Open
Bug 1584404
Opened 5 years ago
Updated 2 years ago
member call on null pointer of type 'MaiAtkObject' in src/accessible/atk/AccessibleWrap.cpp:1354
Categories
(Core :: Disability Access APIs, defect, P2)
Core
Disability Access APIs
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox71 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: csectype-nullptr, testcase)
Attachments
(1 file)
|
262 bytes,
text/html
|
Details |
Found with m-c 20190925-451e084cba66
This is triggered with an UBSan build. To enable this check add the following to your mozconfig:
ac_add_options --enable-address-sanitizer
ac_add_options --enable-undefined-sanitizer="null"
ac_add_options --disable-jemalloc
src/accessible/atk/AccessibleWrap.cpp:1354:11: runtime error: member call on null pointer of type 'MaiAtkObject'
#0 0x7fbd05243933 in mozilla::a11y::ProxyStateChangeEvent(mozilla::a11y::ProxyAccessible*, unsigned long, bool) src/accessible/atk/AccessibleWrap.cpp:1354:11
#1 0x7fbd0536bd1d in mozilla::a11y::DocAccessibleParent::RecvStateChangeEvent(unsigned long const&, unsigned long const&, bool const&) src/accessible/ipc/DocAccessibleParent.cpp:252:3
#2 0x7fbcfa2fb5eb in mozilla::a11y::PDocAccessibleParent::OnMessageReceived(IPC::Message const&) src/objdir-ff-ubsan/ipc/ipdl/PDocAccessibleParent.cpp:8396:28
#3 0x7fbcfa1957bb in mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) src/objdir-ff-ubsan/ipc/ipdl/PContentParent.cpp:5873:32
#4 0x7fbcf9d2b9cb in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2185:25
#5 0x7fbcf9d25fb5 in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2109:9
#6 0x7fbcf9d28408 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1954:3
#7 0x7fbcf9d294d6 in mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1985:13
#8 0x7fbcf87b4951 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1225:14
#9 0x7fbcf87bb406 in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:486:10
#10 0x7fbcf9d384ef in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:88:21
#11 0x7fbcf9ba8127 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:315:10
#12 0x7fbcf9ba8127 in MessageLoop::RunHandler() src/ipc/chromium/src/base/message_loop.cc:308
#13 0x7fbcf9ba8127 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290
#14 0x7fbd01902a61 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#15 0x7fbd05ae8aa8 in nsAppStartup::Run() src/toolkit/components/startup/nsAppStartup.cpp:276:30
#16 0x7fbd05d5d007 in XREMain::XRE_mainRun() src/toolkit/xre/nsAppRunner.cpp:4601:22
#17 0x7fbd05d5f407 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:4736:8
#18 0x7fbd05d60c93 in XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:4817:21
#19 0x55b6647b4998 in do_main(int, char**, char**) src/browser/app/nsBrowserApp.cpp:218:22
#20 0x55b6647b4998 in main src/browser/app/nsBrowserApp.cpp:300
Flags: in-testsuite?
|
Reporter | |
Comment 1•5 years ago
|
||
A Pernosco session can be found here: https://pernos.co/debug/y3UCYilnu48Al03emjrb3w/index.html
|
||
Comment 2•5 years ago
|
||
If I run this test case on a Windows nightly, I get this crash: bp-227afda5-e652-40f2-b120-193500190927
These are probably related, but I'm not sure; it's also possible they're two different issues triggered by the same test case.
|
|
||
Updated•5 years ago
|
Priority: -- → P2
|
||
Updated•2 years ago
|
Severity: normal → S3
|
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•