Open Bug 1966803 Opened 10 months ago Updated 10 months ago

Crash in [@ googlepinyin3.ime]

Categories

(Core :: DOM: UI Events & Focus Handling, defect, P5)

Product:
Core
Component:
DOM: UI Events & Focus Handling
Platform:
Other
Windows 11
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox140 --- affected

People

(Reporter: release-mgmt-account-bot, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/a2b6ad6e-513f-4aaa-9549-02ec90250513

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0  GooglePinyin3.ime  GooglePinyin3.ime@0x21ee50  
1  GooglePinyin3.ime  GooglePinyin3.ime@0x20a3  
2  GooglePinyin3.ime  GooglePinyin3.ime@0x21b2b7  
3  GooglePinyin3.ime  GooglePinyin3.ime@0xfea8a  
4  GooglePinyin3.ime  GooglePinyin3.ime@0x758bc  
5  GooglePinyin3.ime  GooglePinyin3.ime@0x75b93  
6  GooglePinyin3.ime  GooglePinyin3.ime@0x2a6057  
7  GooglePinyin3.ime  GooglePinyin3.ime@0x1b41  
8  GooglePinyin3.ime  GooglePinyin3.ime@0x2205dc  
9  GooglePinyin3.ime  GooglePinyin3.ime@0x220812

By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:

  • First crash report: 2025-03-20
  • Process type: Parent
  • Is startup crash: No
  • Has user comments: No
  • Is null crash: Yes - all crashes happened on null or near null memory address

I see TSFTextStoreBase in the stack, so maybe this is related to some recent IME work by Masayuki? Could you take a look? Thanks. The volume doesn't seem super high but maybe there's something that can be improved here.

Component: General → DOM: UI Events & Focus Handling
Flags: needinfo?(masayuki)

I have no idea.

It crashes while we are replying to allow to lock that to IME. And that occurs notifying TSF of a key down here. So, we grab everything which we need to guarantee the lifetime. Although the number of crashes increased since 139 which changed the TSFTextStore design, but the crash occurred on the older versions too. So, I guess that we might change the condition, but it just make it easier to hit the IME's bug. I think we should contact Google to fix the bug on their side.

Flags: needinfo?(masayuki)

Wikipedia says GooglePinyin3 is discontinued: https://en.wikipedia.org/wiki/Google_Pinyin

This is probably not actionable

Severity: -- → S3
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.