Open Bug 1772900 Opened 3 years ago Updated 2 years ago

Firefox crashes when opening "Settings" in the addon I've developed

Categories

(Core :: Internationalization, defect, P5)

Product:
Core
Component:
Internationalization
Platform:
Unspecified
All
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox-esr102 --- affected
firefox107 --- affected
firefox108 --- affected
firefox109 --- affected

People

(Reporter: kbrosnan, Unassigned)

Details

Crash Data

From github: https://github.com/mozilla-mobile/fenix/issues/25546.

Steps to reproduce

  1. using Firefox Nightly, install Auto Highlight: https://addons.mozilla.org/addon/auto_highlight/
  2. open any web-page
  3. click the main menu / Add-ons / Auto Highlight
  4. click "Settings" in the left part of the page

Firefox will crash with this crash report:
https://crash-stats.mozilla.org/report/index/31dcc3c8-e7ef-4603-8233-e91b10220605#tab-details

Thanks!

Expected behaviour

Should not crash :)

Actual behaviour

Crash.

Device name

motorola moto g200 5G

Android version

Android 12

Firefox release type

Firefox Nightly

Firefox version

103.0a1

Device logs

https://crash-stats.mozilla.org/report/index/31dcc3c8-e7ef-4603-8233-e91b10220605#tab-details

Additional information

No response

┆Issue is synchronized with this Jira Task

Change performed by the Move to Bugzilla add-on.

Crash Signature: [@ mapped_hyph::Hyphenator::level]
Component: General → Internationalization
Product: GeckoView → Core
Version: unspecified → Trunk

I'm seeing a lot of layout- and line-breaking-related code in the trace.
It may make sense to move this to the Layout component. NI'ing jkew.

third_party/rust/mapped_hyph/src/lib.rs:451
third_party/rust/mapped_hyph/src/lib.rs:480
third_party/rust/mapped_hyph/src/ffi.rs:150
intl/hyphenation/glue/nsHyphenator.cpp:378
dom/base/nsLineBreaker.cpp:325
dom/base/nsLineBreaker.cpp:272
dom/base/nsLineBreaker.cpp:345
layout/generic/nsTextFrame.cpp:2890
layout/generic/nsTextFrame.cpp:1750
layout/generic/nsTextFrame.cpp:3096
layout/generic/nsTextFrame.cpp:9016
layout/generic/nsBlockFrame.cpp:940
layout/base/nsLayoutUtils.cpp:4939
layout/base/nsLayoutUtils.cpp:5136
layout/generic/nsBlockFrame.cpp:921
layout/base/nsLayoutUtils.cpp:4939
layout/base/nsLayoutUtils.cpp:5136
layout/generic/nsBlockFrame.cpp:921
layout/base/nsLayoutUtils.cpp:4939
layout/base/nsLayoutUtils.cpp:5136
layout/generic/nsFlexContainerFrame.cpp:5772
layout/generic/nsFlexContainerFrame.cpp:5818
layout/base/nsLayoutUtils.cpp:4939
layout/base/nsLayoutUtils.cpp:5136
layout/generic/nsFlexContainerFrame.cpp:5772
layout/generic/nsFlexContainerFrame.cpp:5818
layout/base/nsLayoutUtils.cpp:493
Flags: needinfo?(jkew)

Hmm, interesting.... this could be either a bug in the mapped_hyph code itself, or (perhaps more likely) a bug in the gecko layout code that leads us to pass something bad to the hyphenator. (Or possibly this is actually a symptom of an out-of-memory situation? I looked at a few of the Linux crash reports with this same signature, and they all seemed to be on pretty resource-constrained devices.)

Flags: needinfo?(jkew)

Hello, I'm the original reporter from github.
My Moto g200 has 8GB RAM and the crash happens after ~1.5 second after clicking the menu, so for sure not out of memory in that time.
It crashes every time, also on my tablet.

My addon is using Vuetify framework which is full of animations and rich CSS features, I'm not sure why the settings page fails though when all other pages works fine...

Does the settings page (or indeed any part of the addon) use CSS hyphenation (hyphens: auto) anywhere?

Flags: needinfo?(juraj.masiar)

From what I can see in the dev tools in my desktop, one of the loaded CSS files (315.css) uses it:

.v-messages__message {
 word-wrap:break-word;
 hyphens:auto;
 line-height:12px;
 overflow-wrap:break-word;
 word-break:break-word
}

What the hell is a hyphens, lol! Looks like I'm gonna learn new CSS property any moment now! :)

Flags: needinfo?(juraj.masiar)

I guess that if you remove this, it will avoid the crash, though we really should try to figure out why it's happening and fix it properly in Firefox. Unfortunately, when I tried using your add-on on desktop, it didn't crash for me (and I don't have a suitable phone to try and reproduce there).

I can't remove it, it's the Vuetify code, I could maybe override it.
But yeah, fixing it would be nice.
And yes, it doesn't crash on desktop, only on Android.
It will crash also in the emulator in the Android Studio, I've just tested.

Fixed!
Thank you for the right pointer, adding this to my main CSS fixed the problem :)

* {
    hyphens: none !important;
}

OK, glad you have a workaround for your addon, but we still need to fix the underlying bug. I'll try to find time to set up an emulator and look into it.

The severity field is not set for this bug.
:m_kato, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(m_kato)

My guess is that nsHyphenationManager mishandles the loading of the patterns when we attempt to do hyphenation in the parent process on Android, where the packaging is different than it is on desktop; probably that code path isn't properly tested anywhere.

Marking S3 as it's such a rare situation (people don't usually request hyphenation in parent-process content), but we need to fix it.

Severity: -- → S3
Flags: needinfo?(m_kato)
status-firefox107: --- → affected
status-firefox108: --- → affected
status-firefox109: --- → affected
status-firefox-esr102: --- → affected
OS: Android → All
Priority: -- → P5
Summary: [Bug]: Firefox crashes when opening "Settings" in the addon I've developed → Firefox crashes when opening "Settings" in the addon I've developed

This crash also occurs on all recent versions of desktop Firefox. We get a stack trace beginning with:

Thread 0 Crashed:: MainThread Dispatch queue: com.apple.main-thread
0 XUL 0x1213d517a 0x11bdfd000 + 90014074
1 XUL 0x1213d52e1 mapped_hyph::Hyphenator::find_hyphen_values::h3d66df0b7e19f36a + 97
2 XUL 0x1213d1c15 mapped_hyph_find_hyphen_values_raw + 117

Minimal test case:

chrome://browser/content/test.xhtml:

<?xml version="1.0"?>

<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
	<browser remote="false" />
	<script>
		var { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
		document.querySelector('browser').loadURI('testContent.html', {
			triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal()
		});
	</script>
</window>

testContent.html:

<!DOCTYPE html>
<html lang="de-DE">

<div style="hyphens: auto">
	Am 15. Juli 2017 wäre Walter Benjamin (1892-1940) 125 Jahre alt
	geworden. Ottmar Fuchs erschließt einige Grundzüge seines Denkens.
</div>

Run:

window.openDialog('chrome://browser/content/test.xhtml', 'test', 'chrome');

And you'll get an immediate segfault. (This issue might do with a rename because it doesn't really have anything to do with settings, or addons, but with the hyphenation glue code.)

This is not reproducible in source builds with unzipped omni.ja, for what it's worth - it only happens when the hyphenation/*.hyf files are zipped.

You need to log in before you can comment on or make changes to this bug.