Crash in mozilla::TouchManager::SuppressInvalidPointsAndGetTargetedFrame

RESOLVED FIXED in Firefox 65

Status

()

defect
P2
critical
RESOLVED FIXED
4 months ago
4 months ago

People

(Reporter: philipp, Assigned: smaug)

Tracking

(Blocks 1 bug, {crash, regression})

63 Branch
mozilla66
All
Windows
Points:
---

Firefox Tracking Flags

(firefox-esr60 unaffected, firefox64 wontfix, firefox65 fixed, firefox66 fixed)

Details

(crash signature)

Attachments

(1 attachment)

(Reporter)

Description

4 months ago
This bug was filed from the Socorro interface and is
report bp-93d830f0-ba2f-4b4f-8fc5-b187f0181201.
=============================================================

Top 10 frames of crashing thread:

0 xul.dll static class nsIFrame* mozilla::TouchManager::SuppressInvalidPointsAndGetTargetedFrame layout/base/TouchManager.cpp:196
1 xul.dll mozilla::PresShell::HandleEvent layout/base/PresShell.cpp:7283
2 xul.dll nsViewManager::DispatchEvent view/nsViewManager.cpp:812
3 xul.dll nsView::HandleEvent view/nsView.cpp:1141
4 xul.dll mozilla::widget::PuppetWidget::DispatchEvent widget/PuppetWidget.cpp:408
5 xul.dll mozilla::layers::APZCCallbackHelper::DispatchWidgetEvent gfx/layers/apz/util/APZCCallbackHelper.cpp:537
6 xul.dll mozilla::dom::TabChild::RecvRealTouchEvent dom/ipc/TabChild.cpp:1919
7 xul.dll mozilla::dom::PBrowserChild::OnMessageReceived ipc/ipdl/PBrowserChild.cpp:3968
8 xul.dll void mozilla::ipc::MessageChannel::DispatchMessageW ipc/glue/MessageChannel.cpp:2175
9 xul.dll mozilla::ipc::MessageChannel::MessageTask::Run ipc/glue/MessageChannel.cpp:2045

=============================================================

content crashes with this signature are regressing on windows builds since firefox 63. many comments refer to scrolling/zooming on a touchscreen in the print preview.
(Reporter)

Updated

4 months ago
Component: DOM: File → DOM: Events
Olli, can you think about suspicious commit that triggers this crash in 63?
Flags: needinfo?(bugs)
Priority: -- → P2
(Assignee)

Comment 2

4 months ago
Shadow DOM
(Assignee)

Updated

4 months ago
Assignee: nobody → bugs
Flags: needinfo?(bugs)
(Assignee)

Updated

4 months ago
Blocks: 1517905
(Assignee)

Comment 3

4 months ago
I'm thinking this kind of super safe patch for branches and then more complicated on Nightly.
Attachment #9034522 - Flags: review?(masayuki)
Comment on attachment 9034522 [details] [diff] [review]
touch_crash.diff

Well, might cause a web-compat, but fine to avoid crash in branches.
Attachment #9034522 - Flags: review?(masayuki) → review+

Comment 5

4 months ago
Pushed by opettay@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/7814dee9683a
null check touch target before trying to access it's frame, r=masayuki

Comment 6

4 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/7814dee9683a
Status: NEW → RESOLVED
Last Resolved: 4 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
(Assignee)

Comment 7

4 months ago
Comment on attachment 9034522 [details] [diff] [review]
touch_crash.diff

[Beta/Release Uplift Approval Request]

Feature/Bug causing the regression: Bug 1471947

User impact if declined: Crashes

Is this code covered by automated tests?: No

Has the fix been verified in Nightly?: No

Needs manual test from QE?: No

If yes, steps to reproduce: The fix is based on the crash reports, which strongly hint about null pointer

List of other uplifts needed: None

Risk to taking this patch: Low

Why is the change risky/not risky? (and alternatives if risky): Just a null pointer crash

String changes made/needed: NA
Attachment #9034522 - Flags: approval-mozilla-beta?

Comment on attachment 9034522 [details] [diff] [review]
touch_crash.diff

[Triage Comment]
Simple null check crash fix. Approved for 65.0b9.

Attachment #9034522 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.