Closed Bug 1917794 Opened 2 months ago Closed 1 month ago

Make sure we have valid wl_surface user_data

Categories

(Core :: Widget: Gtk, defect, P3)

defect

Tracking

()

RESOLVED FIXED
132 Branch
Tracking Status
firefox132 --- fixed

People

(Reporter: stransky, Assigned: stransky)

References

Details

Crash Data

Attachments

(3 files, 1 obsolete file)

Make sure we have valid wl_surface user_data.

libgobject-2.0.so.0  g_type_check_instance_cast  /usr/src/debug/glib2-2.80.3-1.fc40.x86_64/gobject/gtype.c:4180
1  libxul.so  mozilla::widget::PointerState::GetWindow()  widget/gtk/nsWaylandDisplay.cpp:68
2  libxul.so  mozilla::widget::gesture_hold_end(void*, zwp_pointer_gesture_hold_v1*, unsign...  widget/gtk/nsWaylandDisplay.cpp:88
3  libffi.so.8  ffi_call_unix64  /usr/src/debug/libffi-3.4.4-7.fc40.x86_64/src/x86/unix64.S:104
4  libffi.so.8  ffi_call_int  /usr/src/debug/libffi-3.4.4-7.fc40.x86_64/src/x86/ffi64.c:673
5  libffi.so.8  ffi_call  /usr/src/debug/libffi-3.4.4-7.fc40.x86_64/src/x86/ffi64.c:710
6  libwayland-client.so.0  wl_closure_invoke  /usr/src/debug/wayland-1.23.0-2.fc40.x86_64/src/connection.c:1228
7  libwayland-client.so.0  dispatch_event  /usr/src/debug/wayland-1.23.0-2.fc40.x86_64/src/wayland-client.c:1670
8  libwayland-client.so.0  dispatch_queue  /usr/src/debug/wayland-1.23.0-2.fc40.x86_64/src/wayland-client.c:1816
8  libwayland-client.so.0  wl_display_dispatch_queue_pending  /usr/src/debug/wayland-1.23.0-2.fc40.x86_64/src/wayland-client.c:2058
Assignee: nobody → stransky
Status: NEW → ASSIGNED
Duplicate of this bug: 1917634
Attachment #9423796 - Attachment is obsolete: true
Pushed by stransky@redhat.com: https://hg.mozilla.org/integration/autoland/rev/d754ac3b9cba [Wayland] Use and store wl_surface passed to touch events r=emilio
Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 132 Branch
Crash Signature: [@ g_type_check_instance_is_fundamentally_a ]

The fix doesn't seem to be sufficient. I can still get it to crash quite easily (e.g. bp-e3c401bb-6903-4cf0-ab52-dd3f10240915):

  1. Press Ctrl+S to open a file chooser dialog
  2. With the cursor above the dialog above the Firefox window, place and keep two fingers on the touch pad
  3. Press ESC to close the dialog
Crash Signature: [@ g_type_check_instance_is_fundamentally_a ] → [@ g_type_check_instance_is_fundamentally_a ] [@ g_type_check_instance_cast ]
Flags: needinfo?(stransky)
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

I do see it too, looks like we can't store the surface here as we don't get any info it's released. We should rather save reference to nsWindow used for a gesture.

Flags: needinfo?(stransky)
Pushed by stransky@redhat.com: https://hg.mozilla.org/integration/autoland/rev/3cd441d51923 [Wayland] Store gesture nsWindow instead of wl_surface r=emilio
Status: REOPENED → RESOLVED
Closed: 2 months ago1 month ago
Resolution: --- → FIXED

I'm still getting crashes sometimes after closing a file chooser (bp-1c69f5bd-8d74-4815-b2c9-91bea0240921). Haven't found a reliable reproducer yet.

(In reply to Jan Alexander Steffens [:heftig] from comment #12)

I'm still getting crashes sometimes after closing a file chooser (bp-1c69f5bd-8d74-4815-b2c9-91bea0240921). Haven't found a reliable reproducer yet.

The crash mean gesture_hold_begin() is called with nullptr surface argument. Not sure if that's Wayland protocol violation but we can add check for it.

Flags: needinfo?(stransky)
Crash Signature: [@ g_type_check_instance_is_fundamentally_a ] [@ g_type_check_instance_cast ] → [@ g_type_check_instance_is_fundamentally_a ] [@ g_type_check_instance_cast ] [@ wl_proxy_get_user_data | wl_surface_get_user_data ]
Flags: needinfo?(stransky)
Pushed by stransky@redhat.com: https://hg.mozilla.org/integration/autoland/rev/f5d0056e2d32 [Wayland] Doesn't crash on null surface passed to gesture_hold_begin r=emilio

A patch has been attached on this bug, which was already closed. Filing a separate bug will ensure better tracking. If this was not by mistake and further action is needed, please alert the appropriate party. (Or: if the patch doesn't change behavior -- e.g. landing a test case, or fixing a typo -- then feel free to disregard this message)

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: