Closed
Bug 845234
Opened 11 years ago
Closed 11 years ago
crash in mozilla::image::VectorImage::CancelAllListeners
Categories
(Core :: Graphics: ImageLib, defect)
Tracking
()
RESOLVED
FIXED
mozilla22
Tracking | Status | |
---|---|---|
firefox21 | --- | unaffected |
firefox22 | --- | fixed |
People
(Reporter: scoobidiver, Assigned: seth)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
1.84 KB,
patch
|
dholbert
:
review+
|
Details | Diff | Splinter Review |
It first showed up in 22.0a1/20130221072044 and is #18 top browser crasher in 22.0a1. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=401b967b2dfc&tochange=702d2814efbf It's likely a regression from bug 704059. Signature mozilla::image::VectorImage::CancelAllListeners() More Reports Search UUID e098583a-65d8-43f0-b2c3-953262130226 Date Processed 2013-02-26 09:07:18 Uptime 62 Last Crash 1.1 minutes before submission Install Age 1.5 hours since version was first installed. Install Time 2013-02-26 07:34:23 Product Firefox Version 22.0a1 Build ID 20130225031141 Release Channel nightly OS Mac OS X OS Version 10.8.2 12C3012 Build Architecture amd64 Build Architecture Info family 6 model 58 stepping 9 Crash Reason EXC_BAD_ACCESS / 0x0000000d Crash Address 0x0 App Notes AdapterVendorID: 0x10de, AdapterDeviceID: 0x fd5GL Context? GL Context+ GL Layers? GL Layers+ Processor Notes sp-processor10.phx1.mozilla.com_25590:2008; exploitablity tool: ERROR: unable to analyze dump EMCheckCompatibility True Adapter Vendor ID 0x10de Adapter Device ID 0x fd5 Frame Module Signature Source 0 XUL mozilla::image::VectorImage::CancelAllListeners image/src/VectorImage.cpp:202 1 XUL nsAString_internal::Assign nsTSubstring.cpp:347 2 XUL nsDOMEvent::GetType obj-firefox/x86_64/dist/include/nsTSubstring.h:382 3 XUL mozilla::image::VectorImage::OnSVGDocumentLoaded image/src/VectorImage.cpp:923 4 XUL mozilla::image::SVGLoadEventListener::HandleEvent image/src/VectorImage.cpp:191 5 XUL nsEventListenerManager::HandleEventInternal content/events/src/nsEventListenerManager.cpp:923 6 XUL nsEventTargetChainItem::HandleEvent content/events/src/nsEventListenerManager.h:278 7 XUL nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:310 8 XUL nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:678 9 XUL nsXMLDocument::QueryInterface content/xml/document/src/nsXMLDocument.cpp:235 10 XUL nsIPrivateTextRangeList::COMTypeInfo<int>::kIID 11 XUL nsEventDispatcher::DispatchDOMEvent content/events/src/nsEventDispatcher.cpp:741 12 XUL nsINode::DispatchEvent content/base/src/nsINode.cpp:1112 13 XUL nsContentUtils::DispatchEvent content/base/src/nsContentUtils.cpp:3551 14 XUL nsContentUtils::DispatchTrustedEvent content/base/src/nsContentUtils.cpp:3521 15 XUL nsAsyncDOMEvent::Run content/events/src/nsAsyncDOMEvent.cpp:40 16 XUL mozilla::HangMonitor::NotifyActivity xpcom/threads/HangMonitor.cpp:334 17 XUL nsThread::ProcessNextEvent nsThread.cpp:627 18 CoreFoundation _CFRetain 19 XUL NS_ProcessPendingEvents_P nsThreadUtils.cpp:188 20 XUL nsBaseAppShell::NativeEventCallback widget/xpwidgets/nsBaseAppShell.cpp:97 21 XUL nsAppShell::ProcessGeckoEvents widget/cocoa/nsAppShell.mm:387 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Aimage%3A%3AVectorImage%3A%3ACancelAllListeners%28%29
Comment 1•11 years ago
|
||
Note that we have crash reports both for SVGLoadEventListener::Cancel(), e.g.: bp-e098583a-65d8-43f0-b2c3-953262130226 and also for SVGParseCompleteListener::Cancel(), e.g.: bp-42242c8a-604b-46f8-817d-f38862130223 So whatever's going on here, it affects both of those listeners -- not just one of them.
Assignee | ||
Comment 2•11 years ago
|
||
This is really weird. I'm about to upload a patch that adds a null check for both Cancel() methods, but I'd _really_ like a test case to figure out exactly how this happens. For that reason I'm going to leave the assert in, so hopefully a developer will hit this and we can figure it out.
Assignee | ||
Updated•11 years ago
|
Assignee: nobody → seth
Comment 4•11 years ago
|
||
Comment on attachment 718574 [details] [diff] [review] Add null check in VectorImage's listener Cancel methods. Sounds like a plan.
Attachment #718574 -
Flags: review?(dholbert) → review+
Assignee | ||
Comment 5•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/b6e113cd3eb0
Comment 6•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/b6e113cd3eb0
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla22
Reporter | ||
Updated•11 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•