Crash in [@ IPC::EnumSerializer<T>::Write] in mozilla::dom::PBrowserChild::SendPFilePickerConstructor
Categories
(Core :: Widget: Win32, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr102 | --- | unaffected |
firefox110 | --- | unaffected |
firefox111 | --- | unaffected |
firefox112 | --- | fixed |
People
(Reporter: RyanVM, Assigned: emilio)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(2 files, 1 obsolete file)
This is hitting reliably for me when trying to add an attachment to an email in Gmail.
Crash report: https://crash-stats.mozilla.org/report/index/da34b842-bb04-41dd-bd7a-724650230223
MOZ_CRASH Reason: MOZ_RELEASE_ASSERT(EnumValidator::IsLegalValue( static_cast<std::underlying_type_t<paramType>>(aValue)))
Top 10 frames of crashing thread:
0 xul.dll IPC::EnumSerializer<nsIFilePicker::Mode, IPC::ContiguousEnumValidatorInclusive<nsIFilePicker::Mode, 0, 2> >::Write ipc/glue/EnumSerializer.h:60
0 xul.dll IPC::WriteParam ipc/chromium/src/chrome/common/ipc_message_utils.h:291
0 xul.dll mozilla::dom::PBrowserChild::SendPFilePickerConstructor ipc/ipdl/PBrowserChild.cpp:1782
1 xul.dll nsFilePickerProxy::Init widget/nsFilePickerProxy.cpp:38
2 xul.dll mozilla::dom::HTMLInputElement::InitFilePicker dom/html/HTMLInputElement.cpp:817
3 xul.dll mozilla::dom::HTMLInputElement::MaybeInitPickers dom/html/HTMLInputElement.cpp:3544
3 xul.dll mozilla::dom::HTMLInputElement::PostHandleEvent dom/html/HTMLInputElement.cpp:4104
4 xul.dll mozilla::EventTargetChainItem::PostHandleEvent dom/events/EventDispatcher.cpp:441
4 xul.dll mozilla::EventTargetChainItem::HandleEventTargetChain dom/events/EventDispatcher.cpp:552
5 xul.dll mozilla::EventTargetChainItem::HandleEventTargetChain dom/events/EventDispatcher.cpp:629
Comment 1•1 year ago
|
||
Set release status flags based on info from the regressing bug 1816740
Assignee | ||
Comment 2•1 year ago
|
||
modeOpenMultiple is the last variant, this reproduces clicking on:
data:text/html,<input type=file multiple>
Updated•1 year ago
|
Assignee | ||
Comment 3•1 year ago
|
||
This seems to consistently leak an nsFilePickerProxy, at least on Linux,
tho...
Reporter | ||
Updated•1 year ago
|
Updated•1 year ago
|
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/mozilla-central/rev/16f49fd3a5dc Fix serialization of nsIFilePicker::Mode. r=ipc-reviewers,mccr8 a=RyanVM
Reporter | ||
Comment 5•1 year ago
|
||
I've landed Emilio's patch on m-c and am getting Nightly respins going. Nightly updates are paused in the mean time.
Comment 6•1 year ago
|
||
Well, there's my morning dose of horror taken care of.
(In reply to Emilio Cobos Álvarez (:emilio) from comment #3)
This seems to consistently leak an nsFilePickerProxy, at least on Linux,
tho...
If you'd prefer, you can foist that patch on me and I'll take on investigating the leak. Alternatively, we can roll back the entire offending patchset, and you can land the test-enabling patch ahead of it.
Comment 7•1 year ago
|
||
Alternatively, we can roll back the entire offending patchset, and you can land the test-enabling patch ahead of it.
Alternatively alternatively, we can, and probably should, just roll back the final patch of the set, D169855, which was the only one that touched the allocation code.
Reporter | ||
Comment 8•1 year ago
|
||
FWIW, this test was original disabled way back when due to leaks and crashes (see bug 1267491), so whatever issues it's hitting now very well may not be newly-introduced behaviors from your patches.
Comment 9•1 year ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM] from comment #8)
FWIW, this test was original disabled way back when due to leaks and crashes (see bug 1267491), so whatever issues it's hitting now very well may not be newly-introduced behaviors from your patches.
For the record: your try-push here does indicate that it's preexisting. This bug can probably be closed, and any further work done under bug 1267491.
Assignee | ||
Comment 10•1 year ago
|
||
This seems to consistently leak an nsFilePickerProxy, at least on Linux,
tho...
Updated•1 year ago
|
Comment 11•1 year ago
|
||
Pushed by ealvarez@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/794b37afb146 Try to re-enable test_picker_no_crash.html. r=rkraesig
Reporter | ||
Updated•1 year ago
|
Comment 12•1 year ago
|
||
bugherder |
Reporter | ||
Updated•1 year ago
|
Description
•