Crash in mozilla::a11y::DocAccessibleWrap::GetNativeWindow

RESOLVED FIXED in Firefox 53

Status

()

Core
Disability Access APIs
--
critical
RESOLVED FIXED
a year ago
a year ago

People

(Reporter: njn, Assigned: tbsaunde)

Tracking

({crash})

unspecified
mozilla53
Unspecified
Windows 10
crash
Points:
---

Firefox Tracking Flags

(firefox51 unaffected, firefox52 unaffected, firefox53 fixed)

Details

(Whiteboard: aes+, crash signature)

Attachments

(1 attachment)

(Reporter)

Description

a year ago
This bug was filed from the Socorro interface and is 
report bp-ca7b3fd1-4a7a-41d9-b247-ab2242170114.
=============================================================

This first happened twice in Nightly 20161221030226, then once in 20170110075905, then it spiked in 20170113030227 (making it the #10 topcrash) and has been happening more frequently since then.

The regression window for 20170113030227 is here:

https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=97d6f73643940256c0eb61e384c49bf6f6c49847&tochange=91f5293e9a89056565493ed5073c3842b0ee9fdc

The crash address is usually 0x10, though sometimes 0xc or 0x. So it looks like |ipcDoc| might be null, though in some of them perhaps it's |tab| that is null.

tbsaunde, any ideas?
Flags: needinfo?(tbsaunde+mozbugs)
(Assignee)

Comment 1

a year ago
So, getting to this point is kind of odd, normally in a content process IPCAccessibilityActive() would return true, and HandleAccEvent() would have returned before getting to this point.  The one obvious way for this to happen is for someone to set the accessibility.ipc_architecture_enabled pref to false, that would make IPCAccessibilityActive() return false in content processes, and then its probably possible at some point while a document is being shut down for IPCDoc() to return null.  I don't think we gain anything from that pref so I'll remove and and hopefully this will be fixed.
Flags: needinfo?(tbsaunde+mozbugs)
(Assignee)

Comment 2

a year ago
Created attachment 8827104 [details] [diff] [review]
remove accessibility.ipc_architecture_enabled pref
Attachment #8827104 - Flags: review?(dbolter)
Comment on attachment 8827104 [details] [diff] [review]
remove accessibility.ipc_architecture_enabled pref

Review of attachment 8827104 [details] [diff] [review]:
-----------------------------------------------------------------

Probably ok but I'd like jimm's feedback.
Attachment #8827104 - Flags: review?(dbolter)
Attachment #8827104 - Flags: review+
Attachment #8827104 - Flags: feedback?(jmathies)
> Probably ok but I'd like jimm's feedback.

(Because he handles most (all?) the prefs around e10s shipping)
Comment on attachment 8827104 [details] [diff] [review]
remove accessibility.ipc_architecture_enabled pref

Review of attachment 8827104 [details] [diff] [review]:
-----------------------------------------------------------------

seems fine, we've never used this and I can't find any references to it.
Attachment #8827104 - Flags: feedback?(jmathies) → feedback+

Updated

a year ago
Whiteboard: aes+

Comment 6

a year ago
Pushed by tsaunders@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/fb95edfbf857
remove accessibility.ipc_architecture_enabled pref r=davidb

Comment 7

a year ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/fb95edfbf857
Status: NEW → RESOLVED
Last Resolved: a year ago
status-firefox53: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
Assignee: nobody → tbsaunde+mozbugs
status-firefox51: --- → unaffected
status-firefox52: --- → unaffected
You need to log in before you can comment on or make changes to this bug.