The default bug view has changed. See this FAQ.

[Mac] Crashes [@ nsObjectFrame::GetLayerState ]

RESOLVED FIXED

Status

()

Core
Plug-ins
--
critical
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: smichaud, Assigned: smichaud)

Tracking

({crash, regression, topcrash})

Trunk
x86_64
Mac OS X
crash, regression, topcrash
Points:
---

Firefox Tracking Flags

(firefox5+ fixed)

Details

(crash signature)

Attachments

(1 attachment)

In the last week (since about the 13th) this crash has become the
trunk and 2.0-branch topcrasher:

https://crash-stats.mozilla.com/query/query?product=Firefox&version=Firefox%3A6.0a1&version=Firefox%3A5.0a2&range_value=2&range_unit=weeks&date=04%2F19%2F2011+10%3A04%3A22&query_search=signature&query_type=contains&query=nsObjectFrame%3A%3AGetLayerState&build_id=&process_type=any&hang_type=any&do_query=1

All these crashes are NULL-dereferences.  They're caused by a mistake
(basically a typo) in the patch for bug 617539.  What should have been
a NULL check in nsPluginInstanceOwner::IsRemoteDrawingCoreAnimation()
has been turned into its opposite:

This code was used

if (mInstance)
  return PR_FALSE;

where the following code should have been used

if (!mInstance)
  return PR_FALSE;

I'll post a patch shortly.
(Assignee)

Comment 1

6 years ago
I've no idea why this bug happens only on OS X.
(Assignee)

Comment 2

6 years ago
> I've no idea why this bug happens only on OS X.

Actually, nsPluginInstanceOwner::IsRemoteDrawingCoreAnimation() is only ever called on OS X.
(Assignee)

Comment 3

6 years ago
Created attachment 527037 [details] [diff] [review]
Fix
Assignee: nobody → smichaud
Attachment #527037 - Flags: review?(benjamin)
Comment on attachment 527037 [details] [diff] [review]
Fix

This cannot have been a 2.0 branch topcrasher, if it was caused by the other bug which only landed for Firefox 5. But we do need this on aurora.
Attachment #527037 - Flags: review?(benjamin) → review+
status-firefox5: --- → affected
tracking-firefox5: --- → +
(Assignee)

Comment 5

6 years ago
> This cannot have been a 2.0 branch topcrasher, if it was caused by the other
> bug which only landed for Firefox 5. But we do need this on aurora.

You're right.  Sorry, I got my branches mixes up.
(Assignee)

Updated

6 years ago
Depends on: 617539
(Assignee)

Updated

6 years ago
Keywords: crash, regression, topcrash
(Assignee)

Comment 6

6 years ago
Comment on attachment 527037 [details] [diff] [review]
Fix

Landed on the trunk:
http://hg.mozilla.org/mozilla-central/rev/28bcd72b4d92
(Assignee)

Updated

6 years ago
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
(Assignee)

Comment 7

6 years ago
So what happens next?

I suspect this fix should be pushed to aurora before the next
scheduled merge from mozilla-central.  Should I request approval?  Or
should I just wait for others to deal with it?
Yes, you should request approval, as noted in the dev-planning threads.
(Assignee)

Comment 9

6 years ago
> Yes, you should request approval, as noted in the dev-planning
> threads.

Thanks.

I've read the thread at
http://groups.google.com/group/mozilla.dev.planning/browse_thread/thread/61efaf6a258cbb4c#.
But it was unclear to me who should initiate the approval process --
the developer (as has been the case up til now) or others.

You've told me that developers should continue to have the primary
responsibility for making approval requests.
(Assignee)

Updated

6 years ago
Attachment #527037 - Flags: approval-mozilla-aurora?
Comment on attachment 527037 [details] [diff] [review]
Fix

approved for mozilla-aurora (from triage meeting)
Attachment #527037 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
(Assignee)

Updated

6 years ago
Blocks: 617539
No longer depends on: 617539
Comment on attachment 527037 [details] [diff] [review]
Fix

Landed on mozilla-aurora:
http://hg.mozilla.org/mozilla-aurora/rev/072e8fbd2867
(Assignee)

Updated

6 years ago
status-firefox5: affected → fixed
This crash no longer shows in trunk crash data.

On Aurora there are a few crashes with Build ID 20110420042005 but that build might not have picked up the fix.
Crash Signature: [@ nsObjectFrame::GetLayerState ]
You need to log in before you can comment on or make changes to this bug.