Closed Bug 1845198 Opened 2 years ago Closed 15 days ago

Crash in [@ mozilla::ContentCache::AssertIfInvalid]

Categories

(Core :: DOM: UI Events & Focus Handling, defect, P3)

Product:
Core
Component:
DOM: UI Events & Focus Handling
Platform:
Unspecified
Windows 11
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: mccr8, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, inputmethod)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/4d79bac7-7383-44ff-a395-085770230718

MOZ_CRASH Reason: MOZ_DIAGNOSTIC_ASSERT(false) (Invalid ContentCache data)

Top 10 frames of crashing thread:

0  xul.dll  mozilla::ContentCache::AssertIfInvalid const  widget/ContentCache.cpp:110
1  xul.dll  mozilla::ContentCacheInChild::CacheCaret  widget/ContentCache.cpp:271
2  xul.dll  mozilla::ContentCacheInChild::SetSelection  widget/ContentCache.cpp:686
3  xul.dll  mozilla::widget::PuppetWidget::NotifyIMEOfSelectionChange  widget/PuppetWidget.cpp:837
4  xul.dll  mozilla::widget::TextEventDispatcher::NotifyIME  widget/TextEventDispatcher.cpp:456
5  xul.dll  nsBaseWidget::NotifyIME  widget/nsBaseWidget.cpp:1901
6  xul.dll  mozilla::IMEStateManager::NotifyIME  dom/events/IMEStateManager.cpp:2123
7  xul.dll  mozilla::IMEContentObserver::IMENotificationSender::SendSelectionChange  dom/events/IMEContentObserver.cpp:1924
8  xul.dll  mozilla::IMEContentObserver::IMENotificationSender::Run  dom/events/IMEContentObserver.cpp:1747
9  xul.dll  nsRefreshDriver::Tick  layout/base/nsRefreshDriver.cpp:2534

This crash was found by suhaib's experimental automatic crash filing work.

This looks like logging adding in bug 1841466. There are two crashes so far. This one has the comment "i literally was just editing text and highlighted in blue and clicked delete"

The other crash is bp-1904eeb8-ae8d-4e80-8c25-a833f0230718

Masayuki, you might be interested in this.

Oh, yeah...

ContentCache={ mText={ Length()=0 }, mSelection={ mAnchor=33, mFocus=33 }, mCaret={ mOffset=33 }, mTextRectArray=Nothing, mCompositionStart=Nothing }

So, it seems that the instance has not received text change notifications, but starts to retrieve the latest selection. However, I fixed a lot of cases, so, I have no idea how to reproduce this, but I'll try to investigate.

Severity: -- → S3
Priority: -- → P3

Bug 1870958 has a fuzz testcase

Flags: needinfo?(masayuki)
See Also: → 1870958

(In reply to Mayank Bansal from comment #2)

Bug 1870958 has a fuzz testcase

Thank you, but the testcase is really tricky. Therefore, I'm not sure whether the cause(s) of crash reports are also fixed by the coming patch.

Flags: needinfo?(masayuki)

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 15 days ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.