Closed
Bug 750051
Opened 12 years ago
Closed 12 years ago
crash in TouchBadMemory using window.find()
Categories
(Firefox for Android Graveyard :: General, defect)
Tracking
(firefox14 fixed, blocking-fennec1.0 +)
VERIFIED
FIXED
Firefox 15
People
(Reporter: martijn.martijn, Assigned: mbrubeck)
References
(Depends on 1 open bug, )
Details
(Keywords: crash, regression, testcase, Whiteboard: [native-crash])
Crash Data
Attachments
(1 file)
|
3.71 KB,
patch
|
jst
:
review+
mfinkle
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
Window.find doesn't seem to cause bug 707385 anymore, instead, it's crashing Fennec. See url and tap on the Window.find() button to get the crash. Tested on the Samsung Galaxy Nexus. This bug was filed from the Socorro interface and is report bp-dceb7ae5-acd6-4cfa-af2a-a87822120429 . ============================================================= 0 libmozalloc.so TouchBadMemory memory/mozalloc/mozalloc_abort.cpp:68 1 libmozalloc.so mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:89 2 libmozalloc.so moz_xmalloc memory/mozalloc/mozalloc.cpp:89 3 libxul.so nsWindow::DrawTo mozalloc.h:229 4 libxul.so nsWindow::DrawTo widget/android/nsWindow.cpp:1084 5 libxul.so nsWindow::OnDraw widget/android/nsWindow.cpp:1133 6 libxul.so nsWindow::OnGlobalAndroidEvent widget/android/nsWindow.cpp:898 7 libxul.so nsAppShell::ProcessNextNativeEvent widget/android/nsAppShell.cpp:574 8 libxul.so nsBaseAppShell::DoProcessNextNativeEvent widget/xpwidgets/nsBaseAppShell.cpp:171 9 libxul.so nsBaseAppShell::OnProcessNextEvent widget/xpwidgets/nsBaseAppShell.cpp:306 10 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:618 11 libxul.so NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:245 12 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110 13 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:208 14 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:201 15 libxul.so nsBaseAppShell::Run widget/xpwidgets/nsBaseAppShell.cpp:189 16 libxul.so nsAppStartup::Run toolkit/components/startup/nsAppStartup.cpp:295 17 libxul.so XREMain::XRE_mainRun toolkit/xre/nsAppRunner.cpp:3780 18 libxul.so XREMain::XRE_main toolkit/xre/nsAppRunner.cpp:3857 19 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp:3933 20 libxul.so GeckoStart toolkit/xre/nsAndroidStartup.cpp:109
|
||
Updated•12 years ago
|
|
||
Comment 2•12 years ago
|
||
I suspect we never implemented window.find() for Android. It sure looks like we're creating an unaccelerated window using base xpwidgets: adb| nsWindow[0x64a42380]::Create 0x60d22e00 [0 0 1 1] adb| AndroidBridge::GetDPI adb| AndroidBridge::GetDPI adb| nsWindow[0x64a42680]::Create 0x0 [0 0 1 1] adb| AndroidBridge::GetDPI adb| nsWindow[0x64a42680]::Show 0 adb| AndroidBridge::GetDPI adb| nsWindow[0x64a42800]::Create 0x0 [0 0 1 1] adb| AndroidBridge::GetDPI adb| nsWindow[0x64a42800]::Show 0 adb| AndroidBridge::PerformHapticFeedback adb| nsWindow[0x60d22e00]::DrawTo child 1[0x64a42380] returned FALSE! adb| nsWindow 0x64a42680 destructor adb| nsWindow[0x64a42800]::Show 1 adb| nsWindow[0x60d22e00]::DrawTo child 1[0x64a42380] returned FALSE! adb| nsWindow[0x60d22e00]::DrawTo child 1[0x64a42380] returned FALSE! adb| AndroidBridge::GetDPI adb| nsWindow[0x64a42680]::Create 0x0 [0 0 1 1] adb| AndroidBridge::GetDPI adb| nsWindow[0x64a42680]::Show 0 adb| ###!!! ASSERTION: invalid default font returned by GetDefaultFont: 'defaultFont', file /home/joe/mozilla-central/gfx/thebes/gfxFont.cpp, line 2980 adb| nsWindow[0x64a42380]::Resize [0 0 360 95] (repaint 1) adb| nsWindow: 0x64a42380 OnSizeChanged [360 95] adb| nsWindow[0x64a42680]::Resize [0 0 360 95] (repaint 0) adb| nsWindow: 0x64a42680 OnSizeChanged [360 