Crash in mozilla::layers::UiCompositorControllerChild::OpenForSameProcess
Categories
(Core :: Graphics: Layers, defect)
Tracking
()
People
(Reporter: jcristau, Assigned: rbarker)
Details
(Keywords: crash, csectype-uaf, sec-moderate, Whiteboard: [geckoview][adv-main67+] gfx-noted)
Crash Data
Attachments
(1 file)
This bug is for crash report bp-3f5fd709-340e-44fa-982f-9fa980190115.
Top 10 frames of crashing thread:
0 libxul.so mozilla::layers::UiCompositorControllerChild::OpenForSameProcess gfx/layers/ipc/UiCompositorControllerChild.cpp:270
1 libxul.so mozilla::detail::RunnableMethodImpl<FdWatcher*, void xpcom/threads/nsThreadUtils.h:1197
2 libxul.so mozilla::RunAndroidUiTasks widget/android/AndroidUiThread.cpp:360
3 base.odex base.odex@0x8dc515
4 base.art (deleted) base.art @0xeb0aa
5 base.art (deleted) base.art @0x32c16
6 system@framework@boot-framework.art system@framework@boot-framework.art@0x4944c2
7 base.art (deleted) base.art @0xe262e
8 dalvik-main space (deleted) dalvik-main space @0x27326
9 base.art (deleted) base.art @0x2c76e
Focus crashes at 0xe5e5e859.
|
||
Comment 1•7 years ago
|
||
All the crashes appear to be UAFs in Focus. Not sure what's going on here -- 60 frames of android stuff and then a couple frames of us. Some runable that stuck around too long and got woken up after everything else went away? Guessing "sec-moderate" because it looks like it would require getting the system to wake up.
|
||
Comment 2•7 years ago
|
||
Is it possible to make mWidget a RefPtr here?
|
||
Updated•7 years ago
|
|
|
||
Updated•7 years ago
|
|
||
Updated•7 years ago
|
|
Assignee | |
Comment 4•7 years ago
|
||
Speculative fix for crash.
|
|
||
Updated•7 years ago
|
|
|
Assignee | |
Updated•7 years ago
|
|
|
Assignee | |
Comment 5•7 years ago
|
||
I'm not sure what else is need to land this. I guess it can't be landed from phabricator with lando?
|
|
||
Comment 6•7 years ago
|
||
I believe lando does support secure revisions. RyanVM will know for sure.
|
||
Comment 7•7 years ago
|
||
It does if you give it a Phabricator API token.
|
|
||
Comment 8•7 years ago
|
||
|
|
||
Comment 9•7 years ago
|
||
|
|
Assignee | |
Comment 11•7 years ago
|
||
It was a speculative fix since I couldn't reproduce it. If it really did help I would say yes since it should be pretty harmless otherwise.
|
|
||
Comment 12•7 years ago
|
||
Since it's not certain that it helped I'll mark this wontfix for 66. If you feel strongly about wanting on 66 we can still uplift.
|
||
Comment 13•7 years ago
|
||
Hello, I tried to reproduce this issue but I was unable to.
As I understood from the all information from this bug, I tried to reproduce it following this steps:
- I tried to close Fennec and let it for more hours like that.
- I tried to minimize Fennec and let it like that for few hours.
Normally Fennec would crash while it is on background or closed, something was rendering in background.
Please note that the crash volume was already low but according to crashstats the only affected version is 64.0.3.
Thanks,
Andrei
|
||
Updated•7 years ago
|
|
Reporter | |
Comment 14•6 years ago
|
||
Andrei this crash affects Focus not Fennec.
|
|
||
Comment 15•6 years ago
|
||
Hello Julien,
I wasn't able to reproduce the issue on the latest Focus version from taskcluster and the one from Playstore with the instructions from Comment 13.
During my tests I will keep an eye for this issue and I will try always to have focus installed and let it in the background, I will come back with information once I will find something out.
Also, please note that now It's a week since I'm using only Focus as a browser on my phone and It didn't crashed once.
|
|
||
Updated•5 years ago
|
Description
•