Crash in [@ mozilla::layers::UiCompositorControllerParent::Initialize]
Categories
(Core :: Graphics: Layers, defect)
Tracking
()
People
(Reporter: ryanvm, Assigned: jnicol)
References
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
47 bytes,
text/x-phabricator-request
|
jcristau
:
approval-mozilla-release+
|
Details | Review |
This bug is for crash report bp-d0db9e68-5de3-4d62-a2e8-ea0b20200617.
This Focus crash has been around for awhile. Currently #7 overall.
Top 10 frames of crashing thread:
0 libxul.so mozilla::layers::UiCompositorControllerParent::Initialize gfx/layers/ipc/UiCompositorControllerParent.cpp:277
1 libxul.so mozilla::layers::UiCompositorControllerParent::InitializeForSameProcess gfx/layers/ipc/UiCompositorControllerParent.cpp:262
2 libxul.so mozilla::detail::RunnableFunction<mozilla::layers::UiCompositorControllerParent::InitializeForSameProcess xpcom/threads/nsThreadUtils.h:557
3 libxul.so MessageLoop::RunTask ipc/chromium/src/base/message_loop.cc:442
4 libxul.so MessageLoop::DeferOrRunPendingTask ipc/chromium/src/base/message_loop.cc:450
5 libxul.so MessageLoop::DoWork ipc/chromium/src/base/message_loop.cc:523
6 libxul.so base::MessagePumpDefault::Run ipc/chromium/src/base/message_pump_default.cc:35
7 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:290
8 libxul.so base::Thread::ThreadMain ipc/chromium/src/base/thread.cc:192
9 libxul.so ThreadFunc ipc/chromium/src/base/platform_thread_posix.cc:40
|
Reporter | |
Updated•5 years ago
|
|
Assignee | |
Comment 1•5 years ago
|
||
Crash address of 0x18, so I'm assuming the problem is that state is null.
Seems similar to bug 1515689.
Kats, snorp, any ideas?
|
||
Comment 2•5 years ago
|
||
We can probably just augment the existing !state->mParent early exit to bail if !state as well. I didn't look into all the flows to understand why it might happen but I suspect even if we did track it down it would be hard to fix any other way, so I don't want to bother with the fuller investigation.
|
|
Assignee | |
Comment 3•5 years ago
|
||
That seems reasonable to me. We do the same for all the other calls to CompositorBridgeParent::GetIndirectShadowTree in this file too. I'll write a patch.
|
|
Assignee | |
Comment 4•5 years ago
|
||
|
||
Updated•5 years ago
|
|
||
Comment 6•5 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 7•5 years ago
|
||
Comment on attachment 9157661 [details]
Bug 1646243 - Guard against null state in UiCompositorControllerParent::Initialize(). r?kats
Beta/Release Uplift Approval Request
- User impact if declined: Crashes in Firefox Focus
- Is this code covered by automated tests?: Unknown
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): On codepath only used by Focus. Avoids a null pointer dereference so we were going to crash anyway, worst case we crash somewhere a few function calls later.
- String changes made/needed:
|
||
Comment 8•5 years ago
|
||
Comment on attachment 9157661 [details]
Bug 1646243 - Guard against null state in UiCompositorControllerParent::Initialize(). r?kats
nullptr crash fix for focus, approved for 78 rc2.
|
|
||
Comment 9•5 years ago
|
||
| bugherder uplift | ||
|
|
||
Comment 10•5 years ago
|
||
| bugherder uplift | ||
Description
•