Closed Bug 1425030 Opened 8 years ago Closed 8 years ago

Crash in mozilla::a11y::ia2Accessible::get_accessibleWithCaret

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Platform:
Unspecified
Windows 10
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla59
Tracking Flags:
Tracking Status
firefox-esr52 --- wontfix
firefox57 --- wontfix
firefox58 --- fixed
firefox59 --- verified

People

(Reporter: Jamie, Assigned: Jamie)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1425030: ia2Accessible::get_accessibleWithCaret: Gracefully handle null returned from SelectionManager::AccessibleWithCaret.
59 bytes, text/x-review-board-request
surkov
: review+
ritu
: approval-mozilla-beta+
Details
This bug was filed from the Socorro interface and is report bp-f1c56d1b-bb91-4ac6-b7a7-a456d0171212. We don't null check the result of SelectionManager::AccessibleWithCaret. Note that this is returning null in cases where it shouldn't, which is what initially led to this crash, but we should still null check the result regardless. ============================================================= Top 10 frames of crashing thread: 0 xul.dll mozilla::a11y::ia2Accessible::get_accessibleWithCaret accessible/windows/ia2/ia2Accessible.cpp:525 1 ole32.dll ole32.dll@0x30ddd 2 xul.dll xul.dll@0x2d207b3 3 ole32.dll ole32.dll@0x5b59 4 ole32.dll ole32.dll@0x5b2b 5 xul.dll xul.dll@0x16957db 6 xul.dll `anonymous namespace'::HandoffRunnable::Run ipc/mscom/MainThreadHandoff.cpp:143 7 xul.dll `anonymous namespace'::SyncRunnable::Run ipc/mscom/MainThreadInvoker.cpp:48 8 xul.dll mozilla::mscom::MainThreadInvoker::MainThreadAPC ipc/mscom/MainThreadInvoker.cpp:148 9 ntdll.dll RtlDispatchAPC =============================================================
Comment on attachment 8936652 [details] Bug 1425030: ia2Accessible::get_accessibleWithCaret: Gracefully handle null returned from SelectionManager::AccessibleWithCaret. https://reviewboard.mozilla.org/r/207392/#review213270 ::: accessible/windows/ia2/ia2Accessible.cpp:528 (Diff revision 1) > int32_t caretOffset = -1; > Accessible* accWithCaret = SelectionMgr()->AccessibleWithCaret(&caretOffset); > + if (!accWithCaret) { > + return S_FALSE; > + } > if (acc->Document() != accWithCaret->Document()) it makes sense to move it under this condition
Attachment #8936652 - Flags: review?(surkov.alexander) → review+
Pushed by jteh@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/979ceb379e0b ia2Accessible::get_accessibleWithCaret: Gracefully handle null returned from SelectionManager::AccessibleWithCaret. r=surkov
https://hg.mozilla.org/mozilla-central/rev/979ceb379e0b
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox59: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
Verified fixed in Firefox Version 59.0a1 Build ID 20171215100105 64 bit.
status-firefox59: fixedverified
Comment on attachment 8936652 [details] Bug 1425030: ia2Accessible::get_accessibleWithCaret: Gracefully handle null returned from SelectionManager::AccessibleWithCaret. Approval Request Comment [Feature/Bug causing the regression]: Bug 873438. [User impact if declined]: Accessibility clients which call a specific method in certain circumstances will cause Firefox to crash. [Is this code covered by automated tests?]: No, because we don't have a mechanism for platform accessibility testing. [Has the fix been verified in Nightly?]: Yes. [Needs manual test from QE? If yes, steps to reproduce]: No. [List of other uplifts needed for the feature/fix]: None. [Is the change risky?]: No. [Why is the change risky/not risky?]: Trivial null check to prevent crash. [String changes made/needed]: None.
Attachment #8936652 - Flags: approval-mozilla-beta?
Comment on attachment 8936652 [details] Bug 1425030: ia2Accessible::get_accessibleWithCaret: Gracefully handle null returned from SelectionManager::AccessibleWithCaret. Not null check, crash fix, Beta58+
Attachment #8936652 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Assignee: nobody → jteh
Blocks: 873438
status-firefox57: --- → wontfix
status-firefox-esr52: --- → wontfix
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: