Crash in [@ mozilla::a11y::IDRefsIterator::IDRefsIterator]
Categories
(Core :: Disability Access APIs, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr91 | --- | unaffected |
firefox-esr102 | --- | unaffected |
firefox103 | --- | unaffected |
firefox104 | --- | unaffected |
firefox105 | + | fixed |
People
(Reporter: gsvelto, Assigned: morgan)
References
(Regression)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
Crash report: https://crash-stats.mozilla.org/report/index/f26b3fc8-9597-4556-8f36-37e7f0220807
Reason: SIGSEGV / SEGV_MAPERR
Top 10 frames of crashing thread:
0 libxul.so mozilla::a11y::IDRefsIterator::IDRefsIterator accessible/base/AccIterator.cpp:215
1 libxul.so mozilla::a11y::LocalAccessible::BundleFieldsForCache accessible/generic/LocalAccessible.cpp:3591
2 libxul.so mozilla::a11y::LocalAccessible::SendCache accessible/generic/LocalAccessible.cpp:3119
3 libxul.so mozilla::a11y::DocAccessible::DoInitialUpdate accessible/generic/DocAccessible.cpp:1608
4 libxul.so mozilla::a11y::DocAccessibleWrap::DoInitialUpdate accessible/android/DocAccessibleWrap.cpp:66
5 libxul.so mozilla::a11y::NotificationController::WillRefresh accessible/base/NotificationController.cpp:678
6 libxul.so nsRefreshDriver::Tick layout/base/nsRefreshDriver.cpp:2498
7 libxul.so mozilla::RefreshDriverTimer::TickRefreshDrivers layout/base/nsRefreshDriver.cpp:353
8 libxul.so mozilla::RefreshDriverTimer::Tick layout/base/nsRefreshDriver.cpp:369
9 libxul.so mozilla::VsyncRefreshDriverTimer::TickRefreshDriver layout/base/nsRefreshDriver.cpp:810
This is a NULL-pointer dereference and at the moment seems to happen only on Fenix.
Comment 1•2 years ago
|
||
Jamie, do you think this IDRefsIterator crash could be a regression from your fix for CachedTableAccessible bug 1772476?
The first crash report is from build ID 20220803094413 and your fix for bug 1772476 is in that build ID's changelog:
Comment 2•2 years ago
|
||
No. It's a regression from bug 1774043. The relations cache push needs to null check mContent, probably as part of this if check.
Comment 3•2 years ago
|
||
Set release status flags based on info from the regressing bug 1774043
Updated•2 years ago
|
Assignee | ||
Comment 4•2 years ago
|
||
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Comment 5•2 years ago
|
||
:morgan is there currently anything blocking getting this patch reviewed and landed?
Assignee | ||
Comment 6•2 years ago
|
||
Just waiting on review. I'll shift this to someone else if eitan isn't able to get to it today.
Updated•2 years ago
|
Pushed by mreschenberg@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2f885b06f626 Null check mContent before attempting to process CacheDomain::Relations r=eeejay
Comment 8•2 years ago
|
||
bugherder |
Description
•