Closed Bug 1312046 Opened 9 years ago Closed 8 years ago

Crash in GetProxiedAccessibleInSubtree

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Platform:
Unspecified
Windows
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla52
Tracking Flags:
Tracking Status
firefox50 --- unaffected
firefox51 --- disabled
firefox52 --- fixed
firefox55 --- verified

People

(Reporter: bugzilla, Assigned: bugzilla)

References

(Blocks 1 open bug)

Details

(Keywords: crash, reproducible, Whiteboard: aes+)

Crash Data

Attachments

(1 file, 1 obsolete file)

Add null pointer check (r2)
965 bytes, patch
bugzilla
: review+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-4885c328-2dc2-4ca1-ab44-e2cc22161021. =============================================================
I can reproduce the crash on Windows10 Home 64bit, Nightly52.0a1 32bit. Reproducible: 100% Steps To Reproduce: 1. Open attachment 8806341 [details] of Bug 1312697 2. Scroll by clicking of "M" 3. Reload (F5) several times Actual Results: Browser Crashes
Keywords: reproducible
Note that I was unable to reproduce with these steps using the 64 bit version of current 52.0a1 Nightly with NVDA running. I reloaded about ten times or so, but waited for each load to complete, including the screen reader digesting this huge document. No cash here.
Blocks: 1314310
(In reply to Alice0775 White from comment #1) > I can reproduce the crash on Windows10 Home 64bit, Nightly52.0a1 32bit. > > Reproducible: 100% > > Steps To Reproduce: > 1. Open attachment 8806341 [details] of Bug 1312697 > 2. Scroll by clicking of "M" > 3. Reload (F5) several times > > Actual Results: > Browser Crashes I filed a new Bug 1314310
Attached patch Add null pointer check (obsolete) — Splinter Review
The circumstances around this are unclear; my best guess is that something is enumerating child accessibles between proxy construction and setting of the com proxy. The Real Fix is probably adding the setting of the com proxy to the PDocAccessibleConstructor, but I am still thinking about how I want to do that. This will get rid of the crashes at least.
Assignee: nobody → aklotz
Status: NEW → ASSIGNED
Attachment #8806521 - Flags: review?(tbsaunde+mozbugs)
Comment on attachment 8806521 [details] [diff] [review] Add null pointer check > wrapper->GetNativeInterface(getter_AddRefs(comProxy)); >+ if (!comProxy) { >+ return nullptr; if this crash is bad enough we need to do this can we at least add an assert in the hope it'll help us find the cause if its not what you suspect or if it is that, maybe let us remove this later.
Attachment #8806521 - Flags: review?(tbsaunde+mozbugs) → review+
Revised with assertion
Attachment #8806521 - Attachment is obsolete: true
Attachment #8806776 - Flags: review+
https://hg.mozilla.org/mozilla-central/rev/feebdb353fde
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox52: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
hi, the signature is present in 51.0b too - would it make sense to uplift the patch? http://bit.ly/2je22KS
status-firefox50: --- → unaffected
status-firefox51: --- → affected
Flags: needinfo?(aklotz)
Any presence of that signature in 51 is due to people who have force-enabled e10s. I am not sure that it is worth the risk to do a late-beta uplift for an unsupported configuration.
Flags: needinfo?(aklotz)
thanks for taking a look!
Verified with the following user agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Status: RESOLVED → VERIFIED
status-firefox55: --- → verified
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: