This bug was filed from the Socorro interface and is report bp-c670b2ce-6aec-465f-a51e-41a1b2111103 . ============================================================= can't reproduce for now. what i remembered happend : i was visiting glenat.fr and clicked a link on the front page while it was loading i realized i had not clicked the one i wanted tried to click the android back button and then the awsome bar that's when it crashed
I
I can reproduce this by rapidly taping on links at www.androidcentral.com 20111104074346 http://hg.mozilla.org/projects/birch/rev/6eeeae97b14d bp-538d287c-cba9-4721-a3b5-1cda62111104
From Socorro: Frame Module Signature [Expand] Source 0 libxul.so nsEventStateManager::FillInEventFromGestureDown content/events/src/nsEventStateManager.cpp:2011 1 libxul.so nsEventStateManager::FireContextClick content/events/src/nsEventStateManager.cpp:1912 2 libxul.so nsEventStateManager::sClickHoldCallback content/events/src/nsEventStateManager.cpp:1806 3 libxul.so nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:424 4 libxul.so nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:520 5 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:631 6 libxul.so NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:245 7 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110 8 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:208 9 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:201 10 libxul.so nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:189 11 libxul.so nsAppStartup::Run toolkit/components/startup/nsAppStartup.cpp:228 12 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp:3547 13 libxul.so Java_org_mozilla_gecko_GeckoAppShell_nativeRun toolkit/xre/nsAndroidStartup.cpp:139 14 libmozutils.so Java_org_mozilla_gecko_GeckoAppShell_nativeRun other-licenses/android/APKOpen.cpp:232 15 libdvm.so dvmPlatformInvoke 16 libdvm.so dvmCallJNIMethod_general 17 libdvm.so dvmResolveNativeMethod 18 libdvm.so dvmAsmSisterStart 19 libdvm.so dvmMterpStd 20 libdvm.so dvmInterpret 21 libdvm.so dvmCallMethodV 22 libdvm.so dvmCallMethod 23 libdvm.so dvmAttachCurrentThread 24 libc.so __thread_entry 25 libc.so pthread_create Show/hide other threads
Last log outputs in the relevant crashes: I/PRLog (16891): 2839792[46f0d080]: UpdateFilter: smoothSlack = -67.2812, filterLength = 32 I/PRLog (16891): 2839792[46f0d080]: ###!!! ASSERTION: You can't dereference a NULL nsCOMPtr with operator->().: 'mRawPtr != 0', file ../../dist/include/nsCOMPtr.h, line 849 I/Gecko (16891): ###!!! ASSERTION: You can't dereference a NULL nsCOMPtr with operator->().: 'mRawPtr != 0', file ../../dist/include/nsCOMPtr.h, line 849 I/PRLog (17171): 3041120[47e0d080]: THRD(47e42080) ProcessNextEvent [0 0] I/PRLog (17171): 3041120[47e0d080]: THRD(47e42080) running [4b42e030] I/PRLog (17171): 3041120[47e0d080]: THRD(47e42080) ProcessNextEvent [0 0] I/PRLog (17171): 3041120[47e0d080]: THRD(47e42080) running [4b42e0c0] I/PRLog (17171): 3041120[47e0d080]: THRD(47e42080) ProcessNextEvent [0 0] I/PRLog (17171): 3041120[47e0d080]: THRD(47e42080) running [4b42e130] I/PRLog (17171): 3041120[47e0d080]: THRD(47e42080) ProcessNextEvent [0 0] I/PRLog (17171): 3041120[47e0d080]: THRD(47e42080) running [4ad08a90] I/PRLog (17171): 3041120[47e0d080]: nsComponentManager: CreateInstanceByContractID(@mozilla.org/supports-PRUint64;1) succeeded I/PRLog (17171): 3041120[47e0d080]: nsObserverService::NotifyObservers(inner-window-destroyed) I/PRLog (17171): 3041120[47e0d080]: THRD(47e42080) ProcessNextEvent [0 0] I/PRLog (17171): 