95] adb| nsWindow[0x64a42800]::Resize [0 0 360 95] (repaint 0) adb| nsWindow: 0x64a42800 OnSizeChanged [360 95] adb| AndroidBridge::EnableScreenOrientationNotifications adb| AndroidBridge::GetScreenOrientation adb| nsWindow 0x64a42800 destructor adb| nsWindow[0x64a42680]::Show 1 adb| nsWindow[0x64a42680]::Show 1 adb| nsWindow[0x64a42380]::Show 1 adb| nsWindow[0x64a42380]::Resize [0 0 720 1038] (repaint 0) adb| nsWindow: 0x64a42380 OnSizeChanged [720 1038] adb| nsWindow[0x64a42680]::Resize [0 0 720 1038] (repaint 0) adb| nsWindow: 0x64a42680 OnSizeChanged [720 1038] adb| nsWindow::SetFocus: can't set focus without raising, ignoring aRaise = false! adb| AndroidBridge::NotifyIME adb| WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0xC1F30001: file /home/joe/mozilla-central/layout/forms/nsTextControlFrame.cpp, line 377 adb| AndroidBridge::NotifyIMEChange adb| WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0xC1F30001: file /home/joe/mozilla-central/layout/forms/nsTextControlFrame.cpp, line 377 adb| AndroidBridge::NotifyIMEChange adb| AndroidBridge::NotifyIME adb| WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80040111: file /home/joe/mozilla-central/content/events/src/nsContentEventHandler.cpp, line 125 adb| WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80040111: file /home/joe/mozilla-central/content/events/src/nsContentEventHandler.cpp, line 125 adb| AndroidBridge::NotifyIMEEnabled adb| AndroidBridge::NotifyIMEChange adb| AndroidBridge::NotifyIMEChange adb| AndroidBridge::NotifyIME adb| WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80040111: file /home/joe/mozilla-central/content/events/src/nsContentEventHandler.cpp, line 125 adb| WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80040111: file /home/joe/mozilla-central/content/events/src/nsContentEventHandler.cpp, line 125 adb| AndroidBridge::NotifyIMEEnabled adb| nsWindow[0x64a42380]::Resize [0 0 720 1038] (repaint 0) adb| nsWindow: 0x64a42380 OnSizeChanged [720 1038] adb| nsWindow[0x64a42680]::Resize [0 0 720 1038] (repaint 0) adb| nsWindow: 0x64a42680 OnSizeChanged [720 1038] adb| nsWindow[0x60d22e00]::Resize [0 0 720 1038] (repaint 0) adb| ###!!! ASSERTION: nsScreenManagerAndroid not thread-safe: '_mOwningThread.GetThread() == PR_GetCurrentThread()', file /home/joe/mozilla-central/widget/android/nsScreenManagerAndroid.cp... adb| ###!!! ASSERTION: nsScreenManagerAndroid not thread-safe: '_mOwningThread.GetThread() == PR_GetCurrentThread()', file /home/joe/mozilla-central/widget/android/nsScreenManagerAndroid.cp... adb| ###!!! ASSERTION: nsScreenManagerAndroid not thread-safe: '_mOwningThread.GetThread() == PR_GetCurrentThread()', file /home/joe/mozilla-central/widget/android/nsScreenManagerAndroid.cp... adb| ###!!! ASSERTION: nsBaseScreen not thread-safe: '_mOwningThread.GetThread() == PR_GetCurrentThread()', file /home/joe/mozilla-central/widget/xpwidgets/nsBaseScreen.cpp, line 43 adb| ###!!! ASSERTION: nsBaseScreen not thread-safe: '_mOwningThread.GetThread() == PR_GetCurrentThread()', file /home/joe/mozilla-central/widget/xpwidgets/nsBaseScreen.cpp, line 43 adb| ###!!! ASSERTION: nsBaseScreen not thread-safe: '_mOwningThread.GetThread() == PR_GetCurrentThread()', file /home/joe/mozilla-central/widget/xpwidgets/nsBaseScreen.cpp, line 43 adb| ###!!! ASSERTION: nsBaseScreen not thread-safe: '_mOwningThread.GetThread() == PR_GetCurrentThread()', file /home/joe/mozilla-central/widget/xpwidgets/nsBaseScreen.cpp, line 43 adb| ###!!! ASSERTION: nsScreenManagerAndroid not thread-safe: '_mOwningThread.GetThread() == PR_GetCurrentThread()', file /home/joe/mozilla-central/widget/android/nsScreenManagerAndroid.cp... adb| AndroidBridge::RegisterCompositor