Closed Bug 1457273 Opened Last year Closed 9 months ago
Crash in java
.lang .Illegal Argument Exception: invalid selection notification range at org .mozilla .gecko .Gecko Editable Child .on Selection Change(Gecko Editable Child .java)
47 bytes, text/x-phabricator-request
|Details | Review|
This bug was filed from the Socorro interface and is report bp-64694798-55fe-4a27-b6c8-54cee0180426. ============================================================= Top 10 frames of crashing thread: 0 libxul.so <name omitted> widget/android/GeckoEditableSupport.cpp:890 1 libxul.so mozilla::widget::GeckoEditableSupport::FlushIMEChanges widget/android/GeckoEditableSupport.cpp:910 2 libxul.so mozilla::widget::GeckoEditableSupport::FlushIMEText widget/android/GeckoEditableSupport.cpp:930 3 libxul.so <name omitted> widget/android/GeckoEditableSupport.cpp:884 4 libxul.so mozilla::widget::GeckoEditableSupport::FlushIMEChanges widget/android/GeckoEditableSupport.cpp:910 5 libxul.so nsAppShell::LambdaEvent<>::Run widget/android/GeckoEditableSupport.cpp:791 6 libxul.so nsAppShell::ProcessNextNativeEvent widget/android/nsAppShell.cpp:732 7 libxul.so nsBaseAppShell::DoProcessNextNativeEvent widget/nsBaseAppShell.cpp:139 8 libxul.so nsBaseAppShell::OnProcessNextEvent widget/nsBaseAppShell.cpp:272 9 libxul.so <name omitted> widget/nsBaseAppShell.cpp ============================================================= #2 top crash on the April 26 Nightly, with 9 crashes from 3 installs.
Still the #6 overall top crasher on Nightly.
:jchen is there something we can do to prevent this crash? Seems as if we had a similar issue back in Firefox 55.
Assigning it to me, but without some STR it's difficult to track down these crashes.
Assignee: nobody → nchen
Status: NEW → ASSIGNED
Update on this?
I'm not actively working on this since there are no clear STR.
Resolve with WFM then?
WFM implies that the issue went away on its own, which clearly isn't the case per recent reports on crash-stats. Not going to track for 61, though, since it's low-frequency and not looking very actionable at the moment.
Since we don't think this is currently actionable, not tracking for 62. If the crash volume increases on beta we can come back to this and try to get STR.
Crash Signature: [@ java.lang.IllegalArgumentException: invalid selection notification range at org.mozilla.gecko.GeckoEditableChild.onSelectionChange(GeckoEditableChild.java)] → [@ java.lang.IllegalArgumentException: invalid selection notification range at org.mozilla.gecko.GeckoEditableChild.onSelectionChange(GeckoEditableChild.java)] [@ java.lang.IllegalArgumentException: at org.mozilla.gecko.GeckoEditableChild.onSelectionChan…
STR: Setup: 1) Go to https://addons.mozilla.org/firefox/addon/styl-us/ 2) Ignore the "not available on your platform" warning and long-tap the "+ Add to Firefox" button 3) Select "Open Link in New Tab" 4) Tap "ALLOW" in "Blocked add-on" dialog 5) Tap "ADD" in "Add Stylus?" dialog Actual STR: 6) Go to e.g. example.com (since AMO is blocked) 7) Open Browser menu 8) Select "Stylus" entry 9) Press "example.com" under "Write style for:" 10) In style-editing window type a "." in the textarea 11) Long-press in textarea to bring up context menu 12) Tap in textarea again 13) Crash Wasn't immediately reproducible on codemirror.net, so not clear if the codemirror editor needs certain settings, or if it's an interaction with other code in the extension.
This is currently the #2 overall top crash on Fennec nightly.
So the interesting part of CodeMirror seems to be the active-line plugin , combined with the contenteditable inputStyle . I've been able to create a much-reduced testcase and STR: 1) Go to http://kwan.perix.co.uk/mozilla/fennecCrash/ 2) Tap in the editor 3) Type "." 4) Long-press on the line with the "." to bring up a selection + context menu 5) Crash; else, Tap in editor again 6) Crash CodeMirror's own demo page for the plugin  doesn't seem to repro as well, only managed it once.  https://codemirror.net/doc/manual.html#addon_active-line  https://codemirror.net/doc/manual.html#option_inputStyle  https://codemirror.net/demo/activeline.html
Thank you for the detailed info, Ian! I'm no longer working on this bug unfortunately, but :m_kato may be interested.
Assignee: nchen → nobody
Status: ASSIGNED → NEW
Actually I wrote a small patch that might help.
Assignee: nobody → jimnchen+bmo
Status: NEW → ASSIGNED
Sometimes, when recovering from an IME error, we get selection offsets that are out of bounds. Limit the offsets in that case so we don't crash.
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/autoland/rev/4187b4408662 Limit selection offsets after recovering from IME error; r=esawin
Crash data on Nightly looks good so far. Can you please request Beta approval, Jim?
Comment on attachment 9025274 [details] Bug 1457273 - Limit selection offsets after recovering from IME error; r?esawin [Beta/Release Uplift Approval Request] Feature/Bug causing the regression: n/a User impact if declined: Random crashes when inputting text Is this code covered by automated tests?: No Has the fix been verified in Nightly?: Yes Needs manual test from QE?: No If yes, steps to reproduce: List of other uplifts needed: None Risk to taking this patch: Low Why is the change risky/not risky? (and alternatives if risky): Crash fix only String changes made/needed: n/a
Attachment #9025274 - Flags: approval-mozilla-beta?
Comment on attachment 9025274 [details] Bug 1457273 - Limit selection offsets after recovering from IME error; r?esawin bug 1351170 made this not crash outside of nightly, afaict?
Attachment #9025274 - Flags: approval-mozilla-beta? → approval-mozilla-beta-
You need to log in before you can comment on or make changes to this bug.