Closed Bug 704456 Opened 8 years ago Closed 8 years ago
.7] Crash in __-[Child View maybe Track Scroll Event As Swipe:scroll Overflow:]_block _invoke _1
It's #3 top crasher on Mac OX X in 9.0b2, #13 in 10.0a2, and #14 in 11.0a1. It happens only with Mac OS X 10.7. Signature __-[ChildView maybeTrackScrollEventAsSwipe:scrollOverflow:]_block_invoke_1 UUID 947c6e73-0e48-42e3-9391-cfe3a2111121 Date Processed 2011-11-21 17:10:09.155660 Uptime 1453 Last Crash more than 3 months before submission Install Age 3.3 days since version was first installed. Install Time 2011-11-18 18:43:36 Product Firefox Version 9.0 Build ID 20111116091359 Release Channel beta OS Mac OS X OS Version 10.7.2 11C74 Build Architecture amd64 Build Architecture Info family 6 model 23 stepping 10 Crash Reason EXC_BAD_ACCESS / KERN_INVALID_ADDRESS Crash Address 0x0 App Notes Renderers: 0x22600,0x20400GL Context? GL Context+ GL Layers? GL Layers+ EMCheckCompatibility True Frame Module Signature [Expand] Source 0 XUL __-[ChildView maybeTrackScrollEventAsSwipe:scrollOverflow:]_block_invoke_1 widget/src/cocoa/nsChildView.mm:3116 1 AppKit AppKit@0x3f7ef5 2 libsystem_c.dylib libsystem_c.dylib@0xa115c 3 libobjc.A.dylib objc::DenseMap<objc_object*, unsigned long, true, objc::DenseMapInfo<objc_object*>, objc::DenseMapInfo<unsigned long> >::FindAndConstruct 4 libobjc.A.dylib _objc_rootRetain 5 CoreFoundation CoreFoundation@0x31008 6 CoreFoundation CoreFoundation@0x4b44e 7 libsystem_c.dylib libsystem_c.dylib@0x4d46f 8 libsystem_c.dylib libsystem_c.dylib@0x4d6aa 9 AppKit AppKit@0x98b75f 10 Foundation Foundation@0xa58a 11 Foundation Foundation@0xa2c6 12 CoreFoundation CoreFoundation@0x312e4 13 AppKit AppKit@0x6fe37 14 AppKit AppKit@0x6d6af 15 AppKit AppKit@0x6e0f6 16 AppKit AppKit@0x3f5156 17 libobjc.A.dylib objc::DenseMap<objc_object*, unsigned long, true, objc::DenseMapInfo<objc_object*>, objc::DenseMapInfo<unsigned long> >::FindAndConstruct 18 libobjc.A.dylib _objc_rootRetain 19 CoreFoundation CoreFoundation@0x31008 20 AppKit AppKit@0x6dd1b 21 AppKit AppKit@0x9064 More reports at: https://crash-stats.mozilla.com/report/list?signature=__-[ChildView%20maybeTrackScrollEventAsSwipe%3AscrollOverflow%3A]_block_invoke_1
We seem to be dereferencing a null pointer in mGeckoChild. I need to add a null check. I'll post a patch shortly. Thanks for noticing this. It needs to be fixed before it gets into a release.
On the branches that have this bug (9 and up), this is currently the #11 Mac topcrasher.
Here's a fix for these crashes. I've already encountered them (and fixed them) at bug 698761, where my work on Chrome-style swipe animation made them easier to reproduce. See bug 698761 comment #22 and bug 698761 comment #23.
Attachment #576224 - Flags: review?(mstange)
Attachment #576224 - Flags: review?(mstange) → review+
Landed on mozilla-inbound: http://hg.mozilla.org/integration/mozilla-inbound/rev/2edff46b93f6
Comment on attachment 576224 [details] [diff] [review] Fix This is a trivial fix for what could become a topcrasher, if it gets into a release.
Comment on attachment 576224 [details] [diff] [review] Fix Get it landed soon please, thanks!
Comment on attachment 576224 [details] [diff] [review] Fix Landed on mozilla-aurora: http://hg.mozilla.org/releases/mozilla-aurora/rev/c9328943fc9e
Comment on attachment 576224 [details] [diff] [review] Fix Landed on mozilla-beta: http://hg.mozilla.org/releases/mozilla-beta/rev/c5ecaaed936d
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla11
This could have caused a perf regression. Please have a look at dev.tree-management: > Talos Regression :( Tp5 MozAfterPaint (Private Bytes) increase 2.73% on Linux Firefox-Non-PGO > Talos Regression :( Tp5 MozAfterPaint (Private Bytes) increase 2.61% on Linux x64 Firefox-Non-PGO
(In reply to comment #10) Nope, it couldn't have: This patch is Mac-only.
This looks good on trunk - I see no crashes after 20111122042008 build.
http://bit.ly/tCoxdN Verified based on crash reports. No crashes occurred since the fix landed on all channels (last crash build 2011112200)
You need to log in before you can comment on or make changes to this bug.