Closed
Bug 1380172
Opened 8 years ago
Closed 8 years ago
crash near null in [@ InsertIterator::Next()]
Categories
(Core :: Disability Access APIs, defect)
Core
Disability Access APIs
Tracking
()
RESOLVED
DUPLICATE
of bug 1376825
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, testcase)
Attachments
(1 file)
572 bytes,
text/html
|
Details |
Found on m-c
BuildID=20170711160010
SourceStamp=6fec4855b5345eb63fef57089e61829b88f5f4eb
This test case requires the fuzzPriv extension.
This bug seem very similar to bug 1380153 (looking at the test case)
==64472==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000f0 (pc 0x7fd149f86969 bp 0x7ffe649bac50 sp 0x7ffe649bac20 T0)
==64472==The signal is caused by a READ memory access.
==64472==Hint: address points to the zero page.
#0 0x7fd149f86968 in GetAccessible obj-firefox/dist/include/mozilla/a11y/DocAccessible.h:237:21
#1 0x7fd149f86968 in mozilla::a11y::DocAccessible::GetAccessibleOrContainer(nsINode*) const accessible/generic/DocAccessible.cpp:1253
#2 0x7fd149fb472d in AccessibleOrTrueContainer accessible/generic/DocAccessible-inl.h:30:27
#3 0x7fd149fb472d in InsertIterator::Next() accessible/generic/DocAccessible.cpp:1812
#4 0x7fd149fb4ea3 in mozilla::a11y::DocAccessible::ProcessContentInserted(mozilla::a11y::Accessible*, nsTArray<nsCOMPtr<nsIContent> > const*) accessible/generic/DocAccessible.cpp:1871:13
#5 0x7fd149f227a7 in mozilla::a11y::NotificationController::WillRefresh(mozilla::TimeStamp) accessible/base/NotificationController.cpp:727:16
#6 0x7fd146d38f77 in nsRefreshDriver::Tick(long, mozilla::TimeStamp) layout/base/nsRefreshDriver.cpp:1854:12
#7 0x7fd146d48855 in mozilla::RefreshDriverTimer::TickRefreshDrivers(long, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) layout/base/nsRefreshDriver.cpp:298:7
#8 0x7fd146d48512 in mozilla::RefreshDriverTimer::Tick(long, mozilla::TimeStamp) layout/base/nsRefreshDriver.cpp:319:5
#9 0x7fd146d4abbb in RunRefreshDrivers layout/base/nsRefreshDriver.cpp:761:5
#10 0x7fd146d4abbb in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::TimeStamp) layout/base/nsRefreshDriver.cpp:674
#11 0x7fd146d45f17 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run() layout/base/nsRefreshDriver.cpp:520:20
#12 0x7fd1400f6875 in nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp:1437:14
#13 0x7fd1400fcaa8 in NS_ProcessNextEvent(nsIThread*, bool) xpcom/threads/nsThreadUtils.cpp:489:10
#14 0x7fd140f0ee41 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:97:21
#15 0x7fd140e6b0e0 in RunInternal ipc/chromium/src/base/message_loop.cc:320:10
#16 0x7fd140e6b0e0 in RunHandler ipc/chromium/src/base/message_loop.cc:313
#17 0x7fd140e6b0e0 in MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:293
#18 0x7fd14669937f in nsBaseAppShell::Run() widget/nsBaseAppShell.cpp:156:27
#19 0x7fd14a744db1 in nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp:287:30
#20 0x7fd14a91f5e4 in XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp:4595:22
#21 0x7fd14a9211ed in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4778:8
#22 0x7fd14a92261b in XRE_main(int, char**, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4873:21
#23 0x4eb613 in do_main browser/app/nsBrowserApp.cpp:237:22
#24 0x4eb613 in main browser/app/nsBrowserApp.cpp:310
#25 0x7fd15d14982f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291
#26 0x41d168 in _start (m-c-1499788810-asan-opt/firefox+0x41d168)
Comment 1•8 years ago
|
||
This stack looks identical to bug 1376825. The patch there fixes this test case as well, it seems.
Comment 2•8 years ago
|
||
I'm going to go ahead and call this a dup.
This test case will trigger bug 1380199 on debug builds..
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•