Closed
Bug 1457273
Opened 7 years ago
Closed 7 years ago
Crash in java.lang.IllegalArgumentException: invalid selection notification range at org.mozilla.gecko.GeckoEditableChild.onSelectionChange(GeckoEditableChild.java)
Categories
(Firefox for Android Graveyard :: Keyboards and IME, defect)
Tracking
(firefox59 unaffected, firefox60 unaffected, firefox61- wontfix, firefox62- wontfix, firefox63 wontfix, firefox64 disabled, firefox65 fixed)
RESOLVED
FIXED
Firefox 65
| Tracking | Status | |
|---|---|---|
| firefox59 | --- | unaffected |
| firefox60 | --- | unaffected |
| firefox61 | - | wontfix |
| firefox62 | - | wontfix |
| firefox63 | --- | wontfix |
| firefox64 | --- | disabled |
| firefox65 | --- | fixed |
People
(Reporter: mccr8, Assigned: jchen)
Details
(Keywords: crash, regression, topcrash)
Crash Data
Attachments
(1 file)
|
47 bytes,
text/x-phabricator-request
|
jcristau
:
approval-mozilla-beta-
|
Details | Review |
This bug was filed from the Socorro interface and is
report bp-64694798-55fe-4a27-b6c8-54cee0180426.
=============================================================
Top 10 frames of crashing thread:
0 libxul.so <name omitted> widget/android/GeckoEditableSupport.cpp:890
1 libxul.so mozilla::widget::GeckoEditableSupport::FlushIMEChanges widget/android/GeckoEditableSupport.cpp:910
2 libxul.so mozilla::widget::GeckoEditableSupport::FlushIMEText widget/android/GeckoEditableSupport.cpp:930
3 libxul.so <name omitted> widget/android/GeckoEditableSupport.cpp:884
4 libxul.so mozilla::widget::GeckoEditableSupport::FlushIMEChanges widget/android/GeckoEditableSupport.cpp:910
5 libxul.so nsAppShell::LambdaEvent<>::Run widget/android/GeckoEditableSupport.cpp:791
6 libxul.so nsAppShell::ProcessNextNativeEvent widget/android/nsAppShell.cpp:732
7 libxul.so nsBaseAppShell::DoProcessNextNativeEvent widget/nsBaseAppShell.cpp:139
8 libxul.so nsBaseAppShell::OnProcessNextEvent widget/nsBaseAppShell.cpp:272
9 libxul.so <name omitted> widget/nsBaseAppShell.cpp
=============================================================
#2 top crash on the April 26 Nightly, with 9 crashes from 3 installs.
|
||
Updated•7 years ago
|
Keywords: regression
|
||
Comment 1•7 years ago
|
||
Still the #6 overall top crasher on Nightly.
|
|
||
Comment 2•7 years ago
|
||
:jchen is there something we can do to prevent this crash? Seems as if we had a similar issue back in Firefox 55.
Flags: needinfo?(nchen)
|
Assignee | |
Comment 3•7 years ago
|
||
Assigning it to me, but without some STR it's difficult to track down these crashes.
Assignee: nobody → nchen
Status: NEW → ASSIGNED
Flags: needinfo?(nchen)
|
|
||
Updated•7 years ago
|
status-firefox62:
--- → affected
tracking-firefox62:
--- → +
|
|
Assignee | |
Comment 5•7 years ago
|
||
I'm not actively working on this since there are no clear STR.
Flags: needinfo?(nchen)
|
||
Comment 6•7 years ago
|
||
Resolve with WFM then?
|
|
||
Comment 7•7 years ago
|
||
WFM implies that the issue went away on its own, which clearly isn't the case per recent reports on crash-stats. Not going to track for 61, though, since it's low-frequency and not looking very actionable at the moment.
|
|
||
Comment 8•7 years ago
|
||
Since we don't think this is currently actionable, not tracking for 62. If the crash volume increases on beta we can come back to this and try to get STR.
