Crash in [@ mozilla::a11y::Accessible::IsOuterDoc]
Categories
(Core :: Disability Access APIs, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr102 | --- | unaffected |
firefox107 | --- | unaffected |
firefox108 | --- | unaffected |
firefox109 | --- | fixed |
People
(Reporter: aryx, Assigned: Jamie)
References
Details
(Keywords: crash, topcrash, Whiteboard: [ctw-m4])
Crash Data
Attachments
(1 file)
Crash signature existed before Firefox 109.0a1 but the crash volume with 15 crashes from 5 (Linux) installations for 109.0a1 already eclipsed previous versions.
Crash report: https://crash-stats.mozilla.org/report/index/39de5fa5-8d24-4b7e-85b8-39f2e0221122
Comment from one crash report: "Searched for a term on google. After typing search query into the text entry I haven't submitted the form but pressed alt+d to jump to the address bar. From there I have used tab and shift+tab in random order to quickly navigate inside and outside of the document. After several jumps Firefox has crashed"
Reason: SIGSEGV / SEGV_MAPERR
Top 10 frames of crashing thread:
0 libxul.so mozilla::a11y::Accessible::IsOuterDoc const accessible/basetypes/Accessible.h:528
0 libxul.so mozilla::a11y::TextLeafPoint::TextLeafPoint accessible/base/TextLeafRange.cpp:476
1 libxul.so mozilla::a11y::TextLeafPoint::FindBoundary const accessible/base/TextLeafRange.cpp:925
2 libxul.so mozilla::a11y::HyperTextAccessibleBase::TextBounds accessible/basetypes/HyperTextAccessibleBase.cpp:210
3 libxul.so mozilla::a11y::RemoteAccessible::TextBounds accessible/ipc/other/RemoteAccessible.cpp:276
4 libxul.so getRangeExtentsCB accessible/atk/nsMaiInterfaceText.cpp:387
5 libatk-bridge-2.0.so.0 impl_GetRangeExtents /usr/src/debug/at-spi2-core/atk-adaptor/adaptors/text-adaptor.c:676
6 libatk-bridge-2.0.so.0 handle_other /usr/src/debug/at-spi2-core/droute/droute.c:562
6 libatk-bridge-2.0.so.0 handle_message /usr/src/debug/at-spi2-core/droute/droute.c:609
7 libdbus-1.so.3 _dbus_object_tree_dispatch_and_unlock /build/dbus/src/dbus/dbus/dbus-object-tree.c:1021
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 1•2 years ago
|
||
From Peter Vágner on Matrix:
I have finally found clear steps to reproduce my @ mozilla::a11y::Accessible::IsOuterDoc crashes.
- Launch orca and firefox
- Open any github project page such as nvaccess/nvda
- Press ctrl+a
- Then press down arrow key
- And observe the crash
Comment 2•2 years ago
|
||
Further thoughts on the steps to reproduce:
- After selecting all the text on github orca is in browse mode
- Pressing down arrow key instructs orca to read the next line in relation to the initial position.
- When nothing is selected I can use orca features to read by line
- When everything or more content than the single paragraph is selected before moving using orca features, I can trigger the crash.
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 3•2 years ago
|
||
Peter, could you give this try build a spin and see if it fixes the issue for you? Thanks.
Comment 4•2 years ago
|
||
(In reply to James Teh [:Jamie] from comment #3)
Peter, could you give this try build a spin and see if it fixes the issue for you? Thanks.
Thank you.
With this build I can't make it crash with my clear steps nightly is crashing on.
I am keeping it running as my main browser window to see if I will be able to discover some crashes during my daily work.
Comment 5•2 years ago
|
||
The bug is linked to a topcrash signature, which matches the following criterion:
- Top 10 desktop browser crashes on nightly
:Jamie, could you consider increasing the severity of this top-crash bug?
For more information, please visit auto_nag documentation.
Comment 7•2 years ago
|
||
No other crashes on my side so far and still running the try build from comment #3
Assignee | ||
Comment 8•2 years ago
|
||
Okay. Thanks. I have a working patch then, but I still need to write an automated test and get it reviewed. I'll do that tomorrow.
Assignee | ||
Comment 9•2 years ago
|
||
This was causing crashes with Orca in some cases.
Comment 10•2 years ago
|
||
Comment 11•2 years ago
|
||
bugherder |
Comment 12•2 years ago
|
||
The patch landed in nightly and beta is affected.
:Jamie, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox108
towontfix
.
For more information, please visit auto_nag documentation.
Updated•2 years ago
|
Comment 13•2 years ago
|
||
For some reason, I'm still experiencing this crash in the recent Firefox nightlies.
Assignee | ||
Comment 14•2 years ago
|
||
Tobias, are you on Mac? It looks like there are some crashes with this signature on Mac, though they have a different cause.
Eitan, there are crashes like this:
bp-884b2178-8bf7-4909-a442-3c34c0230309
It looks like the Mac text code might be trying to poke an invalid TextLeafPoint; i.e. mAcc is null?
Comment 15•2 years ago
|
||
(In reply to James Teh [:Jamie] from comment #14)
Tobias, are you on Mac? It looks like there are some crashes with this signature on Mac, though they have a different cause.
Yes, I'm on a mac.
Description
•