Open Bug 1749277 Opened 2 years ago Updated 10 months ago

Crash in [@ weasel.dll | RtlFreeHeap | CInputContext::RequestEditSession] cause by the Rime Input Method Engine

Categories

(External Software Affecting Firefox :: Other, defect)

Unspecified
Windows 11
defect

Tracking

(Not tracked)

People

(Reporter: gsvelto, Unassigned)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/d4a0b895-3e1b-4f8d-afc1-117490220108

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0 weasel.dll weasel.dll@0x0000000000003e99 
1 ntdll.dll RtlFreeHeap 
2 None @0x00000028e4dfe1af 
3 textinputframework.dll CInputContext::RequestEditSession 
4 weasel.dll weasel.dll@0x0000000000004089 
5 weasel.dll weasel.dll@0x00000000000030ea 
6 weasel.dll weasel.dll@0x00000000000046e3 
7 xul.dll _tailMerge_d3dcompiler_47.dll 
8 xul.dll _tailMerge_d3dcompiler_47.dll 
9 weasel.dll weasel.dll@0x00000000000877af 

The software in question is available here.

Comments mention it explicitly as the cause of the crash:

The crash occured when using Asian IME on the search box of extension page.

when move to plugin page, it crashed and exited

Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.

For more information, please visit auto_nag documentation.

Severity: S2 → S3

I found more instances of this.

Crash Signature: [@ weasel.dll | RtlFreeHeap | CInputContext::RequestEditSession] [@ weasel.dll | CallWindowProcCrashProtected] → [@ weasel.dll | RtlFreeHeap | CInputContext::RequestEditSession] [@ weasel.dll | CallWindowProcCrashProtected] [@ weasel.dll | CThreadInputMgr::_ProcessHotKey] [@ weasel.dll | CThreadInputMgr::QueryInterface]

Masayuki do you think something could be done to improve the situation here?

Flags: needinfo?(masayuki)

It seems that it's a crash in this TIP.
https://github.com/rime/weasel/tree/master/WeaselTSF

According to these crash reports:

The crash occurs during a call of ITfKeystrokeMgr::TestKeyDown() or ITfKeystrokeMgr::TestKeyUp(). While calling them, we guarantee the lifetime of ITfKeystrokeMgr with a local RefPtr which is the only ref-countable object which we need to guarantee the lifetime.

Therefore, I think that we can do nothing from the our side.

Flags: needinfo?(masayuki)

This crash mentions this happened after an update to RIME, maybe we can reach out and see if they can fix the issue on their side since it might be a regression.

You need to log in before you can comment on or make changes to this bug.