3041120[47e0d080]: THRD(47e42080) running [4a35b840] I/PRLog (17171): 3041120[47e0d080]: THRD(47e42080) ProcessNextEvent [0 0] I/PRLog (17171): 3041120[47e0d080]: THRD(47e42080) running [4a3e1860] I/PRLog (17171): 3041120[47e0d080]: [this=4a3e1860] time between PostTimerEvent() and Fire(): 1904.000000ms I/PRLog (17171): 3041120[47e0d080]: [this=49a679c0] expected delay time 500ms I/PRLog (17171): 3041120[47e0d080]: [this=49a679c0] actual delay time 2352.000000ms I/PRLog (17171): 3041120[47e0d080]: [this=49a679c0] (mType is 0) ------- I/PRLog (17171): 3041120[47e0d080]: [this=49a679c0] delta 1852ms I/PRLog (17171): 3041120[47e0d080]: UpdateFilter: smoothSlack = -51.0625, filterLength = 32 I/PRLog (17171): 3041120[47e0d080]: ###!!! ASSERTION: You can't dereference a NULL nsCOMPtr with operator->().: 'mRawPtr != 0', file ../../dist/include/nsCOMPtr.h, line 849 I/Gecko (17171): ###!!! ASSERTION: You can't dereference a NULL nsCOMPtr with operator->().: 'mRawPtr != 0', file ../../dist/include/nsCOMPtr.h, line 849
http://hg.mozilla.org/projects/birch/annotate/f3eea1384f14/content/events/src/nsEventStateManager.cpp#l1906 GetNearestWidget() is failing.
What seems to happen is that on MOUSE_BUTTON_DOWN, a Timer is started to determine whether the click is potentially a drag or "popup context menu" event. It also tracks the widget where the mouse went down. After the mousedown has lasted more than 500ms, a context menu click is inferred, and the code tries to figure out what to pop up a context menu for. It does this by investigating mPresContext->GetPrimaryFrameFor(mGestureDownContent) for the closest Widget. However, both that and it's parent are empty and don't contain any widgets. The code doesn't handle this null case and breaks. I'd think this happens if you start a MOUSE_BUTTON_DOWN while the page is loading or being closed. I can detect the "no widgets" case and bail out easily enough, but someone familiar with nsEventStateManager.cpp should comment if that's acceptable or if there's something else wrong that should be fixed instead.
(In reply to Gian-Carlo Pascutto (:gcp) from comment #6) > It does this > by investigating mPresContext->GetPrimaryFrameFor(mGestureDownContent) for > the closest Widget. However, both that and it's parent are empty and don't > contain any widgets. What "that"? > I can detect the "no widgets" case and bail out easily enough, but someone > familiar with nsEventStateManager.cpp should comment if that's acceptable or > if there's something else wrong that should be fixed instead. Sounds ok
>However, both that and it's parent are empty >What "that" nsView* mCurrentTarget. This gets walked up through all parents and checked for any existing Widgets (view/src/nsView.cpp, around line 1100).
http://hg.mozilla.org/projects/birch/rev/65f78c4b804b This added context menu handling inside Java/Android to Native Fennec, so the code here probably shouldn't even run. Will disable the relevant prefs and test.
Created attachment 574830 [details] [diff] [review] Patch 1. Disable Gekco handling of click_hold.
Comment on attachment 574830 [details] [diff] [review] Patch 1. Disable Gekco handling of click_hold. >+/* Android has its own click_hold detection */ >+#ifndef ANDROID > /* use long press to display a context menu */ > pref("ui.click_hold_context_menus", true); >+#endif You can just remove the preference. No need for the #ifndef
http://hg.mozilla.org/projects/birch/rev/426690602cd5
Samsung Nexus S (Android 2.3.6) 20111116054452 http://hg.mozilla.org/projects/birch/rev/426690602cd5
or
