Closed
Bug 704456
Opened 9 years ago
Closed 9 years ago
[10.7] Crash in __-[ChildView maybeTrackScrollEventAsSwipe:scrollOverflow:]_block_invoke_1
Categories
(Core :: Widget: Cocoa, defect)
Tracking
()
VERIFIED
FIXED
mozilla11
People
(Reporter: scoobidiver, Assigned: smichaud)
References
(Blocks 1 open bug)
Details
(Keywords: crash, verified-aurora, verified-beta, Whiteboard: [inbound][qa!])
Crash Data
Attachments
(1 file)
1.68 KB,
patch
|
mstange
:
review+
johnath
:
approval-mozilla-aurora+
johnath
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
It's #3 top crasher on Mac OX X in 9.0b2, #13 in 10.0a2, and #14 in 11.0a1. It happens only with Mac OS X 10.7. Signature __-[ChildView maybeTrackScrollEventAsSwipe:scrollOverflow:]_block_invoke_1 UUID 947c6e73-0e48-42e3-9391-cfe3a2111121 Date Processed 2011-11-21 17:10:09.155660 Uptime 1453 Last Crash more than 3 months before submission Install Age 3.3 days since version was first installed. Install Time 2011-11-18 18:43:36 Product Firefox Version 9.0 Build ID 20111116091359 Release Channel beta OS Mac OS X OS Version 10.7.2 11C74 Build Architecture amd64 Build Architecture Info family 6 model 23 stepping 10 Crash Reason EXC_BAD_ACCESS / KERN_INVALID_ADDRESS Crash Address 0x0 App Notes Renderers: 0x22600,0x20400GL Context? GL Context+ GL Layers? GL Layers+ EMCheckCompatibility True Frame Module Signature [Expand] Source 0 XUL __-[ChildView maybeTrackScrollEventAsSwipe:scrollOverflow:]_block_invoke_1 widget/src/cocoa/nsChildView.mm:3116 1 AppKit AppKit@0x3f7ef5 2 libsystem_c.dylib libsystem_c.dylib@0xa115c 3 libobjc.A.dylib objc::DenseMap<objc_object*, unsigned long, true, objc::DenseMapInfo<objc_object*>, objc::DenseMapInfo<unsigned long> >::FindAndConstruct 4 libobjc.A.dylib _objc_rootRetain 5 CoreFoundation CoreFoundation@0x31008 6 CoreFoundation CoreFoundation@0x4b44e 7 libsystem_c.dylib libsystem_c.dylib@0x4d46f 8 libsystem_c.dylib libsystem_c.dylib@0x4d6aa 9 AppKit AppKit@0x98b75f 10 Foundation Foundation@0xa58a 11 Foundation Foundation@0xa2c6 12 CoreFoundation CoreFoundation@0x312e4 13 AppKit AppKit@0x6fe37 14 AppKit AppKit@0x6d6af 15 AppKit AppKit@0x6e0f6 16 AppKit AppKit@0x3f5156 17 libobjc.A.dylib objc::DenseMap<objc_object*, unsigned long, true, objc::DenseMapInfo<objc_object*>, objc::DenseMapInfo<unsigned long> >::FindAndConstruct 18 libobjc.A.dylib _objc_rootRetain 19 CoreFoundation CoreFoundation@0x31008 20 AppKit AppKit@0x6dd1b 21 AppKit AppKit@0x9064 More reports at: https://crash-stats.mozilla.com/report/list?signature=__-[ChildView%20maybeTrackScrollEventAsSwipe%3AscrollOverflow%3A]_block_invoke_1
Assignee | ||
Comment 1•9 years ago
|
||
We seem to be dereferencing a null pointer in mGeckoChild. I need to add a null check. I'll post a patch shortly. Thanks for noticing this. It needs to be fixed before it gets into a release.
Assignee | ||
Comment 2•9 years ago
|
||
On the branches that have this bug (9 and up), this is currently the #11 Mac topcrasher.
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → smichaud
tracking-firefox9:
--- → ?
Assignee | ||
Comment 3•9 years ago
|
||
Here's a fix for these crashes. I've already encountered them (and fixed them) at bug 698761, where my work on Chrome-style swipe animation made them easier to reproduce. See bug 698761 comment #22 and bug 698761 comment #23.
Attachment #576224 -
Flags: review?(mstange)
Updated•9 years ago
|
Attachment #576224 -
Flags: review?(mstange) → review+
Assignee | ||
Comment 4•9 years ago
|
||
Landed on mozilla-inbound: http://hg.mozilla.org/integration/mozilla-inbound/rev/2edff46b93f6
Whiteboard: [inbound]
Assignee | ||
Comment 5•9 years ago
|
||
Comment on attachment 576224 [details] [diff] [review] Fix This is a trivial fix for what could become a topcrasher, if it gets into a release.
Attachment #576224 -
Flags: approval-mozilla-beta?
Attachment #576224 -
Flags: approval-mozilla-aurora?
Comment 6•9 years ago
|
||
Comment on attachment 576224 [details] [diff] [review] Fix Get it landed soon please, thanks!
Attachment #576224 -
Flags: approval-mozilla-beta?
Attachment #576224 -
Flags: approval-mozilla-beta+
Attachment #576224 -
Flags: approval-mozilla-aurora?
Attachment #576224 -
Flags: approval-mozilla-aurora+
Assignee | ||
Comment 7•9 years ago
|
||
Comment on attachment 576224 [details] [diff] [review] Fix Landed on mozilla-aurora: http://hg.mozilla.org/releases/mozilla-aurora/rev/c9328943fc9e
Assignee | ||
Updated•9 years ago
|
status-firefox10:
--- → fixed
Assignee | ||
Comment 8•9 years ago
|
||
Comment on attachment 576224 [details] [diff] [review] Fix Landed on mozilla-beta: http://hg.mozilla.org/releases/mozilla-beta/rev/c5ecaaed936d
Assignee | ||
Updated•9 years ago
|
status-firefox9:
--- → fixed
Comment 9•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/2edff46b93f6
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla11
Comment 10•9 years ago
|
||
This could have caused a perf regression. Please have a look at dev.tree-management:
> Talos Regression :( Tp5 MozAfterPaint (Private Bytes) increase 2.73% on Linux Firefox-Non-PGO
> Talos Regression :( Tp5 MozAfterPaint (Private Bytes) increase 2.61% on Linux x64 Firefox-Non-PGO
Assignee | ||
Comment 11•9 years ago
|
||
(In reply to comment #10) Nope, it couldn't have: This patch is Mac-only.
Comment 12•9 years ago
|
||
This looks good on trunk - I see no crashes after 20111122042008 build.
Comment 13•9 years ago
|
||
http://bit.ly/tCoxdN Verified based on crash reports. No crashes occurred since the fix landed on all channels (last crash build 2011112200)
Status: RESOLVED → VERIFIED
Keywords: verified-aurora,
verified-beta
Whiteboard: [inbound][qa+] → [inbound][qa!]
Updated•9 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•