Closed Bug 1703717 Opened 4 years ago Closed 4 years ago

Crash on address 0x88 in mozilla::AnimationEventInfo::AnimationEventInfo

Categories

(Core :: Gecko Profiler, defect, P2)

defect

Tracking

()

RESOLVED FIXED
89 Branch
Tracking Status
firefox-esr78 --- unaffected
firefox87 --- unaffected
firefox88 --- unaffected
firefox89 --- fixed

People

(Reporter: sfink, Assigned: mozbugz)

References

(Regression)

Details

(Keywords: regression)

Attachments

(1 file)

(copied from bug 1701524 comment 4)

I think I might be getting a crash from bug 1701524 on try [1] when I push with --gecko-profile. My guess is that aAnimation->GetOwner() is returning nullptr when generating a profile marker [2]?

[1] https://treeherder.mozilla.org/logviewer?job_id=335748921&repo=try&lineNumber=2311

[2] https://searchfox.org/mozilla-central/source/dom/animation/AnimationEventDispatcher.h#65

Regressed by: 1701524
Has Regression Range: --- → yes

Thank you for the report. I'll prepare a fix.

Assignee: nobody → gsquelart
Severity: -- → S3
Priority: -- → P2
Pushed by gsquelart@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/83a21ab93aff Check for null aAnimation->GetOwner() before dereferencing - r=emilio

Sorry, and thanks for reporting and fixing it!

How can we be in a situation where we have an animation tick but the animation doesn't have an owner window? Is it just unlucky timing with a window that has already been closed, or could this be pointing to a more serious bug? We have seen multiple times profiles where composition happens at 60Hz as if there was an animation, but there's no animation (ie. bug 1690673), and the only way to get out of this state is to close the browser window. Unfortunately, no known steps to reproduce.

Flags: needinfo?(emilio)
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → 89 Branch

Looking a bit at the code, it seems it may happen if the page is detached from the docshell or the page is navigated away. Seems this should be trivially hittable if you window.close() during a refresh driver tick or somesuch.

bug 1690673 is about the compositor and not main-thread ticks, if I'm reading bug 1690673 comment 2 correctly.

Flags: needinfo?(emilio)

Set release status flags based on info from the regressing bug 1701524

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: