Closed
Bug 1658462
Opened 4 years ago
Closed 4 years ago
Crash in mozilla::widget::AndroidAlerts::ShowPersistentNotification
Categories
(GeckoView :: Extensions, defect, P1)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1649494
People
(Reporter: agi, Unassigned, Mentored)
References
(Regression)
Details
(Keywords: good-first-bug, regression, Whiteboard: [geckoview:m82])
Attachments
(1 file)
2.53 KB,
application/zip
|
Details |
While testing a personal project I noticed that creating a notification crashes the browser (works both in Fenix and GVE). Attacched a POC.
Looks like we're missing a null check.
mozilla::widget::AndroidAlerts::ShowPersistentNotification(nsTSubstring<char16_t> const&, nsIAlertNotification*, nsIObserver*) AndroidAlerts.cpp:86
(anonymous namespace)::ShowWithBackend(nsIAlertsService*, nsIAlertNotification*, nsIObserver*, nsTSubstring<char16_t> const&) nsAlertsService.cpp:131
nsAlertsService::ShowPersistentNotification(nsTSubstring<char16_t> const&, nsIAlertNotification*, nsIObserver*) nsAlertsService.cpp:222
nsAlertsService::ShowAlertNotification(nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, bool, nsTSubstring<char16_t> const&, nsIObserver*, nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, nsIPrincipal*, bool, bool) nsAlertsService.cpp:193
NS_InvokeByIndex xptcinvoke_asm_x86_64_unix.S:101
CallMethodHelper::Invoke() XPCWrappedNative.cpp:1619
CallMethodHelper::Call() XPCWrappedNative.cpp:1175
XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) XPCWrappedNative.cpp:1141
XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) XPCWrappedNativeJSOps.cpp:946
CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&) Interpreter.cpp:507
js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) Interpreter.cpp:599
js::CallFromStack(JSContext*, JS::CallArgs const&) Interpreter.cpp:668
Interpret(JSContext*, js::RunState&) Interpreter.cpp:3336
js::RunScript(JSContext*, js::RunState&) Interpreter.cpp:468
js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) Interpreter.cpp:636
js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) Interpreter.cpp:681
js::SpreadCallOperation(JSContext*, JS::Handle<JSScript*>, unsigned char*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::MutableHandle<JS::Value>) Interpreter.cpp:5375
Interpret(JSContext*, js::RunState&) Interpreter.cpp:3268
js::RunScript(JSContext*, js::RunState&) Interpreter.cpp:468
js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) Interpreter.cpp:636
js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) Interpreter.cpp:681
js::CallSelfHostedFunction(JSContext*, JS::Handle<js::PropertyName*>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) SelfHosting.cpp:1683
js::jit::InterpretResume(JSContext*, JS::Handle<JSObject*>, JS::Value*, JS::MutableHandle<JS::Value>) VMFunctions.cpp:1001
<unknown> 0x000019e7e36dfb70
<unknown> 0x000019e7e36dc49f
EnterJit(JSContext*, js::RunState&, unsigned char*) Jit.cpp:106
js::jit::MaybeEnterJit(JSContext*, js::RunState&) Jit.cpp:197
js::RunScript(JSContext*, js::RunState&) Interpreter.cpp:453
js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) Interpreter.cpp:636
js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) Interpreter.cpp:681
js::CallSelfHostedFunction(JSContext*, JS::Handle<js::PropertyName*>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) SelfHosting.cpp:1683
AsyncFunctionResume(JSContext*, JS::Handle<js::AsyncFunctionGeneratorObject*>, ResumeKind, JS::Handle<JS::Value>) AsyncFunction.cpp:128
AsyncFunctionPromiseReactionJob(JSContext*, JS::Handle<PromiseReactionRecord*>) Promise.cpp:1696
PromiseReactionJob(JSContext*, unsigned int, JS::Value*) Promise.cpp:1852
CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&) Interpreter.cpp:507
js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) Interpreter.cpp:599
js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) Interpreter.cpp:681
JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) jsapi.cpp:2831
mozilla::dom::PromiseJobCallback::Call(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::ErrorResult&) PromiseBinding.cpp:28
mozilla::dom::PromiseJobCallback::Call(mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JS::Realm*) PromiseBinding.h:91
mozilla::dom::PromiseJobCallback::Call(char const*) PromiseBinding.h:104
mozilla::PromiseJobRunnable::Run(mozilla::AutoSlowOperation&) CycleCollectedJSContext.cpp:211
mozilla::CycleCollectedJSContext::PerformMicroTaskCheckPoint(bool) CycleCollectedJSContext.cpp:646
mozilla::CycleCollectedJSContext::AfterProcessTask(unsigned int) CycleCollectedJSContext.cpp:461
XPCJSContext::AfterProcessTask(unsigned int) XPCJSContext.cpp:1361
nsThread::ProcessNextEvent(bool, bool*) nsThread.cpp:1271
NS_ProcessNextEvent(nsIThread*, bool) nsThreadUtils.cpp:513
mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) MessagePump.cpp:109
MessageLoop::RunInternal() message_loop.cc:334
MessageLoop::RunHandler() message_loop.cc:327
MessageLoop::Run() message_loop.cc:309
nsBaseAppShell::Run() nsBaseAppShell.cpp:137
nsAppStartup::Run() nsAppStartup.cpp:270
XREMain::XRE_mainRun() nsAppRunner.cpp:4767
XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) nsAppRunner.cpp:4957
XRE_main(int, char**, mozilla::BootstrapConfig const&) nsAppRunner.cpp:5011
GeckoStart nsAndroidStartup.cpp:38
mozilla::BootstrapImpl::GeckoStart(_JNIEnv*, char**, int, mozilla::StaticXREAppData const&) Bootstrap.cpp:77
::Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun(JNIEnv *, jclass, jobjectArray, int, int, int, int, int) APKOpen.cpp:375
nativeRun 0x00007b82d6c447c3
art_quick_invoke_static_stub 0x00007b82eec43597
art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*) 0x00007b82eec5146d
art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*) 0x00007b82eee1cb80
bool art::interpreter::DoCall<true, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x00007b82eee16402
MterpInvokeStaticRange 0x00007b82ef125bdb
ExecuteMterpImpl 0x00007b82eec34d9a
art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x00007b82eeded05a
artQuickToInterpreterBridge 0x00007b82ef116461
art_quick_to_interpreter_bridge 0x00007b82eec4dcdd
art_quick_invoke_stub 0x00007b82eec43235
art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*) 0x00007b82eec51448
art::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::ArgArray*, art::JValue*, char const*) 0x00007b82eefe20e8
art::InvokeVirtualOrInterfaceWithJValues(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, jvalue*) 0x00007b82eefe36ea
art::Thread::CreateCallback(void*) 0x00007b82ef004eee
__pthread_start(void*) 0x00007b82f2d64772
__start_thread 0x00007b82f2d049ec
__bionic_clone 0x00007b82f2cf7a66
Reporter | ||
Comment 1•4 years ago
|
||
Weirdly enough when reproducing this on Fenix I cannot get a crash report to work. I'll investigate more tomorrow and open a bug against Fenix about this.
Updated•4 years ago
|
Has Regression Range: --- → yes
Keywords: regression
Updated•4 years ago
|
Severity: -- → S3
Priority: -- → P2
Whiteboard: [geckoview:m82]
Updated•4 years ago
|
Reporter | ||
Updated•4 years ago
|
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•