wraps a pointer type, the
> responsibility of null check is on the callee side, which must wrap the
> non-nullptr pointer in Some.
In this case instead of return nullptr, Nothing() is returned.
|
||
Comment 10•8 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox55:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
|
||
Updated•8 years ago
|
status-firefox53:
--- → unaffected
status-firefox54:
--- → unaffected
status-firefox-esr52:
--- → unaffected
You need to log in
before you can comment on or make changes to this bug.
Description
•