Closed
Bug 651177
Opened 14 years ago
Closed 14 years ago
[Mac] Crashes [@ nsObjectFrame::GetLayerState ]
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(firefox5+ fixed)
RESOLVED
FIXED
People
(Reporter: smichaud, Assigned: smichaud)
References
Details
(Keywords: crash, regression, topcrash)
Crash Data
Attachments
(1 file)
872 bytes,
patch
|
benjamin
:
review+
dbaron
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
In the last week (since about the 13th) this crash has become the
trunk and 2.0-branch topcrasher:
https://crash-stats.mozilla.com/query/query?product=Firefox&version=Firefox%3A6.0a1&version=Firefox%3A5.0a2&range_value=2&range_unit=weeks&date=04%2F19%2F2011+10%3A04%3A22&query_search=signature&query_type=contains&query=nsObjectFrame%3A%3AGetLayerState&build_id=&process_type=any&hang_type=any&do_query=1
All these crashes are NULL-dereferences. They're caused by a mistake
(basically a typo) in the patch for bug 617539. What should have been
a NULL check in nsPluginInstanceOwner::IsRemoteDrawingCoreAnimation()
has been turned into its opposite:
This code was used
if (mInstance)
return PR_FALSE;
where the following code should have been used
if (!mInstance)
return PR_FALSE;
I'll post a patch shortly.
Assignee | ||
Comment 1•14 years ago
|
||
I've no idea why this bug happens only on OS X.
Assignee | ||
Comment 2•14 years ago
|
||
> I've no idea why this bug happens only on OS X.
Actually, nsPluginInstanceOwner::IsRemoteDrawingCoreAnimation() is only ever called on OS X.
Assignee | ||
Comment 3•14 years ago
|
||
Assignee: nobody → smichaud
Attachment #527037 -
Flags: review?(benjamin)
Comment 4•14 years ago
|
||
Comment on attachment 527037 [details] [diff] [review]
Fix
This cannot have been a 2.0 branch topcrasher, if it was caused by the other bug which only landed for Firefox 5. But we do need this on aurora.
Attachment #527037 -
Flags: review?(benjamin) → review+
Updated•14 years ago
|
status-firefox5:
--- → affected
tracking-firefox5:
--- → +
Assignee | ||
Comment 5•14 years ago
|
||
> This cannot have been a 2.0 branch topcrasher, if it was caused by the other
> bug which only landed for Firefox 5. But we do need this on aurora.
You're right. Sorry, I got my branches mixes up.
Assignee | ||
Updated•14 years ago
|
Assignee | ||
Comment 6•14 years ago
|
||
Comment on attachment 527037 [details] [diff] [review]
Fix
Landed on the trunk:
http://hg.mozilla.org/mozilla-central/rev/28bcd72b4d92
Assignee | ||
Updated•14 years ago
|
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 7•14 years ago
|
||
So what happens next?
I suspect this fix should be pushed to aurora before the next
scheduled merge from mozilla-central. Should I request approval? Or
should I just wait for others to deal with it?
Comment 8•14 years ago
|
||
Yes, you should request approval, as noted in the dev-planning threads.
Assignee | ||
Comment 9•14 years ago
|
||
> Yes, you should request approval, as noted in the dev-planning
> threads.
Thanks.
I've read the thread at
http://groups.google.com/group/mozilla.dev.planning/browse_thread/thread/61efaf6a258cbb4c#.
But it was unclear to me who should initiate the approval process --
the developer (as has been the case up til now) or others.
You've told me that developers should continue to have the primary
responsibility for making approval requests.
Assignee | ||
Updated•14 years ago
|
Attachment #527037 -
Flags: approval-mozilla-aurora?
Comment on attachment 527037 [details] [diff] [review]
Fix
approved for mozilla-aurora (from triage meeting)
Attachment #527037 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Assignee | ||
Updated•14 years ago
|
Assignee | ||
Comment 11•14 years ago
|
||
Comment on attachment 527037 [details] [diff] [review]
Fix
Landed on mozilla-aurora:
http://hg.mozilla.org/mozilla-aurora/rev/072e8fbd2867
Assignee | ||
Updated•14 years ago
|
Comment 12•14 years ago
|
||
This crash no longer shows in trunk crash data.
On Aurora there are a few crashes with Build ID 20110420042005 but that build might not have picked up the fix.
Updated•14 years ago
|
Crash Signature: [@ nsObjectFrame::GetLayerState ]
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•