Closed Bug 1516426 Opened 5 years ago Closed 5 years ago

Crash in mozilla::TouchManager::SuppressInvalidPointsAndGetTargetedFrame

Categories

(Core :: DOM: Events, defect, P2)

Product:
Core
Component:
DOM: Events
Version:
63 Branch
Platform:
All
Windows
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla66
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox64 --- wontfix
firefox65 --- fixed
firefox66 --- fixed

People

(Reporter: philipp, Assigned: smaug)

References

(Blocks 1 open bug)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

touch_crash.diff
973 bytes, patch
masayuki
: review+
RyanVM
: approval-mozilla-beta+
Details | Diff | Splinter Review 
This bug was filed from the Socorro interface and is
report bp-93d830f0-ba2f-4b4f-8fc5-b187f0181201.
=============================================================

Top 10 frames of crashing thread:

0 xul.dll static class nsIFrame* mozilla::TouchManager::SuppressInvalidPointsAndGetTargetedFrame layout/base/TouchManager.cpp:196
1 xul.dll mozilla::PresShell::HandleEvent layout/base/PresShell.cpp:7283
2 xul.dll nsViewManager::DispatchEvent view/nsViewManager.cpp:812
3 xul.dll nsView::HandleEvent view/nsView.cpp:1141
4 xul.dll mozilla::widget::PuppetWidget::DispatchEvent widget/PuppetWidget.cpp:408
5 xul.dll mozilla::layers::APZCCallbackHelper::DispatchWidgetEvent gfx/layers/apz/util/APZCCallbackHelper.cpp:537
6 xul.dll mozilla::dom::TabChild::RecvRealTouchEvent dom/ipc/TabChild.cpp:1919
7 xul.dll mozilla::dom::PBrowserChild::OnMessageReceived ipc/ipdl/PBrowserChild.cpp:3968
8 xul.dll void mozilla::ipc::MessageChannel::DispatchMessageW ipc/glue/MessageChannel.cpp:2175
9 xul.dll mozilla::ipc::MessageChannel::MessageTask::Run ipc/glue/MessageChannel.cpp:2045

=============================================================

content crashes with this signature are regressing on windows builds since firefox 63. many comments refer to scrolling/zooming on a touchscreen in the print preview.
Component: DOM: File → DOM: Events
Olli, can you think about suspicious commit that triggers this crash in 63?
Flags: needinfo?(bugs)
Priority: -- → P2
Shadow DOM
Assignee: nobody → bugs
Flags: needinfo?(bugs)
Blocks: 1517905
Attached patch touch_crash.diffSplinter Review 
I'm thinking this kind of super safe patch for branches and then more complicated on Nightly.
Attachment #9034522 - Flags: review?(masayuki)
Comment on attachment 9034522 [details] [diff] [review]
touch_crash.diff

Well, might cause a web-compat, but fine to avoid crash in branches.
Attachment #9034522 - Flags: review?(masayuki) → review+
Pushed by opettay@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/7814dee9683a
null check touch target before trying to access it's frame, r=masayuki
https://hg.mozilla.org/mozilla-central/rev/7814dee9683a
Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox66: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
Comment on attachment 9034522 [details] [diff] [review]
touch_crash.diff

[Beta/Release Uplift Approval Request]

Feature/Bug causing the regression: Bug 1471947

User impact if declined: Crashes

Is this code covered by automated tests?: No

Has the fix been verified in Nightly?: No

Needs manual test from QE?: No

If yes, steps to reproduce: The fix is based on the crash reports, which strongly hint about null pointer

List of other uplifts needed: None

Risk to taking this patch: Low

Why is the change risky/not risky? (and alternatives if risky): Just a null pointer crash

String changes made/needed: NA
Attachment #9034522 - Flags: approval-mozilla-beta?

Comment on attachment 9034522 [details] [diff] [review]
touch_crash.diff

[Triage Comment]
Simple null check crash fix. Approved for 65.0b9.

Attachment #9034522 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: