Closed Bug 1746827 Opened 4 years ago Closed 4 years ago

Crash in [@ PLDHashTable::Search | mozilla::a11y::RemoteAccessibleBase<T>::MinValue]

Tracking

()

Status:

RESOLVED FIXED

Milestone:

97 Branch

Tracking Flags:

Tracking

Status

firefox-esr91

---

unaffected

firefox95

---

disabled

firefox96

---

disabled

firefox97

---

disabled

People

(Reporter: Jamie, Assigned: Jamie)

References

(Regression)

Details

(Keywords: crash, regression, Whiteboard: [ctw-m0])

Crash Data

Attachments

(1 file)

Bug 1746827: Null check mCachedFields in RemoteAccessibleBase::Min/Cur/MaxValue/Step. 4 years ago James Teh [:Jamie] 48 bytes, text/x-phabricator-request		Details \| Review

James Teh [:Jamie]

Assignee

Description

•

4 years ago

Crash report: https://crash-stats.mozilla.org/report/index/1bb09768-7ebe-43c5-acc4-1e67c0211216

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0 xul.dll PLDHashTable::Search const xpcom/ds/PLDHashTable.cpp:496
1 xul.dll mozilla::a11y::RemoteAccessibleBase<mozilla::a11y::RemoteAccessible>::MinValue const accessible/ipc/RemoteAccessibleBase.cpp:221
2 xul.dll mozilla::a11y::ia2AccessibleValue::get_minimumValue accessible/windows/ia2/ia2AccessibleValue.cpp:118
3 fsdomnodefirefoxmp.dll fsdomnodefirefoxmp.dll@0x0000000000032f3a 
4 ntdll.dll RtlpFreeHeapInternal 
5 ntdll.dll RtlFreeHeap 
6 None @0x000000e129ffb4f7 
7 fsdomnodefirefoxmp.dll fsdomnodefirefoxmp.dll@0x00000000000319b0 
8 fsdomnodefirefoxmp.dll fsdomnodefirefoxmp.dll@0x0000000000003e33 
9 fsdomnodefirefoxmp.dll fsdomnodefirefoxmp.dll@0x00000000000508cf

I'm fairly sure this happens because RemoteAccessibleBase::Min/Cur/MaxValue doesn't null check mCachedFields. I wasn't able to come up with a test case that reproduces this, since it's actually pretty hard to end up with no cached fields now.

James Teh [:Jamie]

Assignee

Updated

•

4 years ago

status-firefox95: --- → disabled

status-firefox96: --- → disabled

status-firefox97: --- → disabled

status-firefox-esr91: --- → unaffected

James Teh [:Jamie]

Assignee

Comment 1

•

4 years ago

Attached file Bug 1746827: Null check mCachedFields in RemoteAccessibleBase::Min/Cur/MaxValue/Step. — Details

It's rare that mCachedFields is null now, but it seems it can still happen.

Pulsebot

Comment 2

•

4 years ago

Pushed by jteh@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/3a50c2e5557f Null check mCachedFields in RemoteAccessibleBase::Min/Cur/MaxValue/Step. r=eeejay

Marian-Vasile Laza

Comment 3

•

4 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/3a50c2e5557f

Status: NEW → RESOLVED

Closed: 4 years ago

Resolution: --- → FIXED

Target Milestone: --- → 97 Branch

James Teh [:Jamie]

Assignee

Updated

•

4 years ago

Whiteboard: [ctw-m0]

BMO Automation

Updated

•

4 years ago

Has Regression Range: --- → yes

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Crash in [@ PLDHashTable::Search | mozilla::a11y::RemoteAccessibleBase<T>::MinValue]

Categories

(Core :: Disability Access APIs, defect, P1)

Tracking

()

People

(Reporter: Jamie, Assigned: Jamie)

References

(Regression)

Details

(Keywords: crash, regression, Whiteboard: [ctw-m0])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Comment 1

Comment 2

Comment 3

Updated

Updated

Attachment

General

Description

File Name

Content Type