Null crash in [@ gtk_style_context_get_path] via GtkWidgets::CreateSubStyleWithClass
Categories
(Core :: Widget: Gtk, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox-esr128 | --- | unaffected |
| firefox-esr140 | --- | unaffected |
| firefox141 | --- | unaffected |
| firefox142 | --- | fixed |
| firefox143 | --- | fixed |
People
(Reporter: mccr8, Assigned: emilio)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
diannaS
:
approval-mozilla-beta+
|
Details | Review |
Crash report: https://crash-stats.mozilla.org/report/index/ca9d82c2-63fb-4656-af1f-716860250716
Reason:
SIGSEGV / SEGV_MAPERR
Top 10 frames:
0 libgtk-3.so.0 gtk_style_context_get_path /tmp/buildd/gtk+3.0-3.14.5/gtk/gtkstylecontext.c:1432
1 libxul.so mozilla::widget::GtkWidgets::CreateSubStyleWithClass(mozilla::widget::GtkWidg... widget/gtk/GtkWidgets.cpp:398
2 libxul.so mozilla::widget::GtkWidgets::GetWidgetStyleInternal(mozilla::widget::GtkWidge... widget/gtk/GtkWidgets.cpp
2 libxul.so mozilla::widget::GtkWidgets::GetStyle(mozilla::widget::GtkWidgets::Type, int,... widget/gtk/GtkWidgets.cpp:528
3 libxul.so nsLookAndFeel::PerThemeData::Init() widget/gtk/nsLookAndFeel.cpp:2216
4 libxul.so nsLookAndFeel::Initialize() widget/gtk/nsLookAndFeel.cpp:1745
5 libxul.so nsXPLookAndFeel::GetInstance() widget/nsXPLookAndFeel.cpp:373
6 libxul.so mozilla::LookAndFeel::EnsureInit() widget/nsXPLookAndFeel.cpp:1491
6 libxul.so nsContentUtils::Init() dom/base/nsContentUtils.cpp:1138
6 libxul.so nsLayoutStatics::Initialize() layout/build/nsLayoutStatics.cpp:156
The volume is low. There have been 28 crashes in the last 3 months, all on 142a1, so maybe it is a regression? These are null crashes. Maybe GtkWidgets::CreateSubStyleWithClass() is passing in null to gtk_style_context_get_path?
|
||
Comment 1•5 months ago
•
|
||
Hi Emilio,
This bug seems relating to bug 1973702.
CreateWidget() in GtkWidgets.cpp return nullptr for Type::ScrollbarThumb.
According to the crash report, nsLookAndFeel::PerThemeData::Init() [1] on the stack will cause calling CreateWidget() with this type.
It eventually calls gtk_style_context_get_path() passing NULL as an argument, causing the crash.
I have checked out the code of gtk-3.14.0 to check gtk_style_context_get_path(). The first thing it does is to dereference context it's argument.
That is NULL.
|
Assignee | |
Comment 2•5 months ago
|
||
This restores the pre-regression status. There's still other fatal
assertions if you hit this code-path but those don't hit on release
builds so I think we're ok.
|
||
Updated•5 months ago
|
|
|
Assignee | |
Comment 3•5 months ago
|
||
Mike, given https://repology.org/project/gtk/versions, would it be fine to drop support for anything older than gtk 3.24 (or at least 3.20)?
It's clearly not getting any real testing, and all distros that package those are EOLd a while ago (Ubuntu 18.04 has 3.22 for example)
|
|
Assignee | |
Comment 4•5 months ago
|
||
Comment on attachment 9502890 [details]
Bug 1978136 - Fix pre-gtk-3.20 codepath for scrollbar styling. r=stransky
Beta/Release Uplift Approval Request
- User impact if declined/Reason for urgency: Fixes startup crash with gtk versions we claim to support.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: none
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Fixes a typo in regressing bug.
- String changes made/needed: none
- Is Android affected?: No
|
||
Comment 6•5 months ago
|
||
| bugherder | ||
|
||
Comment 7•5 months ago
|
||
Comment on attachment 9502890 [details]
Bug 1978136 - Fix pre-gtk-3.20 codepath for scrollbar styling. r=stransky
Approved for 142.0b5
|
|
||
Updated•5 months ago
|
|
||
Updated•5 months ago
|
|
||
Updated•2 months ago
|
Description
•