|
|
||
Updated•7 years ago
|
|
||
Updated•7 years ago
|
Crash Signature: [@ java.lang.IllegalArgumentException: invalid selection notification range at org.mozilla.gecko.GeckoEditableChild.onSelectionChange(GeckoEditableChild.java)] → [@ java.lang.IllegalArgumentException: invalid selection notification range at org.mozilla.gecko.GeckoEditableChild.onSelectionChange(GeckoEditableChild.java)]
[@ java.lang.IllegalArgumentException: at org.mozilla.gecko.GeckoEditableChild.onSelectionChan…
|
||
Comment 9•7 years ago
|
||
STR:
Setup:
1) Go to https://addons.mozilla.org/firefox/addon/styl-us/
2) Ignore the "not available on your platform" warning and long-tap the "+ Add to Firefox" button
3) Select "Open Link in New Tab"
4) Tap "ALLOW" in "Blocked add-on" dialog
5) Tap "ADD" in "Add Stylus?" dialog
Actual STR:
6) Go to e.g. example.com (since AMO is blocked)
7) Open Browser menu
8) Select "Stylus" entry
9) Press "example.com" under "Write style for:"
10) In style-editing window type a "." in the textarea
11) Long-press in textarea to bring up context menu
12) Tap in textarea again
13) Crash
Wasn't immediately reproducible on codemirror.net, so not clear if the codemirror editor needs certain settings, or if it's an interaction with other code in the extension.
Flags: needinfo?(nchen)
|
|
||
Comment 10•7 years ago
|
||
This is currently the #2 overall top crash on Fennec nightly.
Keywords: topcrash
|
|
||
Comment 11•7 years ago
|
||
So the interesting part of CodeMirror seems to be the active-line plugin [1], combined with the contenteditable inputStyle [2]. I've been able to create a much-reduced testcase and STR:
1) Go to http://kwan.perix.co.uk/mozilla/fennecCrash/
2) Tap in the editor
3) Type "."
4) Long-press on the line with the "." to bring up a selection + context menu
5) Crash; else, Tap in editor again
6) Crash
CodeMirror's own demo page for the plugin [3] doesn't seem to repro as well, only managed it once.
[1] https://codemirror.net/doc/manual.html#addon_active-line
[2] https://codemirror.net/doc/manual.html#option_inputStyle
[3] https://codemirror.net/demo/activeline.html
|
|
Assignee | |
Comment 12•7 years ago
|
||
Thank you for the detailed info, Ian! I'm no longer working on this bug unfortunately, but :m_kato may be interested.
Assignee: nchen → nobody
Status: ASSIGNED → NEW
Flags: needinfo?(nchen)
|
|
Assignee | |
Comment 13•7 years ago
|
||
Actually I wrote a small patch that might help.
Assignee: nobody → jimnchen+bmo
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 14•7 years ago
|
||
Sometimes, when recovering from an IME error, we get selection offsets
that are out of bounds. Limit the offsets in that case so we don't
crash.
|
||
Comment 15•7 years ago
|
||
Pushed by nchen@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4187b4408662
Limit selection offsets after recovering from IME error; r=esawin
|
|
||
Comment 16•7 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox65:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 65
|
|
||
Updated•7 years ago
|
|
|
||
Comment 17•7 years ago
|
||
Crash data on Nightly looks good so far. Can you please request Beta approval, Jim?
Flags: needinfo?(jimnchen+bmo)
|
|
Assignee | |
Comment 18•7 years ago
|
||
Comment on attachment 9025274 [details]
Bug 1457273 - Limit selection offsets after recovering from IME error; r?esawin
[Beta/Release Uplift Approval Request]
Feature/Bug causing the regression: n/a
User impact if declined: Random crashes when inputting text
Is this code covered by automated tests?: No
Has the fix been verified in Nightly?: Yes
Needs manual test from QE?: No
If yes, steps to reproduce:
List of other uplifts needed: None
Risk to taking this patch: Low
Why is the change risky/not risky? (and alternatives if risky): Crash fix only
String changes made/needed: n/a
Flags: needinfo?(jimnchen+bmo)
Attachment #9025274 -
Flags: approval-mozilla-beta?
|
||
Comment 19•7 years ago
|
||
Comment on attachment 9025274 [details]
Bug 1457273 - Limit selection offsets after recovering from IME error; r?esawin
bug 1351170 made this not crash outside of nightly, afaict?
Attachment #9025274 -
Flags: approval-mozilla-beta? → approval-mozilla-beta-
|
|
||
Updated•7 years ago
|
|
||
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•