Closed Bug 678818 Opened 8 years ago Closed 8 years ago

"ASSERTION: Window still registered with device motion" and crash

Categories

(Core :: DOM: Events, defect, critical)

x86_64
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED
Tracking Status
firefox5 - wontfix
firefox6 - wontfix
firefox7 + fixed
firefox8 + fixed
firefox9 + fixed
status1.9.2 --- unaffected

People

(Reporter: jruderman, Assigned: dougt)

References

(Blocks 2 open bugs)

Details

(Keywords: assertion, crash, testcase, Whiteboard: [sg:critical?][qa-])

Crash Data

Attachments

(3 files)

Steps to reproduce:
1. Load the testcase.
2. Quit Firefox. (Or, close the tab and click the MP button in about:memory.)

Result: 

An assertion fails during GC:

###!!! ASSERTION: Window still registered with device motion.: '!mHasDeviceMotion', file dom/base/nsGlobalWindow.cpp, line 1039

Which is soon followed by:

Invalid read of freed memory [@ nsDeviceMotion::DeviceMotionChanged] in order to make a virtual function call.

(Beware: bp-4cdef108-d00e-4b39-8e21-d86152110813 makes it look like a null deref, but it is actually a more serious bug.)
Attached file stack traces
Attached patch patch v.1Splinter Review
We are starting up the device motion after Cleanup() is called.  This patch ensure that the device motion is disabled during the global window destructor.
Assignee: nobody → doug.turner
Attachment #553001 - Flags: review?(jst)
Attachment #553001 - Flags: review?(jst) → review+
Attachment #553001 - Flags: approval-mozilla-beta?
Attachment #553001 - Flags: approval-mozilla-aurora?
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Comment on attachment 553001 [details] [diff] [review]
patch v.1

Approved for Aurora (Update 8) and Beta (Update 7.) Please land it as soon as possible.
Attachment #553001 - Flags: approval-mozilla-beta?
Attachment #553001 - Flags: approval-mozilla-beta+
Attachment #553001 - Flags: approval-mozilla-aurora?
Attachment #553001 - Flags: approval-mozilla-aurora+
Doug, can you merge this fix to beta? Probably some silly context differences that causes it not to apply... And we're running out of time for 7...
qa- as no QA fix verification needed
Whiteboard: [sg:critical?] → [sg:critical?][qa-]
Group: core-security
You need to log in before you can comment on or make changes to this bug.