Closed
Bug 678818
Opened 14 years ago
Closed 14 years ago
"ASSERTION: Window still registered with device motion" and crash
Categories
(Core :: DOM: Events, defect)
Tracking
()
People
(Reporter: jruderman, Assigned: dougt)
Details
(Keywords: assertion, crash, testcase, Whiteboard: [sg:critical?][qa-])
Crash Data
Attachments
(3 files)
|
331 bytes,
text/html
|
Details | |
|
4.19 KB,
text/plain
|
Details | |
|
1.57 KB,
patch
|
jst
:
review+
blizzard
:
approval-mozilla-aurora+
blizzard
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
Steps to reproduce:
1. Load the testcase.
2. Quit Firefox. (Or, close the tab and click the MP button in about:memory.)
Result:
An assertion fails during GC:
###!!! ASSERTION: Window still registered with device motion.: '!mHasDeviceMotion', file dom/base/nsGlobalWindow.cpp, line 1039
Which is soon followed by:
Invalid read of freed memory [@ nsDeviceMotion::DeviceMotionChanged] in order to make a virtual function call.
(Beware: bp-4cdef108-d00e-4b39-8e21-d86152110813 makes it look like a null deref, but it is actually a more serious bug.)
|
Reporter | |
Comment 1•14 years ago
|
||
|
Assignee | |
Comment 2•14 years ago
|
||
We are starting up the device motion after Cleanup() is called. This patch ensure that the device motion is disabled during the global window destructor.
Assignee: nobody → doug.turner
|
|
Assignee | |
Updated•14 years ago
|
Attachment #553001 -
Flags: review?(jst)
|
||
Updated•14 years ago
|
status-firefox5:
--- → wontfix
status-firefox6:
--- → wontfix
status-firefox7:
--- → affected
status-firefox8:
--- → affected
status-firefox9:
--- → affected
tracking-firefox5:
--- → -
tracking-firefox6:
--- → -
tracking-firefox7:
--- → +
tracking-firefox8:
--- → +
tracking-firefox9:
--- → +
|
|
||
Updated•14 years ago
|
Attachment #553001 -
Flags: review?(jst) → review+
|
|
Assignee | |
Comment 3•14 years ago
|
||
|
|
Assignee | |
Comment 4•14 years ago
|
||
|
|
Assignee | |
Updated•14 years ago
|
Attachment #553001 -
Flags: approval-mozilla-beta?
Attachment #553001 -
Flags: approval-mozilla-aurora?
|
|
Assignee | |
Updated•14 years ago
|
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
||
Comment 5•14 years ago
|
||
Comment on attachment 553001 [details] [diff] [review]
patch v.1
Approved for Aurora (Update 8) and Beta (Update 7.) Please land it as soon as possible.
Attachment #553001 -
Flags: approval-mozilla-beta?
Attachment #553001 -
Flags: approval-mozilla-beta+
Attachment #553001 -
Flags: approval-mozilla-aurora?
Attachment #553001 -
Flags: approval-mozilla-aurora+
http://hg.mozilla.org/releases/mozilla-aurora/rev/f717ca3b24e7
This patch doesn't apply to beta ...
|
|
||
Comment 7•14 years ago
|
||
Doug, can you merge this fix to beta? Probably some silly context differences that causes it not to apply... And we're running out of time for 7...
|
|
Assignee | |
Comment 8•14 years ago
|
||
|
||
Updated•14 years ago
|
status1.9.2:
--- → unaffected
qa- as no QA fix verification needed
Whiteboard: [sg:critical?] → [sg:critical?][qa-]
|
|
||
Updated•14 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•