Make sure we have valid wl_surface user_data
Categories
(Core :: Widget: Gtk, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox132 | --- | fixed |
People
(Reporter: stransky, Assigned: stransky)
References
Details
Crash Data
Attachments
(3 files, 1 obsolete file)
Make sure we have valid wl_surface user_data.
Assignee | ||
Comment 1•2 months ago
|
||
libgobject-2.0.so.0 g_type_check_instance_cast /usr/src/debug/glib2-2.80.3-1.fc40.x86_64/gobject/gtype.c:4180
1 libxul.so mozilla::widget::PointerState::GetWindow() widget/gtk/nsWaylandDisplay.cpp:68
2 libxul.so mozilla::widget::gesture_hold_end(void*, zwp_pointer_gesture_hold_v1*, unsign... widget/gtk/nsWaylandDisplay.cpp:88
3 libffi.so.8 ffi_call_unix64 /usr/src/debug/libffi-3.4.4-7.fc40.x86_64/src/x86/unix64.S:104
4 libffi.so.8 ffi_call_int /usr/src/debug/libffi-3.4.4-7.fc40.x86_64/src/x86/ffi64.c:673
5 libffi.so.8 ffi_call /usr/src/debug/libffi-3.4.4-7.fc40.x86_64/src/x86/ffi64.c:710
6 libwayland-client.so.0 wl_closure_invoke /usr/src/debug/wayland-1.23.0-2.fc40.x86_64/src/connection.c:1228
7 libwayland-client.so.0 dispatch_event /usr/src/debug/wayland-1.23.0-2.fc40.x86_64/src/wayland-client.c:1670
8 libwayland-client.so.0 dispatch_queue /usr/src/debug/wayland-1.23.0-2.fc40.x86_64/src/wayland-client.c:1816
8 libwayland-client.so.0 wl_display_dispatch_queue_pending /usr/src/debug/wayland-1.23.0-2.fc40.x86_64/src/wayland-client.c:2058
Assignee | ||
Comment 2•2 months ago
|
||
Updated•2 months ago
|
Updated•2 months ago
|
Assignee | ||
Comment 4•2 months ago
|
||
Updated•2 months ago
|
Comment 7•2 months ago
•
|
||
The fix doesn't seem to be sufficient. I can still get it to crash quite easily (e.g. bp-e3c401bb-6903-4cf0-ab52-dd3f10240915):
- Press Ctrl+S to open a file chooser dialog
- With the cursor above the dialog above the Firefox window, place and keep two fingers on the touch pad
- Press ESC to close the dialog
Assignee | ||
Updated•1 months ago
|
Updated•1 months ago
|
Assignee | ||
Comment 8•1 months ago
|
||
I do see it too, looks like we can't store the surface here as we don't get any info it's released. We should rather save reference to nsWindow used for a gesture.
Assignee | ||
Comment 9•1 months ago
|
||
Assignee | ||
Updated•1 months ago
|
Comment 10•1 month ago
|
||
Comment 11•1 month ago
|
||
bugherder |
Comment 12•1 month ago
|
||
I'm still getting crashes sometimes after closing a file chooser (bp-1c69f5bd-8d74-4815-b2c9-91bea0240921). Haven't found a reliable reproducer yet.
Assignee | ||
Comment 13•1 month ago
|
||
(In reply to Jan Alexander Steffens [:heftig] from comment #12)
I'm still getting crashes sometimes after closing a file chooser (bp-1c69f5bd-8d74-4815-b2c9-91bea0240921). Haven't found a reliable reproducer yet.
The crash mean gesture_hold_begin() is called with nullptr surface argument. Not sure if that's Wayland protocol violation but we can add check for it.
Updated•1 month ago
|
Assignee | ||
Comment 14•1 month ago
|
||
Assignee | ||
Updated•1 month ago
|
Comment 15•1 month ago
|
||
Comment 16•1 month ago
|
||
A patch has been attached on this bug, which was already closed. Filing a separate bug will ensure better tracking. If this was not by mistake and further action is needed, please alert the appropriate party. (Or: if the patch doesn't change behavior -- e.g. landing a test case, or fixing a typo -- then feel free to disregard this message)
Comment 17•1 month ago
|
||
bugherder |
Description
•