Closed
Bug 1268069
Opened 8 years ago
Closed 8 years ago
crash in mozilla::a11y::ia2AccessibleHypertext::get_hyperlink
Categories
(Core :: Disability Access APIs, defect)
Tracking
()
RESOLVED
FIXED
mozilla49
People
(Reporter: MarcoZ, Assigned: surkov)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
3.02 KB,
patch
|
yzen
:
review+
ritu
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-07505ccb-a8c6-4e9e-9a53-3e6ac2160427. ============================================================= I ran into this just now while doing the following: 1. Was reading http://www.kobinet-nachrichten.org/de/1/nachrichten/33572/Behindertenpolitik-in-Bewegung.htm. 2. Wanted to share it on FB, so first dismissed the cookie notice, second clicked the "FB click dummy", third dismissed the info that comes up by clicking on "Nicht mit Facebook verbunden". 3. The FB iframe doesn't load for me. 4. Pressed Ctrl+L to go to the address bar, and entered facebook.com. 5. Pressed Enter. 6. Crash. However this crash looks quite corrupted. VBufBackend_GeckoIA2.dll is the injected NVDA module for the virtual buffers in Gecko. I'll file this just in case, but doubt we'll se this come up again. I could not reproduce upon second attempt.
Comment 1•8 years ago
|
||
bp-add09e4c-8373-41f8-9fe6-5c1ed2160524 I can reliably reproduce this, but it's ... obscure to say the least. STR: 1. Start NVDA and Firefox. 2. NVDA menu -> Preferences -> Review cursr, ensure "Simple review mode" is unchecked. 3. Open this URL: https://get.adobe.com/flashplayer/ 4. Uncheck the "Yes, install the free McAfee Security Scan Plus utility..." check box. 5. Tab to the "Install now" link. 6. Press NVDA+numpad8 (laptop: NVDA+upArrow). NVDA shuold say "paragraph". 7. Press NVDA+control+z to open the Python console. 8. Paste the following: nav.iaHypertext.hyperlink(0) Result: Crash! Notes: 1. I noticed this because once you uncheck that check box, the "Install now" link disappeas from NVDA's buffer. Oddly, though, the buffer doing it in-process doesn't seem to cause a crash. Even force reloading the entire buffer with NVDA+f5 doesn't crash, though the link is still gone. 2. If you grab a reference to that paragraph accessible *before* unchecking the check box, then uncheck the check box, then call .iaHypertext.hyperlink(0) on that original reference, it *doesn't* crash. Something about fetching a new reference to the object triggers this. 3. Unfortunately, I'm stumped on this one. No idea whatsoever what's going on. :(
Reporter | ||
Comment 2•8 years ago
|
||
I can definitely confirm that this link cannot be brought back. This reminds me a lot about what I describe in bug 1268916 with Bugzilla. I haven't tried getting to anything from that element where thhe link resided, but I bet it is a very similar issue. Jamie, mind checking if something similar is at work here? Alex, this sounds a lot like there are still some indexes or arrays not being properly updated with some events. Maybe loosely related to bug 1270218?
Flags: needinfo?(surkov.alexander)
Flags: needinfo?(jamie)
Assignee | ||
Comment 3•8 years ago
|
||
(In reply to Marco Zehe (:MarcoZ) from comment #2) > Alex, this sounds a lot like there are still some indexes or arrays not > being properly updated with some events. Maybe loosely related to bug > 1270218? it's rather bug 1266226
Flags: needinfo?(surkov.alexander)
Assignee | ||
Comment 4•8 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=c9ebfa1ad407
Assignee | ||
Comment 5•8 years ago
|
||
this is probably too bold approach, but I'm going to rework this code, so a small fix for now, which can be backported
Assignee: nobody → surkov.alexander
Flags: needinfo?(jamie)
Attachment #8756444 -
Flags: review?(yzenevich)
Comment 6•8 years ago
|
||
Comment on attachment 8756444 [details] [diff] [review] patch Review of attachment 8756444 [details] [diff] [review]: ----------------------------------------------------------------- code looks fine to me thanks
Attachment #8756444 -
Flags: review?(yzenevich) → review+
Assignee | ||
Comment 7•8 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/045768176a0b6d39b94d63c6c5d15b78f84050bf Bug 1268069 - embeded object collection may be not updated on removals, r=yzen
Comment 8•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/045768176a0b
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox49:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
Reporter | ||
Comment 9•8 years ago
|
||
Alex, this looks like an uplift candidate for 48, right?
Flags: needinfo?(surkov.alexander)
Assignee | ||
Comment 10•8 years ago
|
||
Comment on attachment 8756444 [details] [diff] [review] patch Approval Request Comment [Feature/regressing bug #]:bug 1261425 [User impact if declined]:crashes, missed content for screen readers [Describe test coverage new/current, TreeHerder]:mochitest [Risks and why]: low, make an update unconditionally [String/UUID change made/needed]:no
Flags: needinfo?(surkov.alexander)
Attachment #8756444 -
Flags: approval-mozilla-aurora?
status-firefox48:
--- → affected
Comment on attachment 8756444 [details] [diff] [review] patch Crash fix, Aurora48+
Attachment #8756444 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 12•8 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-aurora/rev/2ab4b64da787
You need to log in
before you can comment on or make changes to this bug.
Description
•