Crash in [@ mozilla::dom::BrowserParent::GetTopLevelDocAccessible]
Categories
(Core :: Disability Access APIs, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr91 | --- | unaffected |
| firefox99 | --- | wontfix |
| firefox100 | --- | fixed |
| firefox101 | --- | fixed |
People
(Reporter: gsvelto, Assigned: Jamie)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
diannaS
:
approval-mozilla-release+
|
Details | Review |
Crash report: https://crash-stats.mozilla.org/report/index/70ee8673-aada-4dae-a155-e99860220324
Reason: SIGSEGV / SEGV_MAPERR
Top 10 frames of crashing thread:
0 libxul.so mozilla::dom::BrowserParent::GetTopLevelDocAccessible const dom/ipc/BrowserParent.cpp:437
1 libxul.so mozilla::a11y::RootAccessible::GetPrimaryRemoteTopLevelContentDoc const accessible/generic/RootAccessible.cpp:702
2 libxul.so mozilla::a11y::RootAccessibleWrap::FindAccessibleById accessible/android/RootAccessibleWrap.cpp:48
3 libxul.so nsAppShell::LambdaEvent<mozilla::a11y::SessionAccessibility::GetNodeInfo widget/android/nsAppShell.h:71
4 libxul.so nsAppShell::LambdaEvent<nsAppShell::SyncRunEvent widget/android/nsAppShell.h:71
5 libxul.so NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:467
6 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:85
7 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:306
8 libxul.so nsBaseAppShell::Run widget/nsBaseAppShell.cpp:137
9 libxul.so nsAppStartup::Run toolkit/components/startup/nsAppStartup.cpp:295
Null pointer access in a11y code, possibly a regression.
|
Assignee | |
Comment 1•2 years ago
|
||
We don't see it in the stack, but in the middle is a call to BrowserHost::GetTopLevelDocAccessible, which doesn't null check mRoot (the BrowserParent) before calling GetTopLevelDocAccessible on it. My guess is that mRoot on the BrowserHost is null. I guess that indicates that the remote browser is being replaced.
There are a bunch of other methods that don't null check mRoot either, but there are some that do.
|
|
Assignee | |
Comment 2•2 years ago
|
||
|
||
Updated•2 years ago
|
Pushed by jteh@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/0bcad14b3c3a BrowserHost::GetTopLevelDocAccessible: Return null if mRoot is null. r=eeejay
|
||
Comment 4•2 years ago
|
||
| bugherder | ||
|
||
Updated•2 years ago
|
|
|
Assignee | |
Comment 5•2 years ago
•
|
||
Comment on attachment 9269617 [details]
Bug 1761469: BrowserHost::GetTopLevelDocAccessible: Return null if mRoot is null.
Beta/Release Uplift Approval Request
- User impact if declined: Crashes.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Simple null check.
- String changes made/needed:
- Is Android affected?: Yes
|
|
Assignee | |
Comment 6•2 years ago
|
||
Oops. I edited my request to note that Android is affected.
|
||
Comment 7•2 years ago
|
||
Comment on attachment 9269617 [details]
Bug 1761469: BrowserHost::GetTopLevelDocAccessible: Return null if mRoot is null.
Approved for 100.0rc2
|
|
||
Comment 8•2 years ago
|
||
| bugherder uplift | ||
Description
•