Closed Bug 1788597 Opened 3 months ago Closed 3 months ago

Crash in [@ mozilla::a11y::DocAccessible::ProcessQueuedCacheUpdates]

Categories

(Core :: Disability Access APIs, defect)

defect

Tracking

()

RESOLVED FIXED
106 Branch
Tracking Status
firefox-esr91 --- unaffected
firefox-esr102 --- unaffected
firefox104 --- unaffected
firefox105 --- unaffected
firefox106 + fixed

People

(Reporter: aryx, Assigned: morgan)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

4 crashes from 3 installations of Firefox 106.0a1 20220831093258 on Windows 11. Top of the stack got touched in bug 1726124 and bug 1786086.

Crash report: https://crash-stats.mozilla.org/report/index/8c960943-580b-43a7-9486-9f5d10220901

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0 xul.dll mozilla::a11y::DocAccessible::ProcessQueuedCacheUpdates accessible/generic/DocAccessible.cpp:1445
1 xul.dll mozilla::a11y::NotificationController::WillRefresh accessible/base/NotificationController.cpp:890
2 xul.dll nsRefreshDriver::Tick layout/base/nsRefreshDriver.cpp:2498
3 xul.dll mozilla::RefreshDriverTimer::TickRefreshDrivers layout/base/nsRefreshDriver.cpp:353
4 xul.dll mozilla::RefreshDriverTimer::Tick layout/base/nsRefreshDriver.cpp:369
5 xul.dll mozilla::VsyncRefreshDriverTimer::TickRefreshDriver layout/base/nsRefreshDriver.cpp:810
6 xul.dll mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsyncTimerOnMainThread layout/base/nsRefreshDriver.cpp:594
7 xul.dll mozilla::dom::VsyncMainChild::RecvNotify dom/ipc/VsyncMainChild.cpp:68
8 xul.dll mozilla::dom::PVsyncChild::OnMessageReceived ipc/ipdl/PVsyncChild.cpp:220
9 xul.dll mozilla::ipc::PBackgroundChild::OnMessageReceived ipc/ipdl/PBackgroundChild.cpp:6327
Flags: needinfo?(mreschenberg)

I guess one of the table instances is calling QueueCacheUpdate with a null acc? I wouldn't have thought a table part not having a table ancestor was something that happened in the wild, only in my twisted imagination (the aria-owns test case), but I guess it does somehow/somewhere?

This is the #1 overall Fenix Nightly topcrash at the moment, FWIW.

Assignee: nobody → mreschenberg
Status: NEW → ASSIGNED
Attachment #9292725 - Attachment description: Bug 1788597: Null check acc before creating cache update r?Jamie → Bug 1788597: Null check acc before creating cache update r?Jamie,nlapre,eeejay
Pushed by mreschenberg@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/050487abb54a
Null check acc before creating cache update r=nlapre
Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → 106 Branch
Flags: needinfo?(mreschenberg)
Blocks: 1788547
You need to log in before you can comment on or make changes to this bug.