Closed Bug 1789959 Opened 2 years ago Closed 2 years ago

Crash in [@ PLDHashTable::Iterator::Iterator | mozilla::a11y::xpcAccessible::GetCache]

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
109 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- wontfix
firefox107 --- wontfix
firefox108 --- wontfix
firefox109 --- fixed

People

(Reporter: Jamie, Assigned: Jamie)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1789959: Gracefully handle mCachedFields being null in xpcAccessible::GetCache.
48 bytes, text/x-phabricator-request
Details | Review

Morgan saw this when trying to use Dev Tools.

Crash report: https://crash-stats.mozilla.org/report/index/b46d3c1d-2650-40b8-8f98-096280220901

Reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS

Top 10 frames of crashing thread:

0 XUL PLDHashTable::Iterator::Iterator xpcom/ds/PLDHashTable.cpp:759
1 XUL mozilla::a11y::xpcAccessible::GetCache accessible/xpcom/xpcAccessible.cpp:384
2 XUL _NS_InvokeByIndex 
3 XUL XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:1125
4 XUL XPC_WN_GetterSetter js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1005
5 XUL js::Call js/src/vm/Interpreter.cpp:645
6 XUL js::DebuggerObject::call js/src/debugger/Object.cpp:2376
7 XUL js::DebuggerObject::CallData::callMethod js/src/debugger/Object.cpp:949
8 XUL js::DebuggerObject::CallData::ToNative<&js::DebuggerObject::CallData::callMethod js/src/debugger/Object.cpp:239
9 None @0x0000297133166b94

xpcAccessible::GetCache assumes mCachedFields won't be null, but it can be if we haven't received the cache yet or if the cache is disabled. We should null check.

Otherwise, we crash when inspecting RemoteAccessible objects in Dev Tools if the cache is disabled or hasn't been received yet.

Assignee: nobody → jteh
Status: NEW → ASSIGNED
Pushed by jteh@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2d625e5d6ff8
Gracefully handle mCachedFields being null in xpcAccessible::GetCache. r=nlapre

https://hg.mozilla.org/mozilla-central/rev/2d625e5d6ff8

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox109: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 109 Branch

The patch landed in nightly and beta is affected.
:Jamie, is this bug important enough to require an uplift?

  • If yes, please nominate the patch for beta approval.
  • If no, please set status-firefox108 to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(jteh)
status-firefox108: affectedwontfix
Flags: needinfo?(jteh)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: