Closed Bug 1717775 Opened 3 years ago Closed 3 years ago

null-pointer dereference in nsAccUtils::IsTextInterfaceSupportCorrect

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
91 Branch
Tracking Flags:
Tracking Status
firefox91 --- fixed

People

(Reporter: pbone, Assigned: pbone)

Details

Attachments

(1 file)

Bug 1717775 - Check for null before dereferencing child r=eeejay
48 bytes, text/x-phabricator-request
Details | Review

When I built revision 997f00815e6b of central on my Linux system and ran it with ./mach run it would crash here while the browser was starting:

#0  mozilla::a11y::nsAccUtils::IsTextInterfaceSupportCorrect(mozilla::a11y::LocalAccessible*) (aAccessible=0x7fcb6b5a96d0)
    at /mnt/dev/moz/memshrink/accessible/base/nsAccUtils.cpp:361
#1  0x00007fcb7eee33c7 in getRoleCB(_AtkObject*) (aAtkObj=0x7fcb600cbbf0)
    at /mnt/dev/moz/memshrink/accessible/atk/AccessibleWrap.cpp:586
#2  0x00007fcb8379a70c in  ()
    at /usr/lib/x86_64-linux-gnu/libatk-bridge-2.0.so.0
#3  0x00007fcb832a01b8 in g_hash_table_foreach ()
    at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007fcb8379ad15 in  ()
    at /usr/lib/x86_64-linux-gnu/libatk-bridge-2.0.so.0
#5  0x00007fcb837a5545 in  ()
    at /usr/lib/x86_64-linux-gnu/libatk-bridge-2.0.so.0
#6  0x00007fcb82c4944d in  () at /lib/x86_64-linux-gnu/libdbus-1.so.3
#7  0x00007fcb82c39b04 in dbus_connection_dispatch ()
    at /lib/x86_64-linux-gnu/libdbus-1.so.3
#8  0x00007fcb82c066d9 in  () at /usr/lib/x86_64-linux-gnu/libatspi.so.0
#9  0x00007fcb832b217d in g_main_context_dispatch ()
    at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#10 0x00007fcb832b2400 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#11 0x00007fcb832b24a3 in g_main_context_iteration ()
    at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x00007fcb7d910490 in nsAppShell::ProcessNextNativeEvent(bool)
    (this=<optimised out>, mayWait=false)
    at /mnt/dev/moz/memshrink/widget/gtk/nsAppShell.cpp:247
#13 0x00007fcb7d877eeb in nsBaseAppShell::DoProcessNextNativeEvent(bool)
    (this=0x7fcb71405430, mayWait=false)
    at /mnt/dev/moz/memshrink/widget/nsBaseAppShell.cpp:120
#14 nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, bool)
    (this=0x7fcb71405430, thr=0x7fcb8511ea00, mayWait=false)
    at /mnt/dev/moz/memshrink/widget/nsBaseAppShell.cpp:248
#15 0x00007fcb7d87809d in non-virtual thunk to nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, bool) ()
    at /mnt/dev/moz/memshrink/objdir-test/dist/include/nsCharTraits.h:260
#16 0x00007fcb7951e9d5 in nsThread::ProcessNextEvent(bool, bool*)
    (this=0x7fcb8511ea00, aMayWait=false, aResult=0x7ffe6ac45c9f)
    at /mnt/dev/moz/memshrink/xpcom/threads/nsThread.cpp:1068

https://searchfox.org/mozilla-central/source/accessible/base/nsAccUtils.cpp#361

But there's no problem if I either, run the browser with an existing profile or build it in debug mode. In other words I seem to need both a new profile and non-debug mode to trigger this problem, which is maybe why I'm not noticing this with nightly because it already has a profile?

I can't reproduce it in mozregression, so it seems to be something about how I'm building Firefox also.

Assignee: nobody → pbone
Status: NEW → ASSIGNED
Pushed by pbone@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/7c3ea3514425
Check for null before dereferencing child r=eeejay

https://hg.mozilla.org/mozilla-central/rev/7c3ea3514425

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox91: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 91 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: