Crash in [@ PLDHashTable::Iterator::Iterator | ConvertToAtkAttributeSet]
Categories
(Core :: Disability Access APIs, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr78 | --- | unaffected |
| firefox-esr91 | 91+ | fixed |
| firefox89 | --- | unaffected |
| firefox90 | --- | unaffected |
| firefox91 | + | fixed |
| firefox92 | --- | fixed |
People
(Reporter: gsvelto, Assigned: eeejay)
Details
(Keywords: crash, regression, regressionwindow-wanted)
Crash Data
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
jcristau
:
approval-mozilla-release+
RyanVM
:
approval-mozilla-esr91+
|
Details | Review |
Crash report: https://crash-stats.mozilla.org/report/index/f256901d-4481-4bf8-b276-ea9e50210621
Reason: SIGSEGV /SEGV_MAPERR
Top 10 frames of crashing thread:
0 libxul.so PLDHashTable::Iterator::Iterator xpcom/ds/PLDHashTable.cpp:753
1 libxul.so ConvertToAtkAttributeSet accessible/atk/AccessibleWrap.cpp:641
2 libxul.so getAttributesCB accessible/atk/AccessibleWrap.cpp:668
3 libatk-bridge-2.0.so.0 impl_GetAttributes ./obj-x86_64-linux-gnu/../atk-adaptor/adaptors/accessible-adaptor.c:471
4 libatk-bridge-2.0.so.0 handle_message ./obj-x86_64-linux-gnu/../droute/droute.c:601
5 libdbus-1.so.3 _dbus_object_tree_dispatch_and_unlock dbus/dbus-object-tree.c:1020
6 libdbus-1.so.3 dbus_connection_dispatch dbus/dbus-connection.c:4576
7 libatspi.so.0 message_queue_dispatch atspi/atspi-gmain.c:89
8 libglib-2.0.so.0 g_main_context_dispatch glib/gmain.c:4043
9 libglib-2.0.so.0 g_main_context_iterate.constprop.0 glib/gmain.c:4119
This is a Linux-specific crash coming from users with accessibility enabled. The crash itself seems like a simple NULL pointer access but I'm not sufficiently familiar with the code to parse why it might be happening.
This appears to be a regression as it started in buildid 20210611094205 and is only present on nightly for the time being.
|
||
Updated•3 years ago
|
|
||
Comment 1•3 years ago
|
||
This signature looks very similar, so I'll add it.
|
||
Updated•3 years ago
|
|
||
Comment 2•3 years ago
|
||
Bug 1714390 landed in 20210611094205 and touched atk. Eitan, can this be related?
|
Assignee | |
Comment 3•3 years ago
|
||
|
||
Updated•3 years ago
|
|
||
Comment 5•3 years ago
|
||
| bugherder | ||
|
||
Comment 6•3 years ago
|
||
We had crashes on 91 beta 2 with this signature, should we uplift that fix to beta?
|
|
||
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
|
||
Comment 7•3 years ago
|
||
Please nominate this for ESR91 approval when you get a chance.
|
|
Assignee | |
Comment 8•3 years ago
|
||
Comment on attachment 9231006 [details]
Bug 1717575 - Check given attributes for null before iterating. r?morgan
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: This is a crasher
- User impact if declined:
- Fix Landed on Version:
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): this is a simple null check.
- String or UUID changes made by this patch:
|
|
||
Comment 9•3 years ago
|
||
Comment on attachment 9231006 [details]
Bug 1717575 - Check given attributes for null before iterating. r?morgan
Approved for 91.1esr.
|
|
||
Comment 10•3 years ago
|
||
| bugherder uplift | ||
|
|
||
Comment 11•3 years ago
|
||
I'm going to go ahead and take this fix for 91.0.1, given the simple patch and crash volume on release.
|
|
||
Updated•3 years ago
|
|
|
||
Comment 12•3 years ago
|
||
| bugherder uplift | ||
|
|
||
Comment 13•3 years ago
|
||
| uplift | ||
for 91.0.1esr (FIREFOX_91_0_X_RELBRANCH):
https://hg.mozilla.org/releases/mozilla-esr91/rev/8046f1ae74749dd164478750e0d7a0d529313403
Description
•