Closed Bug 1791154 Opened 3 years ago Closed 3 years ago

Crash in [@ mozilla::layers::RemoteContentController::UpdateOverscrollVelocity]

Tracking

()

Status:

RESOLVED FIXED

Milestone:

106 Branch

Tracking Flags:

Tracking

Status

firefox-esr102

---

unaffected

firefox105

---

unaffected

firefox106

---

fixed

People

(Reporter: gsvelto, Assigned: jnicol)

References

(Regression)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1791154 - Check for null root content controller in UpdateOverscrollVelocity/Offset. r?hiro 3 years ago Jamie Nicol [:jnicol] 48 bytes, text/x-phabricator-request		Details \| Review

Gabriele Svelto [:gsvelto]

Reporter

Description

•

3 years ago

Crash report: https://crash-stats.mozilla.org/report/index/6adb6f7b-35ad-4624-8ab9-07e920220915

Reason: SIGSEGV / SEGV_MAPERR

Top 10 frames of crashing thread:

0 libxul.so mozilla::layers::RemoteContentController::UpdateOverscrollVelocity gfx/layers/ipc/RemoteContentController.cpp:269
1 libxul.so mozilla::detail::RunnableMethodImpl<mozilla::layers::RemoteContentController*, void  xpcom/threads/nsThreadUtils.h:1200
2 libxul.so NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:465
3 libxul.so mozilla::ipc::MessagePumpForNonMainThreads::Run ipc/glue/MessagePump.cpp:300
4 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:356
5 libxul.so nsThread::ThreadFunc xpcom/threads/nsThread.cpp:384
6 libnss3.so _pt_root nsprpub/pr/src/pthreads/ptthread.c:201
7 libc.so libc.so@0x00000000000b1810 
8 libc.so libc.so@0x00000000000512f0 
9 libc.so libc.so@0x00000000000b1704

This appears to be a null pointer access, maybe related to bug 1785786?

Hiroyuki Ikezoe (:hiro)

Comment 1

•

3 years ago

Yeah, the code path in question was added in bug 1785786. Though I am not sure about crash reports before bug 1785786, at least for the report in comment 0, it looks we just need a null check.

Jamie Nicol [:jnicol]

Assignee

Comment 2

•

3 years ago

Attached file Bug 1791154 - Check for null root content controller in UpdateOverscrollVelocity/Offset. r?hiro — Details

In bug 1785786 we added a GPU process implementation for
RemoteContentController::UpdateOverscrollVelocity and
RemoteContentController::UpdateOverscrollOffset. These work by looking
up the root content controller and using it to forward the message to
the parent process. However, we neglected to add a null check on the
result of the lookup. This patch adds the null check.

Phabricator Automation

Updated

•

3 years ago

Assignee: nobody → jnicol

Status: NEW → ASSIGNED

Pulsebot

Comment 3

•

3 years ago

Pushed by jnicol@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/473798bd1191 Check for null root content controller in UpdateOverscrollVelocity/Offset. r=hiro

Norisz Fay [:noriszfay]

Comment 4

•

3 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/473798bd1191

Status: ASSIGNED → RESOLVED

Closed: 3 years ago

status-firefox106: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → 106 Branch

Chris Peterson [:cpeterson]

Updated

•

3 years ago

status-firefox105: --- → wontfix

Ryan VanderMeulen [:RyanVM]

Updated

•

3 years ago

status-firefox105: wontfix → unaffected

status-firefox-esr102: --- → unaffected

Regressed by: 1785786

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Crash in [@ mozilla::layers::RemoteContentController::UpdateOverscrollVelocity]

Categories

(Core :: Panning and Zooming, defect)

Tracking

()

People

(Reporter: gsvelto, Assigned: jnicol)

References

(Regression)

Details

(Keywords: crash)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Updated

Comment 3

Comment 4

Updated

Updated

Attachment

General

Description

File Name

Content Type