Closed
Bug 532585
Opened 15 years ago
Closed 15 years ago
Crash [@ nsMenuX::MyMenuEventHandler]
Categories
(Core :: Widget: Cocoa, defect)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
status1.9.2 | --- | .4-fixed |
People
(Reporter: bfrisch, Assigned: bfrisch)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
1.40 KB,
patch
|
jaas
:
review+
beltzner
:
approval1.9.2.2-
dveditz
:
approval1.9.2.4+
|
Details | Diff | Splinter Review |
While browsing the crash database I noticed that http://crash-stats.mozilla.com/report/list?product=Firefox&platform=mac&query_search=signature&query_type=exact&query=MyMenuEventHandler&date=&range_value=1&range_unit=weeks&do_query=1&signature=MyMenuEventHandler lists 13 crashes in MyMenuEventHandler in 3.5 and 3.6. The crash should be mitigated by the earlier check of the visible item count, but while I couldn't reproduce the crash myself, even with various configurations in the menu editor extension, it seems that GetVisibleItemAt is probably returning NULL even if aPos < what GetVisibleItemCount would return, as GetVisibleItemAt queries the content node's visibility state during the loop to check visibility. As such, it's possible that the node visibility could have changed in the content node, but the menu item could not have received the notification yet, so, it could still be clickable and counted as being visible (probably exacerbated by the combination of the Mac OS and the Gecko event loops). Furthermore, all of the users who crashed do have the menu editor extension installed, so, it is very likely that they would make some nodes invisible, thus requiring the check of each menu node's visibility. Patch that should fix it is coming up shortly.
Assignee | ||
Comment 1•15 years ago
|
||
Assignee | ||
Comment 2•15 years ago
|
||
Comment on attachment 415803 [details] [diff] [review] Crash Fix v.1 This should fix the crash by checking if targetMenu->GetVisibleItemAt returns null and returning eventNotHandledErr if it does. targetMenu->GetVisibileItemAt checks the visible item count initially anyway. I am still having trouble reproducing the crash even once, but this seems to be a simple and logical fix for the crash reports which all occurred on the same "if (target->MenuObjectType() == eMenuItemObjectType) {" line of code.
Attachment #415803 -
Flags: review? → review?(joshmoz)
Keywords: crash
Summary: Crash [@nsMenuX::MyMenuEventHandler] → Crash [@ nsMenuX::MyMenuEventHandler]
Doesn't look like we're crashing accessing NULL in most cases, we're crashing on a bad address which is not 0x0. If that is true then a NULL check won't usually help.
Comment on attachment 415803 [details] [diff] [review] Crash Fix v.1 I think this patch makes things safer and more efficient whether or not it actually fixes the crash. We should take it.
Attachment #415803 -
Flags: review?(joshmoz) → review+
pushed to mozilla-central http://hg.mozilla.org/mozilla-central/rev/df6c991d388e
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Attachment #415803 -
Flags: approval1.9.2.1?
Comment 6•14 years ago
|
||
Comment on attachment 415803 [details] [diff] [review] Crash Fix v.1 Another that we should take in 1.9.2.3, really. Simple fix, obviously safe.
Attachment #415803 -
Flags: approval1.9.2.3?
Attachment #415803 -
Flags: approval1.9.2.2?
Attachment #415803 -
Flags: approval1.9.2.2-
Comment 7•14 years ago
|
||
Comment on attachment 415803 [details] [diff] [review] Crash Fix v.1 Approved for 1.9.2.4, a=dveditz for release-drivers Josh: can you check this in?
Attachment #415803 -
Flags: approval1.9.2.4? → approval1.9.2.4+
pushed to mozilla-1.9.2 http://hg.mozilla.org/releases/mozilla-1.9.2/rev/f22f55466394
status1.9.2:
--- → .4-fixed
Comment 9•14 years ago
|
||
Is there anything for QA to verify here for 1.9.2? It doesn't look like there is a reproducible case.
Updated•13 years ago
|
Crash Signature: [@ nsMenuX::MyMenuEventHandler]
You need to log in
before you can comment on or make changes to this bug.
Description
•