Closed
Bug 688208
Opened 13 years ago
Closed 13 years ago
nsWindow for Android doesn't check whether the instance is destroying or not after dispatching an event
Categories
(Core Graveyard :: Widget: Android, defect)
Tracking
(firefox8-, firefox9-, firefox10-, firefox11- fixed, firefox-esr1011+ fixed, status1.9.2 unaffected, fennec+)
RESOLVED
FIXED
mozilla11
People
(Reporter: masayuki, Assigned: kats)
Details
(Whiteboard: [sg:critical?][qa-])
Attachments
(2 files, 2 obsolete files)
875 bytes,
patch
|
kats
:
review+
kats
:
checkin+
|
Details | Diff | Splinter Review |
11.36 KB,
patch
|
kats
:
review+
kats
:
checkin+
|
Details | Diff | Splinter Review |
Android's nsWindow doesn't hold itself and doesn't check whether it's destroying or not after dispatching an event. I'm not sure that actually causes crash bugs. We should research it.
nsWindow might be destroyed by DOM event handler. Mac's widget has fixed this already but I'm not sure the detail and bug#. Steven probably knows the bug#.
I think nsWindow for Android should do:
+ nsRefPtr<nsWindow> kungFuDeathGrip(this);
DispatchEvent(event);
+ if (Destroyed()) {
+ return;
+ }
And:
nsWindow should set nsBaseWidget::mOnDestroyCalled to TRUE when it's destroying.
# It seems that nsBaseWidget::OnDestroy() should be called too...
Comment 1•13 years ago
|
||
Don't know enough about android to confirm this, but plausibly sg:critical based on analogy with other platforms.
Assignee: nobody → doug.turner
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [sg:critical?]
Updated•13 years ago
|
tracking-fennec: --- → ?
Updated•13 years ago
|
tracking-firefox8:
--- → -
tracking-firefox9:
--- → -
Updated•13 years ago
|
tracking-fennec: ? → +
Updated•13 years ago
|
Assignee: doug.turner → blassey.bugs
Updated•13 years ago
|
Assignee: blassey.bugs → kgupta
Assignee | ||
Comment 2•13 years ago
|
||
Bug 402505 is the one where this issue was happening on Mac. I tried the test cases from that bug on android and they didn't trigger any crashes. I'll keep investigating and try other ways to trigger the crash before concluding one way or another.
Assignee | ||
Comment 3•13 years ago
|
||
So I wasn't able to trigger the crash mostly because it seems impossible to close the window on Android. After discussing with blassey, it makes sense to fix this anyway since in the future it might be possible to close windows and this bug might show up. Will attach two patches (one for the missing nsBaseWidget::OnDestroy() call, and one for the kungFuDeathGrip stuff.
Assignee | ||
Comment 4•13 years ago
|
||
Assignee | ||
Comment 5•13 years ago
|
||
Sorry, forgot to check the patch box on the previous one.
Updated•13 years ago
|
Attachment #565374 -
Flags: review?(doug.turner)
Updated•13 years ago
|
Attachment #565375 -
Flags: review?(doug.turner)
Assignee | ||
Updated•13 years ago
|
Attachment #565374 -
Attachment is patch: true
Comment 6•13 years ago
|
||
kats, can you build a test case that opens two xul windows and programatically close them?
Updated•13 years ago
|
Attachment #565375 -
Flags: review?(doug.turner) → review?(mark.finkle)
Updated•13 years ago
|
Attachment #565374 -
Flags: review?(doug.turner) → review?(mark.finkle)
Updated•13 years ago
|
tracking-firefox10:
--- → -
tracking-firefox11:
--- → -
Updated•13 years ago
|
Attachment #565374 -
Flags: review?(mark.finkle) → review+
Comment 7•13 years ago
|
||
Comment on attachment 565375 [details] [diff] [review]
kungFu patch rev. 1
Each platform seems to handle these "check for destroyed after a DOM event" differently, but it looks like you have things covered here. Certainly better covered than before.
It's also true that we don't have really great ways to test these cases yet either.
Attachment #565375 -
Flags: review?(mark.finkle) → review+
Assignee | ||
Comment 8•13 years ago
|
||
Rebase to m-c tip and update patch so that it is an hg export with commit message rather than a raw diff.
Attachment #565374 -
Attachment is obsolete: true
Attachment #576226 -
Flags: review+
Assignee | ||
Comment 9•13 years ago
|
||
Rebase to m-c tip and update patch so that it is an hg export with commit message rather than a raw diff.
Attachment #565375 -
Attachment is obsolete: true
Attachment #576227 -
Flags: review+
Assignee | ||
Updated•13 years ago
|
Keywords: checkin-needed
Assignee | ||
Comment 10•13 years ago
|
||
Try push: https://tbpl.mozilla.org/?tree=Try&rev=a0ad3f7fac68
Pushed to mozilla-inbound:
https://hg.mozilla.org/integration/mozilla-inbound/rev/d34c48393e3b
https://hg.mozilla.org/integration/mozilla-inbound/rev/d10af1d1d985
Keywords: checkin-needed
Assignee | ||
Updated•13 years ago
|
Attachment #576226 -
Flags: checkin+
Assignee | ||
Updated•13 years ago
|
Attachment #576227 -
Flags: checkin+
Assignee | ||
Comment 11•13 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/d10af1d1d985
https://hg.mozilla.org/mozilla-central/rev/d34c48393e3b
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Updated•13 years ago
|
Target Milestone: --- → mozilla11
Updated•13 years ago
|
status-firefox11:
--- → fixed
Comment 12•13 years ago
|
||
Since we're shipping XUL Mobile "11" based on ESR so we will need to fix this one on the ESR in order to get this mobile-only security fix out to users.
status-firefox-esr10:
--- → affected
tracking-firefox-esr10:
--- → 11+
Comment 13•13 years ago
|
||
[Triage comment]
This bug is being tracked for landing on ESR branch. Please land patches on http://hg.mozilla.org/releases/mozilla-esr10/by Thursday March 1, 2012 in order to be ready for go-to-build on Friday March 2, 2012.
See https://wiki.mozilla.org/Release_Management/ESR_Landing_Process for more information.
Assignee | ||
Comment 14•13 years ago
|
||
Landed on the mozilla-esr10 repository:
https://hg.mozilla.org/releases/mozilla-esr10/rev/9d8331f4e43b
https://hg.mozilla.org/releases/mozilla-esr10/rev/4663a567d884
Comment 15•13 years ago
|
||
Did we create a way to test this fix? I see comments about doing so but that's it.
Assignee | ||
Comment 16•13 years ago
|
||
No, IIRC we couldn't find a way to test this behaviour properly.
Comment 18•13 years ago
|
||
Untracking from QA Firefox Desktop verifications
Whiteboard: [sg:critical?] → [sg:critical?][qa-]
Updated•13 years ago
|
Group: core-security
Updated•3 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•