Closed Bug 899514 Opened 11 years ago Closed 10 years ago

[B2G] [WebRTC] Crash in ~nsDOMCameraManager when removing gUM process in card view

Categories

(Firefox OS Graveyard :: General, defect)

ARM
Gonk (Firefox OS)
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: ayang, Unassigned)

References

Details

(Keywords: crash)

Crash Data

Crash in gUM sample. Gecko 140205:a2c4d9491491, debug build Reproduce step: 1. open gUM sample 2. click video 3. long press home to display card view 4. remove gUM app process in card view #0 0x41f812f6 in mozalloc_abort (msg=<value optimized out>) at /home/mozalfredo/mozwork/mozilla-central-unagi/memory/mozalloc/mozalloc_abort.cpp:30 #1 0x40c538dc in Abort (aSeverity=<value optimized out>, aStr=0x4206a610 "You can't dereference a NULL nsCOMPtr with operator->().", aExpr=<value optimized out>, aFile=<value optimized out>, aLine=819) at /home/mozalfredo/mozwork/mozilla-central-unagi/xpcom/base/nsDebugImpl.cpp:430 #2 NS_DebugBreak (aSeverity=<value optimized out>, aStr=0x4206a610 "You can't dereference a NULL nsCOMPtr with operator->().", aExpr=<value optimized out>, aFile=<value optimized out>, aLine=819) at /home/mozalfredo/mozwork/mozilla-central-unagi/xpcom/base/nsDebugImpl.cpp:387 #3 0x407b896e in nsCOMPtr<nsIDirectoryServiceProvider>::operator-> (this=0xbebe7d70) at ../../dist/include/nsCOMPtr.h:819 #4 0x4154a486 in ~nsDOMCameraManager (this=0x441a69d0, __in_chrg=<value optimized out>) at /home/mozalfredo/mozwork/mozilla-central-unagi/dom/camera/DOMCameraManager.cpp:71 #5 0x4154a2c4 in nsDOMCameraManager::DeleteCycleCollectable (this=0x441a69d0) at /home/mozalfredo/mozwork/mozilla-central-unagi/dom/camera/DOMCameraManager.cpp:30 #6 0x41549db4 in nsDOMCameraManager::cycleCollection::DeleteCycleCollectableImpl (p=0x441a69d0) at /home/mozalfredo/mozwork/mozilla-central-unagi/dom/camera/DOMCameraManager.h:44 #7 0x40c511dc in ~SnowWhiteKiller (this=0xbebe7de4, __in_chrg=<value optimized out>) at /home/mozalfredo/mozwork/mozilla-central-unagi/xpcom/base/nsCycleCollector.cpp:2247 #8 0x40c51f08 in nsCycleCollector::FreeSnowWhite (this=0x40459000, aUntilNoSWInPurpleBuffer=<value optimized out>) at /home/mozalfredo/mozwork/mozilla-central-unagi/xpcom/base/nsCycleCollector.cpp:2356 #9 0x40c52bf0 in nsCycleCollector::Shutdown (this=0x333) at /home/mozalfredo/mozwork/mozilla-central-unagi/xpcom/base/nsCycleCollector.cpp:3074 #10 0x40c52d1e in nsCycleCollector_shutdown () at /home/mozalfredo/mozwork/mozilla-central-unagi/xpcom/base/nsCycleCollector.cpp:3399 #11 0x40c02020 in mozilla::ShutdownXPCOM (servMgr=0x4206a610) at /home/mozalfredo/mozwork/mozilla-central-unagi/xpcom/build/nsXPComInit.cpp:684 #12 0x40c0227e in NS_ShutdownXPCOM (servMgr=0x333) at /home/mozalfredo/mozwork/mozilla-central-unagi/xpcom/build/nsXPComInit.cpp:547 #13 0x407b83ec in XRE_TermEmbedding () at /home/mozalfredo/mozwork/mozilla-central-unagi/toolkit/xre/nsEmbedFunctions.cpp:187 #14 0x40863ef8 in mozilla::ipc::ScopedXREEmbed::Stop (this=0x404406c8) at /home/mozalfredo/mozwork/mozilla-central-unagi/ipc/glue/ScopedXREEmbed.cpp:110 #15 0x4082bcee in mozilla::dom::ContentProcess::CleanUp (this=<value optimized out>) at /home/mozalfredo/mozwork/mozilla-central-unagi/dom/ipc/ContentProcess.cpp:37 #16 0x407b82ee in XRE_InitChildProcess (aArgc=2, aArgv=0xbebe8998, aProcess=1078199296) at /home/mozalfredo/mozwork/mozilla-central-unagi/toolkit/xre/nsEmbedFunctions.cpp:517 #17 0x00008786 in main (argc=7, argv=0xbebe8a24) at /home/mozalfredo/mozwork/mozilla-central-unagi/ipc/app/MozillaRuntimeMain.cpp:85
Blocks: b2g-webrtc
Crash Signature: [@ mozalloc_abort(char const*) | NS_DebugBreak | nsCOMPtr<nsIDirectoryServiceProvider>::operator->() | nsDOMCameraManager::~nsDOMCameraManager()]
Keywords: crash
This looks like a bug in nsDOMCameraManager, not webrtc: http://mxr.mozilla.org/mozilla-central/source/dom/camera/DOMCameraManager.cpp#66 66 nsDOMCameraManager::~nsDOMCameraManager() 67 { 68 /* destructor code */ 69 DOM_CAMERA_LOGT("%s:%d : this=%p\n", __func__, __LINE__, this); 70 nsCOMPtr<nsIObserverService> obs = services::GetObserverService(); 71-> obs->RemoveObserver(this, "xpcom-shutdown"); 72 } obs is used without checking for nullptr. If GetObserverService() returns null, we must be very late in shutdown, in garbage collection, after the observer has already been called and removed in line 182. If nsDOMCameraManager is a singleton then this code is probably redundant and can be removed (though using a boolean to check whether removal is needed may be cleaner).
Component: WebRTC → General
Product: Core → Boot2Gecko
Summary: [B2G] [WebRTC] Crash when remove gUM process in card view → [B2G] [WebRTC] Crash in ~nsDOMCameraManager when removing gUM process in card view
Version: Trunk → unspecified
nsDOMCameraManager has been changed a lot so this is invalid.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
In the latest m-c, we still don't have the null check for obs in XpcomShutdown() [1]. I'll suggest to add the |if(obs)| in case we invoke this function in other place in future. [1] http://dxr.mozilla.org/mozilla-central/source/dom/camera/DOMCameraManager.cpp#415
You need to log in before you can comment on or make changes to this bug.