Closed
Bug 1735484
Opened 2 years ago
Closed 1 year ago
Crash in [@ nsRefreshDriver::RemoveImageRequest]
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
FIXED
95 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr78 | --- | unaffected |
| firefox-esr91 | --- | unaffected |
| firefox93 | --- | wontfix |
| firefox94 | --- | wontfix |
| firefox95 | --- | fixed |
People
(Reporter: gsvelto, Assigned: florian)
References
(Regression)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
Crash report: https://crash-stats.mozilla.org/report/index/cdbdae7c-3abe-4b43-8971-0b7ae0211013
Reason: EXCEPTION_ACCESS_VIOLATION_READ
Top 10 frames of crashing thread:
0 xul.dll nsRefreshDriver::RemoveImageRequest layout/base/nsRefreshDriver.cpp:1397
1 xul.dll static nsLayoutUtils::DeregisterImageRequest layout/base/nsLayoutUtils.cpp:7774
2 xul.dll nsImageLoadingContent::FrameDestroyed dom/base/nsImageLoadingContent.cpp:855
3 xul.dll nsImageFrame::DestroyFrom layout/generic/nsImageFrame.cpp:385
4 xul.dll nsBlockFrame::DestroyFrom layout/generic/nsBlockFrame.cpp:469
5 xul.dll nsBlockFrame::DestroyFrom layout/generic/nsBlockFrame.cpp:469
6 xul.dll nsBlockFrame::DestroyFrom layout/generic/nsBlockFrame.cpp:469
7 xul.dll nsContainerFrame::DestroyFrom layout/generic/nsContainerFrame.cpp:227
8 xul.dll nsBlockFrame::DestroyFrom layout/generic/nsBlockFrame.cpp:469
9 xul.dll mozilla::DetailsFrame::DestroyFrom layout/generic/DetailsFrame.cpp:81
Found this during nightly crash triage. Low volume but increasing over time. This is a NULL pointer access to something when setting the profiler marker. Given there's multiple accesses in the expression it's hard to tell which one is NULL. NI?ing myself to crack open a minidump and figure out what's going on.
Flags: needinfo?(gsvelto)
|
||
Comment 1•1 year ago
|
||
Seems like Florian added these markers in bug 1723181. aPresContext likely needs a null-check here.
Flags: needinfo?(florian)
Regressed by: 1723181
|
||
Updated•1 year ago
|
Has Regression Range: --- → yes
|
Reporter | |
Comment 2•1 year ago
|
||
Cracked open a minidump and indeed this->mPresContext is null.
Flags: needinfo?(gsvelto)
|
||
Updated•1 year ago
|
Keywords: regression
|
|
||
Comment 3•1 year ago
|
||
Set release status flags based on info from the regressing bug 1723181
status-firefox93:
--- → affected
status-firefox94:
--- → affected
status-firefox95:
--- → affected
status-firefox-esr78:
--- → unaffected
status-firefox-esr91:
--- → unaffected
|
Assignee | |
Comment 4•1 year ago
|
||
|
||
Updated•1 year ago
|
Assignee: nobody → florian
Status: NEW → ASSIGNED
|
|
Assignee | |
Updated•1 year ago
|
Flags: needinfo?(florian)
|
||
Updated•1 year ago
|
Pushed by fqueze@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e463a4894dbb avoid crashing in nsRefreshDriver::RemoveImageRequest when mPresContext is null, r=emilio.
|
||
Comment 6•1 year ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → 95 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•