Closed Bug 1744150 Opened 2 years ago Closed 2 years ago

Crash in [@ mozilla::a11y::TextAttrsMgr::GetAttributes]

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
97 Branch
Tracking Flags:
Tracking Status
firefox-esr91 --- unaffected
firefox94 --- unaffected
firefox95 --- unaffected
firefox96 --- disabled
firefox97 --- fixed

People

(Reporter: mccr8, Assigned: Jamie)

References

(Regression)

Details

(Keywords: crash, regression)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/941eb967-e446-406e-8a42-399470211202

Reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS

Top 10 frames of crashing thread:

0 XUL mozilla::a11y::TextAttrsMgr::GetAttributes accessible/base/TextAttrs.cpp:71
1 XUL mozilla::a11y::TextLeafPoint::GetTextAttributesLocalAcc const accessible/base/TextLeafRange.cpp:823
2 XUL mozilla::a11y::LocalAccessible::BundleFieldsForCache accessible/generic/LocalAccessible.cpp:3222
3 XUL mozilla::a11y::DocAccessibleChildBase::InsertIntoIpcTree accessible/ipc/DocAccessibleChildBase.cpp:87
4 XUL mozilla::a11y::DocAccessible::DoInitialUpdate accessible/generic/DocAccessible.cpp:1528
5 XUL mozilla::a11y::DocAccessibleWrap::DoInitialUpdate accessible/mac/DocAccessibleWrap.mm:102
6 XUL mozilla::a11y::NotificationController::WillRefresh accessible/base/NotificationController.cpp:653
7 XUL nsRefreshDriver::Tick layout/base/nsRefreshDriver.cpp:2311
8 XUL mozilla::RefreshDriverTimer::TickRefreshDrivers layout/base/nsRefreshDriver.cpp:331
9 XUL mozilla::RefreshDriverTimer::Tick layout/base/nsRefreshDriver.cpp:347

Null deref. Maybe mHyperTextAcc is null?

Somehow, a TextLeafAccessible, HTMLListBulletAccessible or HTMLBRAccessible doesn't have a HyperTextAccessible parent. I didn't think that should be possible any more, but apparently it is. I guess we'll have to wallpaper this but leave an assertion there in hopes of catching the reason for this in future.

Assignee: nobody → jteh
status-firefox96: --- → disabled
Keywords: regression
Regressed by: 1730096
Has Regression Range: --- → yes

Marking s4 because this is behind a pref which is disabled by default on all channels.

Severity: S2 → S4

Set release status flags based on info from the regressing bug 1730096

status-firefox94: --- → unaffected
status-firefox95: --- → unaffected
status-firefox-esr91: --- → unaffected

Set release status flags based on info from the regressing bug 1730096

status-firefox97: --- → affected
Depends on: 1747164

Not seeing any crashes on Beta97. Are we thinking bug 1747164 fixed this?

Flags: needinfo?(jteh)

I thought bug 1747164 would fix this, but I wasn't 100% certain. Given that the crashes have gone away, I'd say it's almost certain bug 1747164 fixed it.

Status: NEW → RESOLVED
Closed: 2 years ago
Flags: needinfo?(jteh)
Resolution: --- → FIXED
status-firefox97: affectedfixed
Target Milestone: --- → 98 Branch
Target Milestone: 98 Branch → 97 Branch
You need to log in before you can comment on or make changes to this bug.