Closed Bug 651177 Opened 9 years ago Closed 9 years ago

[Mac] Crashes [@ nsObjectFrame::GetLayerState ]

Categories

(Core :: Plug-ins, defect, critical)

x86_64
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED
Tracking Status
firefox5 + fixed

People

(Reporter: smichaud, Assigned: smichaud)

References

Details

(Keywords: crash, regression, topcrash)

Crash Data

Attachments

(1 file)

In the last week (since about the 13th) this crash has become the
trunk and 2.0-branch topcrasher:

https://crash-stats.mozilla.com/query/query?product=Firefox&version=Firefox%3A6.0a1&version=Firefox%3A5.0a2&range_value=2&range_unit=weeks&date=04%2F19%2F2011+10%3A04%3A22&query_search=signature&query_type=contains&query=nsObjectFrame%3A%3AGetLayerState&build_id=&process_type=any&hang_type=any&do_query=1

All these crashes are NULL-dereferences.  They're caused by a mistake
(basically a typo) in the patch for bug 617539.  What should have been
a NULL check in nsPluginInstanceOwner::IsRemoteDrawingCoreAnimation()
has been turned into its opposite:

This code was used

if (mInstance)
  return PR_FALSE;

where the following code should have been used

if (!mInstance)
  return PR_FALSE;

I'll post a patch shortly.
I've no idea why this bug happens only on OS X.
> I've no idea why this bug happens only on OS X.

Actually, nsPluginInstanceOwner::IsRemoteDrawingCoreAnimation() is only ever called on OS X.
Attached patch FixSplinter Review
Assignee: nobody → smichaud
Attachment #527037 - Flags: review?(benjamin)
Comment on attachment 527037 [details] [diff] [review]
Fix

This cannot have been a 2.0 branch topcrasher, if it was caused by the other bug which only landed for Firefox 5. But we do need this on aurora.
Attachment #527037 - Flags: review?(benjamin) → review+
> This cannot have been a 2.0 branch topcrasher, if it was caused by the other
> bug which only landed for Firefox 5. But we do need this on aurora.

You're right.  Sorry, I got my branches mixes up.
Depends on: 617539
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
So what happens next?

I suspect this fix should be pushed to aurora before the next
scheduled merge from mozilla-central.  Should I request approval?  Or
should I just wait for others to deal with it?
Yes, you should request approval, as noted in the dev-planning threads.
> Yes, you should request approval, as noted in the dev-planning
> threads.

Thanks.

I've read the thread at
http://groups.google.com/group/mozilla.dev.planning/browse_thread/thread/61efaf6a258cbb4c#.
But it was unclear to me who should initiate the approval process --
the developer (as has been the case up til now) or others.

You've told me that developers should continue to have the primary
responsibility for making approval requests.
Attachment #527037 - Flags: approval-mozilla-aurora?
Comment on attachment 527037 [details] [diff] [review]
Fix

approved for mozilla-aurora (from triage meeting)
Attachment #527037 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Blocks: 617539
No longer depends on: 617539
This crash no longer shows in trunk crash data.

On Aurora there are a few crashes with Build ID 20110420042005 but that build might not have picked up the fix.
Crash Signature: [@ nsObjectFrame::GetLayerState ]
You need to log in before you can comment on or make changes to this bug.