Closed
Bug 884792
Opened 11 years ago
Closed 11 years ago
crash in nsXPCWrappedJS::Release
Categories
(Firefox for Android Graveyard :: General, defect)
Tracking
(firefox23 unaffected, firefox24+ fixed, fennec24+)
RESOLVED
FIXED
Firefox 24
| Tracking | Status | |
|---|---|---|
| firefox23 | --- | unaffected |
| firefox24 | + | fixed |
| fennec | 24+ | --- |
People
(Reporter: scoobidiver, Assigned: blassey)
References
Details
(Keywords: crash, regression, topcrash, Whiteboard: [native-crash])
Crash Data
Attachments
(1 file)
|
7.32 KB,
patch
|
kats
:
review+
|
Details | Diff | Splinter Review |
It has been hit twice by a single user in 24.0a1/20130619: bp-64122db3-bf91-493d-9737-948632130619.
Signature nsXPCWrappedJS::Release() More Reports Search
UUID 64122db3-bf91-493d-9737-948632130619
Date Processed 2013-06-19 12:21:21
Uptime 15
Last Crash 25 seconds before submission
Install Age 58 seconds since version was first installed.
Install Time 2013-06-19 12:20:22
Product FennecAndroid
Version 24.0a1
Build ID 20130619031048
Release Channel nightly
OS Android
OS Version 0.0.0 Linux 3.0.31 #1 SMP PREEMPT Wed Apr 3 09:14:51 KST 2013 armv7l samsung/kona3gxx/kona3g:4.1.2/JZO54K/N5100XXBMD1:user/release-keys
Build Architecture arm
Build Architecture Info ARMv0
Crash Reason SIGSEGV
Crash Address 0x0
App Notes
AdapterDescription: 'ARM -- Mali-400 MP -- OpenGL ES 2.0 -- Model: GT-N5100, Product: kona3gxx, Manufacturer: samsung, Hardware: smdk4x12'
GL Layers! EGL? EGL+ GL Context? GL Context+ GL Layers+
samsung GT-N5100
samsung/kona3gxx/kona3g:4.1.2/JZO54K/N5100XXBMD1:user/release-keys
Processor Notes sp-processor09_phx1_mozilla_com_2231:2012; MDSW emitted too many frames, triggering truncation; exploitability tool: ERROR: unable to analyze dump
EMCheckCompatibility True
Adapter Vendor ID ARM
Adapter Device ID Mali-400 MP
Device samsung GT-N5100
Android API Version 16 (REL)
Android CPU ABI armeabi-v7a
Frame Module Signature Source
0 libxul.so nsXPCWrappedJS::Release js/xpconnect/src/XPCWrappedJS.cpp:174
1 libxul.so nsXPTCStubBase::AddRef xpcom/reflect/xptcall/src/xptcall.cpp:31
2 libxul.so GrGLProgramStage::name const gfx/skia/src/gpu/gl/GrGLProgramStage.h:81
3 libxul.so nsTHashtable<nsBaseHashtableET<nsStringHashKey, nsCOMPtr<nsIObserver> > >::s_Ini obj-firefox/dist/include/nsTHashtable.h:474
4 libxul.so mozilla::RefPtr<mozilla::psm::TransportSecurityInfo>::~RefPtr
5 libxul.so nsTHashtable<nsBaseHashtableET<nsStringHashKey, nsCOMPtr<nsIObserver> > >::s_Cle obj-firefox/dist/include/nsCOMPtr.h:489
6 libxul.so PL_DHashTableRawRemove obj-firefox/xpcom/build/pldhash.cpp:683
7 libxul.so PL_DHashTableOperate obj-firefox/xpcom/build/pldhash.cpp:649
...
More reports at:
https://crash-stats.mozilla.com/report/list?product=FennecAndroid&signature=nsXPCWrappedJS%3A%3ARelease%28%29
|
||
Comment 1•11 years ago
|
||
The GrGLProgramStage is a red herring here. Brad, looks like removeObserver is being called off the main thread, so perhaps that needs to be proxied to the main one.
Component: Graphics → General
Product: Core → Firefox for Android
Version: 24 Branch → Trunk
|
Reporter | |
Updated•11 years ago
|
Summary: crash in GrGLProgramStage::name @ nsXPCWrappedJS::Release → crash in nsXPCWrappedJS::Release
|
|
Reporter | |
Comment 2•11 years ago
|
||
It has been hit now by 5 users. It's a regression from either bug 882196 or bug 770840 (previously hidden by bug 882196).
tracking-fennec: --- → ?
tracking-firefox24:
--- → ?
Keywords: topcrash
Whiteboard: [native-crash][startupcrash] → [native-crash]
|
|
Reporter | |
Comment 3•11 years ago
|
||
The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=4e5983de6e3b&tochange=d2a7cfa34154
|
||
Updated•11 years ago
|
Keywords: steps-wanted
|
Assignee | |
Comment 4•11 years ago
|
||
Assignee: nobody → blassey.bugs
Attachment #764934 -
Flags: review?(bugmail.mozilla)
|
||
Comment 5•11 years ago
|
||
Comment on attachment 764934 [details] [diff] [review]
patch
Review of attachment 764934 [details] [diff] [review]:
-----------------------------------------------------------------
::: widget/android/nsAppShell.cpp
@@ +525,5 @@
> + mObserversHash.Get(curEvent->Characters(), getter_AddRefs(observer));
> +
> + if (observer) {
> + observer->Observe(nullptr, NS_ConvertUTF16toUTF8(curEvent->CharactersExtra()).get(),
> + nsString(curEvent->Data()).get());
You changed the data from being a PromiseFlatString to a nsString. I assume that's ok but I don't know these string classes well enough to say for sure. Just pointing this out in case you didn't mean to do this.
Attachment #764934 -
Flags: review?(bugmail.mozilla) → review+
|
|
Reporter | |
Comment 6•11 years ago
|
||
In case it helps, a comment says: "switched to home screen after a download".
|
|
Assignee | |
Updated•11 years ago
|
tracking-fennec: ? → 24+
|
||
Comment 7•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 24
|
||
Updated•11 years ago
|
Keywords: steps-wanted
|
||
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•