adb| EGL Config: 20 [0x14] adb| BUFFER_SIZE: 16 (0x0010) adb| ALPHA_SIZE: 0 (0x0000) adb| BLUE_SIZE: 5 (0x0005) adb| GREEN_SIZE: 6 (0x0006) adb| RED_SIZE: 5 (0x0005) adb| DEPTH_SIZE: 0 (0x0000) adb| STENCIL_SIZE: 0 (0x0000) adb| CONFIG_CAVEAT: 12344 (0x3038) adb| CONFIG_ID: 21 (0x0015) adb| LEVEL: 0 (0x0000) adb| MAX_PBUFFER_HEIGHT: 2048 (0x0800) adb| MAX_PBUFFER_PIXELS: 4194304 (0x400000) adb| MAX_PBUFFER_WIDTH: 2048 (0x0800) adb| NATIVE_RENDERABLE: 0 (0x0000) adb| NATIVE_VISUAL_ID: 4 (0x0004) adb| NATIVE_VISUAL_TYPE: 0 (0x0000) adb| PRESERVED_RESOURCES: -1 (0xffffffff) adb| SAMPLES: 0 (0x0000) adb| SAMPLE_BUFFERS: 0 (0x0000) adb| SURFACE_TYPE: 5 (0x0005) adb| TRANSPARENT_TYPE: 12344 (0x3038) adb| TRANSPARENT_RED_VALUE: 0 (0x0000) adb| TRANSPARENT_GREEN_VALUE: 0 (0x0000) adb| TRANSPARENT_BLUE_VALUE: 0 (0x0000) adb| BIND_TO_TEXTURE_RGB: 1 (0x0001) adb| BIND_TO_TEXTURE_RGBA: 0 (0x0000) adb| MIN_SWAP_INTERVAL: 0 (0x0000) adb| MAX_SWAP_INTERVAL: 5 (0x0005) adb| LUMINANCE_SIZE: 0 (0x0000) adb| ALPHA_MASK_SIZE: 0 (0x0000) adb| COLOR_BUFFER_TYPE: 12430 (0x308e) adb| RENDERABLE_TYPE: 4 (0x0004) adb| CONFORMANT: 4 (0x0004) adb| Initializing context 0x24b00f8 surface 0x4177b9a8 on display 0x1 adb| ###!!! ASSERTION: Failed to make GL context current!: 'succeeded', file /home/joe/mozilla-central/gfx/gl/GLContextProviderEGL.cpp, line 463 adb| ###!!! ASSERTION: GfxInfoBase not thread-safe: '_mOwningThread.GetThread() == PR_GetCurrentThread()', file /home/joe/mozilla-central/widget/xpwidgets/GfxInfoBase.cpp, line 180 adb| ###!!! ASSERTION: GfxInfoBase not thread-safe: '_mOwningThread.GetThread() == PR_GetCurrentThread()', file /home/joe/mozilla-central/widget/xpwidgets/GfxInfoBase.cpp, line 180 adb| ###!!! ASSERTION: GfxInfoBase not thread-safe: '_mOwningThread.GetThread() == PR_GetCurrentThread()', file /home/joe/mozilla-central/widget/xpwidgets/GfxInfoBase.cpp, line 180 adb| ###!!! ASSERTION: GfxInfoBase not thread-safe: '_mOwningThread.GetThread() == PR_GetCurrentThread()', file /home/joe/mozilla-central/widget/xpwidgets/GfxInfoBase.cpp, line 180 adb| Destroying context 0x24b00f8 surface 0x4177b9a8 on display 0x1 adb| == GLContext 0x64a56000 == adb| Outstanding Textures: adb| [0x64a56400 - live] adb| 70001 adb| 7770111 adb| 7840112 adb| 8820126 adb| 8890127 adb| 8960128 adb| 9030129 adb| 9100130 adb| 9170131 adb| 9240132 adb| 9310133 adb| 9380134 adb| 9450135 adb| 9520136 adb| 9590137 adb| 9660138 adb| 9730139 adb| 9800140 adb| 9870141 adb| 9940142 adb| 10010143 adb| 10080144 adb| 10150145 adb| 10220146 adb| 10290147 adb| 10360148 adb| 10430149 adb| 10500150 adb| 10570151 adb| 10640152 adb| 10710153 adb| 10780154 adb| 10850155 adb| 10920156 adb| 10990157 adb| 11060158 adb| adb| Outstanding Buffers: adb| [0x64a56400 - live] adb| 70001 adb| adb| Outstanding Programs: adb| [0x64a56400 - live] adb| 210003 adb| 420006 adb| 630009 adb| 840012 adb| 1050015 adb| 1260018 adb| 1470021 adb| 1680024 adb| 1890027 adb| 2100030 adb| 2310033 adb| adb| Outstanding Shaders: adb| adb| Outstanding Framebuffers: adb| adb| Outstanding Renderbuffers: adb| adb| WARNING: Failed to create LayerManagerOGL context: file /home/joe/mozilla-central/gfx/layers/opengl/LayerManagerOGL.cpp, line 179 adb| ###!!! ASSERTION: Failed to init OGL Layers: 'Error', file /home/joe/mozilla-central/gfx/layers/ipc/CompositorParent.cpp, line 419 adb| WARNING: fail to construct LayersChild: file /home/joe/mozilla-central/widget/xpwidgets/nsBaseWidget.cpp, line 899 adb| ###!!! ASSERTION: LayerManager not thread-safe: '_mOwningThread.GetThread() == PR_GetCurrentThread()', file ../../dist/include/Layers.h, line 278 adb| WARNING: OpenGL-accelerated layers are not supported on this system.: