Closed Bug 1784387 Opened 2 months ago Closed 2 months ago

Crash in [@ nsDocShell::Reload] in ContentChild::RecvReload

Categories

(Core :: DOM: Navigation, defect)

defect

Tracking

()

RESOLVED FIXED
105 Branch
Tracking Status
firefox-esr91 --- unaffected
firefox-esr102 --- fixed
firefox103 --- wontfix
firefox104 --- wontfix
firefox105 --- fixed

People

(Reporter: mccr8, Assigned: smaug)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Crash report: https://crash-stats.mozilla.org/report/index/a49aefa2-e293-4f03-aa77-804da0220811

Reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS

Top 10 frames of crashing thread:

0 XUL nsDocShell::Reload docshell/base/nsDocShell.cpp:4106
1 XUL mozilla::dom::ContentChild::RecvReload dom/ipc/ContentChild.cpp:4536
2 XUL mozilla::dom::PContentChild::OnMessageReceived ipc/ipdl/PContentChild.cpp:13342
3 XUL mozilla::ipc::MessageChannel::RunMessage ipc/glue/MessageChannel.cpp:1474
4 XUL mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:851
5 XUL mozilla::TaskController::ProcessPendingMTTask xpcom/threads/TaskController.cpp:461
6 XUL nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1205
7 XUL NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:465
8 XUL mozilla::jsinspector::nsJSInspector::EnterNestedEventLoop devtools/platform/nsJSInspector.cpp:70
9 XUL _NS_InvokeByIndex 

Low volume, but there are a few of these. Null derefs.

nsCOMPtr<nsIContentViewer> cv(mContentViewer);
...
MOZ_TRY(cv->PermitUnload(&okToUnload));

I guess cv is null here.

No test, since the patch is based on the crash reports. Creating a test which relies on some race conditions through IPC is hard.

Assignee: nobody → smaug
Status: NEW → ASSIGNED
Pushed by opettay@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/273e5f345a7f
Crash in [@ nsDocShell::Reload] in ContentChild::RecvReload, r=mccr8
Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 105 Branch

Please nominate this for ESR102 approval when you get a chance.

Flags: needinfo?(smaug)

Comment on attachment 9289856 [details]
Bug 1784387 - Crash in [@ nsDocShell::Reload] in ContentChild::RecvReload, r=mccr8

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Simple null check to fix crashes
  • User impact if declined: Crashes
  • Fix Landed on Version: 105
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Null check
Flags: needinfo?(smaug)
Attachment #9289856 - Flags: approval-mozilla-esr102?

Comment on attachment 9289856 [details]
Bug 1784387 - Crash in [@ nsDocShell::Reload] in ContentChild::RecvReload, r=mccr8

Approved for 102.3esr.

Attachment #9289856 - Flags: approval-mozilla-esr102? → approval-mozilla-esr102+
You need to log in before you can comment on or make changes to this bug.