Crash in [@ wl_proxy_destroy | moz_container_wayland_frame_callback_handler] when dragging and dropping tabs
Categories
(Core :: Graphics, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr91 | --- | unaffected |
firefox-esr102 | --- | unaffected |
firefox102 | --- | unaffected |
firefox103 | --- | unaffected |
firefox104 | + | fixed |
People
(Reporter: marco, Assigned: jimb)
References
(Regression)
Details
(Keywords: crash, regression)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/57b66c19-9b18-445a-bb23-616cf0220713
Reason: SIGSEGV / SEGV_MAPERR
Top 10 frames of crashing thread:
0 libwayland-client.so.0 wl_proxy_destroy src/wayland-client.c:544
1 libxul.so moz_container_wayland_frame_callback_handler widget/gtk/MozContainerWayland.cpp:247
2 libxul.so RunnableFunction<void ipc/chromium/src/base/task.h:324
3 libxul.so mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:851
4 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1205
5 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:85
6 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:355
7 libxul.so nsBaseAppShell::Run widget/nsBaseAppShell.cpp:150
8 libxul.so nsAppStartup::Run toolkit/components/startup/nsAppStartup.cpp:295
9 libxul.so XREMain::XRE_mainRun toolkit/xre/nsAppRunner.cpp:5719
Reporter | ||
Updated•2 years ago
|
Reporter | ||
Updated•2 years ago
|
Comment 1•2 years ago
|
||
Set release status flags based on info from the regressing bug 1778767
Comment 2•2 years ago
|
||
:jimb, since you are the author of the regressor, bug 1778767, could you take a look?
For more information, please visit auto_nag documentation.
Updated•2 years ago
|
Comment 4•2 years ago
|
||
Regressor has been backed out from central and requested new desktop nightlies: https://hg.mozilla.org/mozilla-central/rev/04b02c492dab34ec35205f2338b27dc9469969fc
Assignee | ||
Comment 5•2 years ago
|
||
I can reproduce this.
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 6•2 years ago
|
||
The problem is entirely obvious. I carelessly left some experimental code in the final patch for bug 1778767 which does not use the new MozClearPointer
helper function, and does not check for a null pointer before passing it to wl_callback_destroy
.
Assignee | ||
Comment 7•2 years ago
|
||
I have a revised patch for this up in bug 1778767.
Updated•2 years ago
|
Description
•