Crash in [@ mozilla::layers::WebRenderScrollData::GetLayerCount]

RESOLVED FIXED in Firefox 68

Status

()

defect
--
critical
RESOLVED FIXED
a month ago
a month ago

People

(Reporter: calixte, Assigned: kats)

Tracking

(Blocks 2 bugs, {crash, regression})

Trunk
mozilla68
Unspecified
Windows 10
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox-esr60 unaffected, firefox66 unaffected, firefox67 unaffected, firefox68 fixed)

Details

(crash signature)

Attachments

(2 attachments)

(Reporter)

Description

a month ago

This bug is for crash report bp-b5982a0b-ad84-40da-b87c-4a0000190323.

Top 10 frames of crashing thread:

0 xul.dll mozilla::layers::WebRenderScrollData::GetLayerCount 
1 xul.dll class mozilla::layers::WebRenderScrollDataWrapper mozilla::layers::WebRenderScrollDataWrapper::GetLastChild gfx/layers/wr/WebRenderScrollDataWrapper.h:177
2 xul.dll static void mozilla::layers::ForEachNode<mozilla::layers::ReverseIterator, mozilla::layers::WebRenderScrollDataWrapper, `lambda at z:/task_1553335548/build/src/gfx/layers/apz/src/APZCTreeManager.cpp:413:9', `lambda at z:/task_1553335548/build/src/gfx/layers/apz/src/APZCTreeManager.cpp:487:9'> gfx/layers/TreeTraversal.h:140
3 xul.dll static void mozilla::layers::ForEachNode<mozilla::layers::ReverseIterator, mozilla::layers::WebRenderScrollDataWrapper, `lambda at z:/task_1553335548/build/src/gfx/layers/apz/src/APZCTreeManager.cpp:413:9', `lambda at z:/task_1553335548/build/src/gfx/layers/apz/src/APZCTreeManager.cpp:487:9'> gfx/layers/TreeTraversal.h:142
4 xul.dll static void mozilla::layers::APZCTreeManager::UpdateHitTestingTreeImpl<mozilla::layers::WebRenderScrollDataWrapper> gfx/layers/apz/src/APZCTreeManager.cpp:411
5 xul.dll static void mozilla::layers::APZUpdater::UpdateScrollDataAndTreeState::<unnamed-tag>::operator gfx/layers/apz/src/APZUpdater.cpp:209
6 xul.dll nsresult mozilla::detail::RunnableFunction<`lambda at z:/task_1553335548/build/src/gfx/layers/apz/src/APZUpdater.cpp:203:11'>::Run xpcom/threads/nsThreadUtils.h:562
7 xul.dll void mozilla::layers::APZUpdater::ProcessQueue gfx/layers/apz/src/APZUpdater.cpp:524
8 xul.dll static void mozilla::layers::APZUpdater::CompleteSceneSwap gfx/layers/apz/src/APZUpdater.cpp:121
9 xul.dll apz_post_scene_swap gfx/layers/apz/src/APZUpdater.cpp:571

There are 4 crashes (from 2 installations) in nightly 68 with buildid 20190323094805. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1441308.

[1] https://hg.mozilla.org/mozilla-central/rev?node=96da9d241051

Flags: needinfo?(dothayer)

We're missing a null check. I can fix. This should only be getting hit if the user has turned on document splitting, which is off by default.

Assignee: nobody → kats
Flags: needinfo?(dothayer)

This has no functional effect but makes it consistent with other similar
sites.

Depends on D24650

Comment 4

a month ago
Pushed by kgupta@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/44f442f26b6d
Guard against null pointer dereference. r=dthayer
https://hg.mozilla.org/integration/autoland/rev/f33d20b3893f
Minor tweak for consistency. r=dthayer

Comment 5

a month ago
bugherder
Status: NEW → RESOLVED
Last Resolved: a month ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
You need to log in before you can comment on or make changes to this bug.