Closed Bug 1920527 Opened 2 months ago Closed 2 months ago

ASan Nightly: Crash when scrolling Google Maps place pop-up after search

Categories

(Core :: Graphics: WebRender, defect)

Product:
Core
Component:
Graphics: WebRender
Version:
Firefox 132
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
132 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox-esr128 --- unaffected
firefox130 --- unaffected
firefox131 --- unaffected
firefox132 --- fixed

People

(Reporter: bj, Unassigned)

References

(Regression)

Details

(Keywords: nightly-community, regression)

Attachments

(1 file)

The web page display before scrolling the restaurant box
839.46 KB, image/png
Details

To reproduce:
Create a new profile. Open maps.google.com. Search for restaurants. Click a restaurant from the list. Scroll the restaurant info box with the trackpad.

Expected:
The box scrolls.

Actual:
The box scrolls and then ASan Nightly goes away.

ASan Nightly build Id 20240923090434
Ubuntu 24.04.1 LTS using XFCE.

Several reports were submitted in the last hour with asanreporter.clientid bj@herbison.com. Several from my default profile and two from my new profile. The start of the most recent:

=================================================================
==103471==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7dd5a25ff0ca bp 0x7dd576bf67b0 sp 0x7dd576bf67b0 T69)
==103471==The signal is caused by a WRITE memory access.
==103471==Hint: address points to the zero page.

I tried just clicking on a location, without a search first, but the box scrolled without problem. I only tried restaurant searches.

That is a null deref so it doesn't need to be hidden. We need more frames of the stack in order to be able to triage this further.

Group: firefox-core-security

The Bugbug bot thinks this bug should belong to the 'Core::Panning and Zooming' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Panning and Zooming
Product: Firefox → Core

Taking a look at this now... I'm guessing this likely has something to do with the recent wheel transaction work that was done

Can confirm that the latest nightly after bug 1917493 was backed out no longer reproduces the crash.

Keywords: regression
Regressed by: 1917493

Fixed by a backout of bug 1917493

Status: NEW → RESOLVED
Closed: 2 months ago
Component: Panning and Zooming → Graphics: WebRender
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: