1733553 - Crash in [@ nsLineBox::IndexOf]

Status: RESOLVED DUPLICATE of bug 1733047

(Core :: Disability Access APIs, defect)

Description

[:gerard-majax]

Crash report: https://crash-stats.mozilla.org/report/index/6e8796ed-29f7-4355-9304-a04d30211001

Reason: SIGSEGV / SEGV_MAPERR

Top 10 frames of crashing thread:

0 libxul.so nsLineBox::IndexOf const layout/generic/nsLineBox.cpp:296
1 libxul.so nsLineBox::Contains const layout/generic/nsLineBox.h:546
2 libxul.so mozilla::a11y::HyperTextAccessible::CaretLineNumber accessible/generic/HyperTextAccessible.cpp:1824
3 libxul.so mozilla::a11y::HyperTextAccessible::NativeAttributes accessible/generic/HyperTextAccessible.cpp:1463
4 libxul.so mozilla::a11y::LocalAccessible::Attributes accessible/generic/LocalAccessible.cpp:985
5 libxul.so mozilla::a11y::DocAccessible::Attributes accessible/generic/DocAccessible.cpp:264
6 libxul.so mozilla::a11y::DocAccessibleWrap::CacheFocusPath accessible/android/DocAccessibleWrap.cpp:242
7 libxul.so mozilla::a11y::AccessibleWrap::HandleAccEvent accessible/android/AccessibleWrap.cpp:71
8 libxul.so mozilla::a11y::DocAccessibleWrap::HandleAccEvent accessible/android/DocAccessibleWrap.cpp:81
9 libxul.so nsEventShell::FireEvent accessible/base/nsEventShell.cpp:54

STR:

• Open an email in Fastmail
• Type a reply
• Tap Send

Also:

• Send a new email in Fastmail
• Type a few words
• Tap Send

Repro'd three times in a row here.

Comment 1

[BugBot [:suhaib / :marco/ :calixte]]

The Bugbug bot thinks this bug should belong to the 'Core::Disability Access APIs' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Comment 2

[Pascal Chevrel (relman team) -> :pascalc]

Likely to be bug 1732674 which was backed out

Comment 3

[Jonathan Kew [:jfkthame]]

(In reply to Pascal Chevrel:pascalc from comment #2)

Likely to be bug 1732674 which was backed out

Yes, that's a pretty safe bet here. This is simply the Android signature corresponding to bug 1733047 on Windows.

(Useful to know that it reproduces on that platform as well, given that 1733047 looked like it might be affecting Windows only.)

Comment 4

[:gerard-majax]

I'm waiting on the new build to come out of Play Store and will verify whether this is fixed by the backout.

Comment 5

[:gerard-majax]

I just received Nightly buildid 20210930143854 that contains the backout of bug 1732674, and I can confirm I'm now unable to repro the issue.

Comment 6

[Jonathan Kew [:jfkthame]]

I've been trying to investigate this (using a build with the patch that was later backed out), but unable to reproduce the crash locally so far. From the stack in comment 0 it looks like this is related to accessibility features of some kind. I've tried turning on some accessibility features, but no crash yet.

Alexandre, could you please let me know whether you have specific accessibility software or features enabled/installed that might help reproduce this problem? Thanks.

Comment 7

[:gerard-majax]

(In reply to Jonathan Kew (:jfkthame) from comment #6)

I've been trying to investigate this (using a build with the patch that was later backed out), but unable to reproduce the crash locally so far. From the stack in comment 0 it looks like this is related to accessibility features of some kind. I've tried turning on some accessibility features, but no crash yet.

Alexandre, could you please let me know whether you have specific accessibility software or features enabled/installed that might help reproduce this problem? Thanks.

Unfortunately, no, I have absolutely nothing like that enabled. Stock Nightly on Android (stock Sony Xperia XZ2 Compact) with basically only UBlock and BitWarden enabled, absolutely nothing fancy here.

Comment 8

[Jonathan Kew [:jfkthame]]

OK, thanks for confirming that.

Comment 9

[:gerard-majax]

(In reply to Jonathan Kew (:jfkthame) from comment #8)

OK, thanks for confirming that.

Could it be Bitwarden trying to do things with a11y here? For password field filling for example.