Open Bug 1876651 Opened 2 years ago Updated 2 years ago

Crash in [@ nsISHEntry::GetWindowState] from nsDocShell::RestoreFromHistory() on Android

Categories

(Core :: DOM: Navigation, defect)

Product:
Core
Component:
DOM: Navigation
Platform:
Unspecified
Android
Type:
defect

Tracking

()

People

(Reporter: mccr8, Unassigned)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/e863736a-584d-4d0d-a3f5-5f9a50240125

Reason: SIGSEGV / SEGV_MAPERR

Top 10 frames of crashing thread:

0  libxul.so  nsISHEntry::GetWindowState  dist/include/nsISHEntry.h:221
0  libxul.so  nsDocShell::RestoreFromHistory  docshell/base/nsDocShell.cpp:7391
0  libxul.so  nsDocShell::RestorePresentationEvent::Run  docshell/base/nsDocShell.cpp:7010
1  libxul.so  mozilla::RunnableTask::Run  xpcom/threads/TaskController.cpp:549
2  libxul.so  mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal  xpcom/threads/TaskController.cpp:876
3  libxul.so  mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal  xpcom/threads/TaskController.cpp:699
3  libxul.so  mozilla::TaskController::ProcessPendingMTTask  xpcom/threads/TaskController.cpp:485
3  libxul.so  mozilla::TaskController::TaskController const  xpcom/threads/TaskController.cpp:211
3  libxul.so  mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController  xpcom/threads/nsThreadUtils.h:548
4  libxul.so  nsThread::ProcessNextEvent  xpcom/threads/nsThread.cpp:1199

This looks like a null deref.

The crash is on this line: nsCOMPtr<nsISupports> windowState = mLSHE->GetWindowState();

So maybe mLSHE is null?

This is coming from the old session history, so yes, Android only.

You need to log in before you can comment on or make changes to this bug.