Closed Bug 1334972 Opened 3 years ago Closed 3 years ago
Crash in memmove | ns
TArray _base<T>::Shift Data<T> | ns TArray _Impl<T>::Insert Element At<T> | mozilla::a11y::Accessible::Move Child
This bug was filed from the Socorro interface and is report bp-2bcffa8a-e508-46b2-bb26-db07c2170130. ============================================================= This crash occurs if I view a commit in one of my GitHub projects.
Alex, this looks like it fallls in your court.
I'm also using the GitHub accessibility fixes Greasemonkey script, specifically this one: https://raw.githubusercontent.com/nvaccess/axSGrease/13d47a65aa30637679a847c964d59e572cc81ac6/GitHubA11yFixes.user.js
Tyler, I see you've been using Firefox 50 for this. Firefox 51 came out a week ago. Can you still reproduce the crash with that version, too?
(In reply to Marco Zehe (:MarcoZ) from comment #3) > Tyler, I see you've been using Firefox 50 for this. Firefox 51 came out a > week ago. Can you still reproduce the crash with that version, too? I'm using 51.0.1 according to Help/About, and it still crashes. I haven't received any update notifications since I created the bug.
All right. Am I right in assuming that the version you're using is a bit outdated? The commit ID seems to point to a version that is almost a year old.
I meant the version of the GreaseMonkey script, sorry!
(In reply to Marco Zehe (:MarcoZ) from comment #6) > I meant the version of the GreaseMonkey script, sorry! It is. I matched the same version I was running with the file on GitHub in case something changed in a newer version which would stop the crash.
(In reply to tspivey from comment #2) > I'm also using the GitHub accessibility fixes Greasemonkey script, > specifically this one: > https://raw.githubusercontent.com/nvaccess/axSGrease/ > 13d47a65aa30637679a847c964d59e572cc81ac6/GitHubA11yFixes.user.js could you please share exact steps to reproduce?
(In reply to alexander :surkov from comment #8) > could you please share exact steps to reproduce? STR, from a new profile: 1. Install Greasemonkey from addons. 2. Install this old version of the GitHub a11y fixes script by opening the page (the latest as of now won't crash): https://raw.githubusercontent.com/nvaccess/axSGrease/13d47a65aa30637679a847c964d59e572cc81ac6/GitHubA11yFixes.user.js 3. Sign in to GitHub. 4. Open any commit, example from one of my repos: https://github.com/tspivey/classicSelection/commit/3777951339fa1b1e95ab097ef9cbac38279b724d Or this one from NVDA: https://github.com/nvaccess/nvda/commit/08af4cef7e83fa33ada0678b495af44b00d8c843
here's what happens here, when aria-owns refers to a child inaccessible span, then aria-owns processing makes this span accessible and the span steals children from the owner, which breaks our moving logic. despite the fix may be straightforward, it'd be good to have something to avoid cases like this in the future.
Assignee: nobody → surkov.alexander
Attachment #8832952 - Flags: review?(yzenevich)
Attachment #8832952 - Flags: review?(yzenevich) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/8518a4c295122b90473a24b396102ed5453fcb62 Bug 1334972 - crash when aria-owned child takes children from its parent, r=yzen
Please request Aurora/Beta approval on this when you get a chance.
Comment on attachment 8832952 [details] [diff] [review] patch Approval Request Comment [Feature/Bug causing the regression]:unknown [User impact if declined]:crashes [Is this code covered by automated tests?]:yes [Has the fix been verified in Nightly?]:yes [Needs manual test from QE? If yes, steps to reproduce]: comment #9 [List of other uplifts needed for the feature/fix]:no [Is the change risky?]:fair risk [Why is the change risky/not risky?]:simple change in complicated code [String changes made/needed]:no
Attachment #8832952 - Flags: approval-mozilla-aurora?
Attachment #8832952 - Flags: approval-mozilla-beta?
Comment on attachment 8832952 [details] [diff] [review] patch Fix a crash. Aurora53+.
Attachment #8832952 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment on attachment 8832952 [details] [diff] [review] patch let's get this fix in 52.0b5
Attachment #8832952 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.