Closed
Bug 678818
Opened 13 years ago
Closed 13 years ago
"ASSERTION: Window still registered with device motion" and crash
Categories
(Core :: DOM: Events, defect)
Tracking
()
People
(Reporter: jruderman, Assigned: dougt)
Details
(Keywords: assertion, crash, testcase, Whiteboard: [sg:critical?][qa-])
Crash Data
Attachments
(3 files)
331 bytes,
text/html
|
Details | |
4.19 KB,
text/plain
|
Details | |
1.57 KB,
patch
|
jst
:
review+
blizzard
:
approval-mozilla-aurora+
blizzard
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
Steps to reproduce: 1. Load the testcase. 2. Quit Firefox. (Or, close the tab and click the MP button in about:memory.) Result: An assertion fails during GC: ###!!! ASSERTION: Window still registered with device motion.: '!mHasDeviceMotion', file dom/base/nsGlobalWindow.cpp, line 1039 Which is soon followed by: Invalid read of freed memory [@ nsDeviceMotion::DeviceMotionChanged] in order to make a virtual function call. (Beware: bp-4cdef108-d00e-4b39-8e21-d86152110813 makes it look like a null deref, but it is actually a more serious bug.)
Reporter | ||
Comment 1•13 years ago
|
||
Assignee | ||
Comment 2•13 years ago
|
||
We are starting up the device motion after Cleanup() is called. This patch ensure that the device motion is disabled during the global window destructor.
Assignee: nobody → doug.turner
Assignee | ||
Updated•13 years ago
|
Attachment #553001 -
Flags: review?(jst)
Updated•13 years ago
|
status-firefox5:
--- → wontfix
status-firefox6:
--- → wontfix
status-firefox7:
--- → affected
status-firefox8:
--- → affected
status-firefox9:
--- → affected
tracking-firefox5:
--- → -
tracking-firefox6:
--- → -
tracking-firefox7:
--- → +
tracking-firefox8:
--- → +
tracking-firefox9:
--- → +
Updated•13 years ago
|
Attachment #553001 -
Flags: review?(jst) → review+
Assignee | ||
Comment 3•13 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/1ac35ad29f03
Assignee | ||
Comment 4•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/1ac35ad29f03
Assignee | ||
Updated•13 years ago
|
Attachment #553001 -
Flags: approval-mozilla-beta?
Attachment #553001 -
Flags: approval-mozilla-aurora?
Assignee | ||
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment 5•13 years ago
|
||
Comment on attachment 553001 [details] [diff] [review] patch v.1 Approved for Aurora (Update 8) and Beta (Update 7.) Please land it as soon as possible.
Attachment #553001 -
Flags: approval-mozilla-beta?
Attachment #553001 -
Flags: approval-mozilla-beta+
Attachment #553001 -
Flags: approval-mozilla-aurora?
Attachment #553001 -
Flags: approval-mozilla-aurora+
http://hg.mozilla.org/releases/mozilla-aurora/rev/f717ca3b24e7 This patch doesn't apply to beta ...
Comment 7•13 years ago
|
||
Doug, can you merge this fix to beta? Probably some silly context differences that causes it not to apply... And we're running out of time for 7...
Assignee | ||
Comment 8•13 years ago
|
||
http://hg.mozilla.org/releases/mozilla-beta/rev/69750db9e4fa
Updated•13 years ago
|
status1.9.2:
--- → unaffected
qa- as no QA fix verification needed
Whiteboard: [sg:critical?] → [sg:critical?][qa-]
Updated•12 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•