file /home/joe/mozilla-central/widget/xpwidgets/nsBaseWidget.cpp, line 862 adb| -- creating basic, not accelerated adb| nsWindow[0x64a42380]::Resize [0 0 720 514] (repaint 0) adb| nsWindow: 0x64a42380 OnSizeChanged [720 514] adb| nsWindow[0x64a42680]::Resize [0 0 720 514] (repaint 0) adb| nsWindow: 0x64a42680 OnSizeChanged [720 514] adb| nsWindow[0x60d22e00]::Resize [0 0 720 514] (repaint 0) adb| nsWindow: 0x60d22e00 OnSizeChanged [720 514] adb| nsWindow[0x60d23400]::Resize [0 0 720 514] (repaint 0) adb| nsWindow: 0x60d23400 OnSizeChanged [720 514] adb| void mozilla::AndroidBridge::HandleGeckoMessage(const nsAString_internal&, nsAString_internal&) adb| leaving void mozilla::AndroidBridge::HandleGeckoMessage(const nsAString_internal&, nsAString_internal&) adb| void mozilla::AndroidBridge::HandleGeckoMessage(const nsAString_internal&, nsAString_internal&) adb| leaving void mozilla::AndroidBridge::HandleGeckoMessage(const nsAString_internal&, nsAString_internal&) adb| void mozilla::AndroidBridge::HandleGeckoMessage(const nsAString_internal&, nsAString_internal&) adb| leaving void mozilla::AndroidBridge::HandleGeckoMessage(const nsAString_internal&, nsAString_internal&) adb| WARNING: We don't support transparent content with displayports, force it to be opqaue: file /home/joe/mozilla-central/layout/base/nsDisplayList.cpp, line 647
|
|
||
Comment 3•12 years ago
|
||
(Couldn't reproduce the abort, though perhaps it's dependent on something else.)
|
Reporter | |
Comment 4•12 years ago
|
||
Yes, window.find() was never working well in Native Fennec, see bug 707385, it should be disabled for now.
|
||
Comment 5•12 years ago
|
||
Matt - Let's stub this out like you did for window.print()
Assignee: joe → mbrubeck
blocking-fennec1.0: ? → +
|
|
Reporter | |
Comment 6•12 years ago
|
||
Still crashes in current trunk build on the Samsung Galaxy Nexus, it doesn't seem to crash on the HTC Desire HD.
|
Assignee | |
Comment 7•12 years ago
|
||
This disables window.find in Fennec for now, just like bug 739038 and bug 735237. I will also file follow-up bugs to fix/implement these things for real on Android, though it sounds like window.find might be going away everywhere in the long term (bug 672395).
Attachment #620729 -
Flags: review?(jst)
|
||
Updated•12 years ago
|
Attachment #620729 -
Flags: review?(jst) → review+
|
|
Assignee | |
Comment 8•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/55888632fa91
Blocks: 707385
Status: NEW → RESOLVED
Closed: 12 years ago
status-firefox14:
--- → affected
Depends on: 672395
Resolution: --- → FIXED
Target Milestone: --- → Firefox 15
|
|
Assignee | |
Comment 9•12 years ago
|
||
Comment on attachment 620729 [details] [diff] [review] disable window.find in fennec [Approval Request Comment] User impact if declined: Web content can crash or break Fennec by calling window.find(). Testing completed (on m-c, etc.): Patch includes an automated test; landed on m-c. Risk to taking this patch (and alternatives if risky): Very low-risk patch that adds a check for a preference which is only set in Android fennec; no change in behavior on desktop. String changes made by this patch: None.
Attachment #620729 -
Flags: approval-mozilla-aurora?
|
|
||
Updated•12 years ago
|
Attachment #620729 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
Assignee | |
Comment 10•12 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/1e9bd0060de7
|
|
Reporter | |
Comment 11•12 years ago
|
||
I guess this makes it also impossible to use window.find('text') cases where no dialog is needed for.
Verified Desire HD, Aurora , 5/11/2012 build
Status: RESOLVED → VERIFIED
|
||
Updated•3 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•