Closed Bug 1734541 Opened 3 years ago Closed 3 years ago

Crash in [@ mozilla::a11y::PDocAccessibleChild::SendCache]

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
95 Branch
Tracking Flags:
Tracking Status
firefox-esr78 --- unaffected
firefox-esr91 --- unaffected
firefox92 --- unaffected
firefox93 --- unaffected
firefox94 --- unaffected
firefox95 --- fixed

People

(Reporter: calixte, Assigned: morgan)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Bug 1734541: Verify IPC doc exists before sending resolution update r?Jamie
48 bytes, text/x-phabricator-request
Details | Review

Maybe Fission related. (DOMFissionEnabled=1)

Crash report: https://crash-stats.mozilla.org/report/index/62b31cbf-c110-4f46-94a6-eb3210211006

Reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS

Top 10 frames of crashing thread:

0 XUL mozilla::a11y::PDocAccessibleChild::SendCache ipc/ipdl/PDocAccessibleChild.cpp:684
1 XUL nsAccessibilityService::NotifyOfResolutionChange accessible/base/nsAccessibilityService.cpp:410
2 XUL mozilla::PresShell::SetResolutionAndScaleTo layout/base/PresShell.cpp:5422
3 XUL mozilla::ScrollFrameHelper::RestoreState layout/generic/nsGfxScrollFrame.cpp:7333
4 XUL {virtual override thunk} 
5 XUL nsCSSFrameConstructor::InitAndRestoreFrame layout/base/nsCSSFrameConstructor.cpp:4669
6 XUL nsCSSFrameConstructor::BeginBuildingScrollFrame layout/base/nsCSSFrameConstructor.cpp:4239
7 XUL nsCSSFrameConstructor::ContentRangeInserted layout/base/nsCSSFrameConstructor.cpp:6986
8 XUL mozilla::PresShell::Initialize layout/base/PresShell.cpp:1859
9 XUL mozilla::dom::PrototypeDocumentContentSink::DoneWalking dom/prototype/PrototypeDocumentContentSink.cpp:669

There is 1 crash in nightly 95 with buildid 20211006094130. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1726227.

[1] https://hg.mozilla.org/mozilla-central/rev?node=3cfe5bd5d084

Flags: needinfo?(mreschenberg)

I didn't spot this in review :(, but I guess there's no reason nsAccessibilityService::NotifyOfResolutionChange can't be called before DocAccessible::DoInitialUpdate is called. In that case, the IPC document won't exist yet, nor will the initial cache push have occurred. A simple null check should suffice here, for now at least.

haha this crash report is mine :)
I'll put up a patch for this

Flags: needinfo?(mreschenberg)
Assignee: nobody → mreschenberg
Status: NEW → ASSIGNED
Pushed by mreschenberg@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a28e38db75a1
Verify IPC doc exists before sending resolution update r=Jamie

https://hg.mozilla.org/mozilla-central/rev/a28e38db75a1

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox95: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 95 Branch
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: