Closed
Bug 641057
Opened 14 years ago
Closed 14 years ago
[Mac] Firefox 4.0 crash [@ -[ChildView updatePluginFocusStatus:] ]
Categories
(Core :: Widget: Cocoa, defect)
Tracking
()
RESOLVED
FIXED
mozilla5
People
(Reporter: smichaud, Assigned: smichaud)
References
Details
(Keywords: crash, topcrash)
Crash Data
Attachments
(2 files, 2 obsolete files)
1.30 KB,
patch
|
jaas
:
review+
|
Details | Diff | Splinter Review |
1.50 KB,
patch
|
dveditz
:
approval2.0+
|
Details | Diff | Splinter Review |
There are a bunch of these at https://crash-stats.mozilla.com/. There've been 24 in the last week, which puts this crash at #17 in the list of Mac topcrashers. https://crash-stats.mozilla.com/report/list?product=Firefox&version=Firefox%3A4.0&platform=mac&query_search=signature&query_type=exact&query=&date=03%2F11%2F2011%2010%3A36%3A53&range_value=1&range_unit=weeks&hang_type=any&process_type=any&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&admin=&signature=-%5BChildView%20updatePluginFocusStatus%3A%5D They're all null-dereferences at the following line: http://hg.mozilla.org/releases/mozilla-2.0/annotate/5f8f494a4c29/widget/src/cocoa/nsChildView.mm#l5944 Which shows that the NS_QUERY_DOM_WIDGET_HITTEST event sent by [ChildView currentEventShouldFocusPlugin] can cause our widget to be deleted, nulling out mGeckoChild. I'll post a patch in my next comment.
Assignee | ||
Updated•14 years ago
|
Severity: normal → critical
Assignee | ||
Updated•14 years ago
|
Summary: Firefox 4.0 crash [@ -[ChildView updatePluginFocusStatus:] ] → [Mac] Firefox 4.0 crash [@ -[ChildView updatePluginFocusStatus:] ]
Assignee | ||
Updated•14 years ago
|
Comment 2•14 years ago
|
||
It's been a couple of years since I looked at this code, but don't you need nsAutoRetainCocoaObject kungFuDeathGrip(self); before that call to ensure it's safe to peek at the mGeckoChild member?
Assignee | ||
Comment 3•14 years ago
|
||
Yes, that's probably a good idea. And I see there are already several places in nsChildView.mm where "nsAutoRetainCocoaObject kungFuDeathGrip(self);" is added before dispatching a Gecko event, if mGeckoChild is to be checked afterwards. New patch coming up. Thanks :-)
Assignee | ||
Comment 4•14 years ago
|
||
Attachment #518826 -
Attachment is obsolete: true
Attachment #518862 -
Flags: review?(joshmoz)
Attachment #518826 -
Flags: review?(joshmoz)
Comment 5•14 years ago
|
||
Two comments in crash stats indicate the following: I was working on my farm on Facebook, I toggled the full screen tab and crashed. Refreshing FB page that had flash content
Attachment #518862 -
Flags: review?(joshmoz) → review+
Assignee | ||
Comment 7•14 years ago
|
||
Assignee | ||
Comment 9•14 years ago
|
||
Ehsan landed this for me on cedar: http://hg.mozilla.org/projects/cedar/rev/4c7d52ed5ccd It should get merged to mozilla-central later today.
Assignee | ||
Comment 10•14 years ago
|
||
My rev1 patch just landed on mozilla-central: http://hg.mozilla.org/mozilla-central/rev/4c7d52ed5ccd
Assignee | ||
Updated•14 years ago
|
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 11•14 years ago
|
||
I'm tentatively marking this status2.0.1-fixed+ But (with our new arrangements) I don't know whether this is enough by itself to get my patch into the next release on the 2.0 branch.
Assignee | ||
Comment 12•14 years ago
|
||
> But (with our new arrangements) I don't know whether this is enough
> by itself to get my patch into the next release on the 2.0 branch.
Actually it probably isn't, since we're still using the old system for
Firefox 4.0.X.
Assignee | ||
Comment 13•14 years ago
|
||
Comment on attachment 523354 [details] [diff] [review] Unbitrotted rev1 patch that's easier for someone else to land This is a trivial patch (a NULL check) that fixes a Mac topcrasher. It has zero risk.
Attachment #523354 -
Flags: approval2.0?
Comment 14•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/4c7d52ed5ccd
Target Milestone: --- → mozilla2.2
Comment 15•14 years ago
|
||
Comment on attachment 523354 [details] [diff] [review] Unbitrotted rev1 patch that's easier for someone else to land Approved for the mozilla2.0 repository, a=dveditz for release-drivers
Attachment #523354 -
Flags: approval2.0? → approval2.0+
Assignee | ||
Comment 16•14 years ago
|
||
Comment on attachment 523354 [details] [diff] [review] Unbitrotted rev1 patch that's easier for someone else to land Landed on the 2.0 branch: http://hg.mozilla.org/releases/mozilla-2.0/rev/12107407598c
Assignee | ||
Updated•14 years ago
|
Keywords: fixed-mozilla2.0
Updated•13 years ago
|
Crash Signature: [@ -[ChildView updatePluginFocusStatus:] ]
You need to log in
before you can comment on or make changes to this bug.
Description
•