Closed
Bug 845234
Opened 13 years ago
Closed 13 years ago
crash in mozilla::image::VectorImage::CancelAllListeners
Categories
(Core :: Graphics: ImageLib, defect)
Tracking
()
RESOLVED
FIXED
mozilla22
| Tracking | Status | |
|---|---|---|
| firefox21 | --- | unaffected |
| firefox22 | --- | fixed |
People
(Reporter: scoobidiver, Assigned: seth)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
1.84 KB,
patch
|
dholbert
:
review+
|
Details | Diff | Splinter Review |
It first showed up in 22.0a1/20130221072044 and is #18 top browser crasher in 22.0a1. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=401b967b2dfc&tochange=702d2814efbf
It's likely a regression from bug 704059.
Signature mozilla::image::VectorImage::CancelAllListeners() More Reports Search
UUID e098583a-65d8-43f0-b2c3-953262130226
Date Processed 2013-02-26 09:07:18
Uptime 62
Last Crash 1.1 minutes before submission
Install Age 1.5 hours since version was first installed.
Install Time 2013-02-26 07:34:23
Product Firefox
Version 22.0a1
Build ID 20130225031141
Release Channel nightly
OS Mac OS X
OS Version 10.8.2 12C3012
Build Architecture amd64
Build Architecture Info family 6 model 58 stepping 9
Crash Reason EXC_BAD_ACCESS / 0x0000000d
Crash Address 0x0
App Notes
AdapterVendorID: 0x10de, AdapterDeviceID: 0x fd5GL Context? GL Context+ GL Layers? GL Layers+
Processor Notes sp-processor10.phx1.mozilla.com_25590:2008; exploitablity tool: ERROR: unable to analyze dump
EMCheckCompatibility True
Adapter Vendor ID 0x10de
Adapter Device ID 0x fd5
Frame Module Signature Source
0 XUL mozilla::image::VectorImage::CancelAllListeners image/src/VectorImage.cpp:202
1 XUL nsAString_internal::Assign nsTSubstring.cpp:347
2 XUL nsDOMEvent::GetType obj-firefox/x86_64/dist/include/nsTSubstring.h:382
3 XUL mozilla::image::VectorImage::OnSVGDocumentLoaded image/src/VectorImage.cpp:923
4 XUL mozilla::image::SVGLoadEventListener::HandleEvent image/src/VectorImage.cpp:191
5 XUL nsEventListenerManager::HandleEventInternal content/events/src/nsEventListenerManager.cpp:923
6 XUL nsEventTargetChainItem::HandleEvent content/events/src/nsEventListenerManager.h:278
7 XUL nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:310
8 XUL nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:678
9 XUL nsXMLDocument::QueryInterface content/xml/document/src/nsXMLDocument.cpp:235
10 XUL nsIPrivateTextRangeList::COMTypeInfo<int>::kIID
11 XUL nsEventDispatcher::DispatchDOMEvent content/events/src/nsEventDispatcher.cpp:741
12 XUL nsINode::DispatchEvent content/base/src/nsINode.cpp:1112
13 XUL nsContentUtils::DispatchEvent content/base/src/nsContentUtils.cpp:3551
14 XUL nsContentUtils::DispatchTrustedEvent content/base/src/nsContentUtils.cpp:3521
15 XUL nsAsyncDOMEvent::Run content/events/src/nsAsyncDOMEvent.cpp:40
16 XUL mozilla::HangMonitor::NotifyActivity xpcom/threads/HangMonitor.cpp:334
17 XUL nsThread::ProcessNextEvent nsThread.cpp:627
18 CoreFoundation _CFRetain
19 XUL NS_ProcessPendingEvents_P nsThreadUtils.cpp:188
20 XUL nsBaseAppShell::NativeEventCallback widget/xpwidgets/nsBaseAppShell.cpp:97
21 XUL nsAppShell::ProcessGeckoEvents widget/cocoa/nsAppShell.mm:387
...
More reports at:
https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Aimage%3A%3AVectorImage%3A%3ACancelAllListeners%28%29
Comment 1•13 years ago
|
||
Note that we have crash reports both for SVGLoadEventListener::Cancel(), e.g.:
bp-e098583a-65d8-43f0-b2c3-953262130226
and also for SVGParseCompleteListener::Cancel(), e.g.:
bp-42242c8a-604b-46f8-817d-f38862130223
So whatever's going on here, it affects both of those listeners -- not just one of them.
| Assignee | ||
Comment 2•13 years ago
|
||
This is really weird. I'm about to upload a patch that adds a null check for both Cancel() methods, but I'd _really_ like a test case to figure out exactly how this happens. For that reason I'm going to leave the assert in, so hopefully a developer will hit this and we can figure it out.
| Assignee | ||
Updated•13 years ago
|
Assignee: nobody → seth
Comment 4•13 years ago
|
||
Comment on attachment 718574 [details] [diff] [review]
Add null check in VectorImage's listener Cancel methods.
Sounds like a plan.
Attachment #718574 -
Flags: review?(dholbert) → review+
| Assignee | ||
Comment 5•13 years ago
|
||
Comment 6•13 years ago
|
||
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla22
| Reporter | ||
Updated•13 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•