Open Bug 1905448 Opened 2 months ago Updated 2 months ago

[macOS 14] Crash in [@ getMethodFromListArray<T>] with "Sidecar" on stack

Categories

(Core :: Widget: Cocoa, defect, P3)

defect

Tracking

()

Tracking Status
firefox-esr115 --- affected
firefox127 --- affected
firefox128 --- affected
firefox129 --- affected

People

(Reporter: aryx, Unassigned)

References

Details

(Keywords: crash)

Crash Data

Not a new signature. ~30 crashes per release cycle, only on macOS 14.

Crash report: https://crash-stats.mozilla.org/report/index/79945d2e-4ed8-451f-abbf-c35560240628

Reason: EXC_BAD_ACCESS / KERN_MEMORY_ERROR

Top 10 frames:

0  libobjc.A.dylib  getMethodFromListArray<method_list_t**>(method_list_t**, unsigned int, objc_s...
1  libobjc.A.dylib  lookUpImpOrForward
2  libobjc.A.dylib  _objc_msgSend_uncached
3  Foundation  _decodeObject
4  Foundation  __44-[NSXPCDecoder _decodeArrayOfObjectsForKey:]_block_invoke
5  Foundation  _NSXPCSerializationIterateArrayObject
6  Foundation  -[NSXPCDecoder _decodeArrayOfObjectsForKey:]
7  Foundation  -[NSArray(NSArray) initWithCoder:]
8  Foundation  _decodeObject
9  Foundation  -[NSXPCDecoder _decodeObjectOfClasses:atObject:]

In particular see bug 1801419 comment #68.

All of this bug's crashes have "Sidecar" in the proto signature.

Summary: [macOS 14] Crash in [@ getMethodFromListArray<T>] → [macOS 14] Crash in [@ getMethodFromListArray<T>] with "Sidecar" on stack

Typical crash stack:

Crashing Thread (0), Name: MainThread
Frame  Module  Signature  Source  Trust
0  libobjc.A.dylib  getMethodFromListArray<method_list_t**>(method_list_t**, unsigned int, objc_selector*)   context
1  libobjc.A.dylib  lookUpImpOrForward   cfi
2  libobjc.A.dylib  _objc_msgSend_uncached   cfi
3  AppKit  -[NSWindowSidecarMenuController reloadData]   cfi
4  AppKit  _NSWindowMenuUpdateSidecarItems   cfi
5  AppKit  -[NSWindow _windowTilingMenu]   cfi
6  AppKit  -[_NSThemeZoomWidgetCell showMenu:]   cfi
7  Foundation  __NSFireDelayedPerform   cfi
8  CoreFoundation  __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__   cfi
9  CoreFoundation  __CFRunLoopDoTimer   cfi
10  CoreFoundation  __CFRunLoopDoTimers   cfi
11  CoreFoundation  __CFRunLoopRun   cfi
12  CoreFoundation  CFRunLoopRunSpecific   cfi
13  HIToolbox  RunCurrentEventLoopInMode   cfi
14  HIToolbox  ReceiveNextEventCommon   cfi
15  HIToolbox  _BlockUntilNextEventMatchingListInModeWithFilter   cfi
16  AppKit  _DPSNextEvent   cfi
17  AppKit  -[NSApplication(NSEventRouting) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]   cfi
18  XUL  -[GeckoNSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]  widget/cocoa/nsAppShell.mm:196  cfi
19  AppKit  -[NSApplication run]   cfi
20  XUL  -[GeckoNSApplication run]  widget/cocoa/nsAppShell.mm:174  cfi
21  XUL  nsAppShell::Run()  widget/cocoa/nsAppShell.mm:871  cfi
22  XUL  nsAppStartup::Run()  toolkit/components/startup/nsAppStartup.cpp:296  cfi
23  XUL  XREMain::XRE_mainRun()  toolkit/xre/nsAppRunner.cpp:5741  cfi
24  XUL  XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&)  toolkit/xre/nsAppRunner.cpp:5953  cfi
25  XUL  XRE_main(int, char**, mozilla::BootstrapConfig const&)  toolkit/xre/nsAppRunner.cpp:6010  cfi
26  firefox  do_main(int, char**, char**)  browser/app/nsBrowserApp.cpp:230  inlined
26  firefox  main  browser/app/nsBrowserApp.cpp:448  cfi
27  dyld  start   cfi

The severity field is not set for this bug.
:spohl, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(spohl.mozilla.bugs)
Severity: -- → S3
Flags: needinfo?(spohl.mozilla.bugs)
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.