Closed Bug 1579492 Opened 3 years ago Closed 3 years ago

Crash in [@ (anonymous namespace)::DarwinGamepadService::ReportChangedCallback]


(Core :: DOM: Device Interfaces, defect)

Not set



Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- unaffected
firefox69 --- unaffected
firefox70 --- fixed
firefox71 --- fixed
firefox72 --- fixed
firefox73 --- fixed


(Reporter: marcia, Assigned: daoshengmu)


(Regression, )


(Keywords: crash, regression)

Crash Data


(2 files)

This bug is for crash report bp-5b0b7d03-9e77-4272-a82b-0f4900190906.

Seen while looking at nightly crash stats: Crashes started in 70 beta. Code was touched in Bug 1523353 in the 70 timeframe. One URL that is crashing is

ni on dmu

Top 10 frames of crashing thread:

0 XUL  dom/gamepad/cocoa/CocoaGamepad.cpp:343
1 IOKit __IOHIDDeviceInputReportApplier 
2 CoreFoundation __CFBasicHashIncSlotCount 
3 CoreFoundation -[CFPrefsSource alreadylocked_copyDictionary] 
4 CoreFoundation __CFBasicHashIncSlotCount 
5 IOKit __IOHIDDeviceInputReportWithTimeStampCallback 
6 IOHIDLib IOHIDLib@0x5135 
7 CoreFoundation __CFRunLoopDoSource1 
8 CoreFoundation __CFRunLoopDoSource1 
9 CoreFoundation __CFRunLoopDoSource1 

Flags: needinfo?(dmu)

Sending a patch r?

Flags: needinfo?(dmu)
Pushed by
Check if nullptr in DarwinGamepadService::ReportChangedCallback(). r=baku
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
Assignee: nobody → dmu

Please nominate this for Beta approval when you get a chance.

Flags: needinfo?(dmu)
Regressed by: 1523353

Comment on attachment 9091273 [details]
Bug 1579492 - Check if nullptr in DarwinGamepadService::ReportChangedCallback().

Beta/Release Uplift Approval Request

  • User impact if declined: The crash will continue to happen when using Gamepad on Mac OS.
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): It just adds a nullptr check to avoid access 0x0 address.
  • String changes made/needed:
Flags: needinfo?(dmu)
Attachment #9091273 - Flags: approval-mozilla-beta?

Comment on attachment 9091273 [details]
Bug 1579492 - Check if nullptr in DarwinGamepadService::ReportChangedCallback().

Fix for a new Mac crash in 70, let's uplift for beta 7.

Attachment #9091273 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
QA Whiteboard: [qa-triaged]

Clearing the QE+ flag since with our devices, we are unable to reproduce the crash.

Flags: qe-verify+

I think the original fix is unharmful and makes it more safe.

I do not have clear STR to reproduce it so far. Currently, I only can suspect it is because we didn't unregister IOHIDDeviceRegisterInputReportCallback [1] while DeviceRemoved().


Flags: needinfo?(dmu) points to this signature (from Firefox Dev Edition 72).

The problem surfaced live on-stage, crashing the browser, Wei referred to it as "when I try to use my Joycon controllers from separate tabs, it pretty consistently crashes Firefox". She was using the Joycon controllers (connecting over Bluetooth) to control a slide deck in one tab, and wanted to showcase further opportunities for querying the gamepads with a second tab.

Resolution: FIXED → ---
Pushed by
Unregister input report callback when removing Cocoa gamepads. r=baku
Closed: 3 years ago3 years ago
Resolution: --- → FIXED
Target Milestone: mozilla71 → mozilla73

Change the status for beta to have the same as nightly and release.
For more information, please visit auto_nag documentation.

Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.