Closed
Bug 1820069
Opened 2 years ago
Closed 2 years ago
[CTW] Crash in [@ mozilla::detail::InvalidArrayIndex_CRASH | nsTArray_Impl<T>::ElementAt | mozilla::a11y::TextLeafPoint::CharBounds]
Categories
(Core :: Disability Access APIs, defect, P1)
Core
Disability Access APIs
Tracking
()
RESOLVED
FIXED
112 Branch
Tracking | Status | |
---|---|---|
firefox-esr102 | --- | unaffected |
firefox110 | --- | wontfix |
firefox111 | --- | wontfix |
firefox112 | --- | fixed |
People
(Reporter: Jamie, Assigned: Jamie)
References
Details
(Keywords: crash, Whiteboard: [ctw-m5])
Crash Data
Attachments
(1 file)
Crash report: https://crash-stats.mozilla.org/report/index/e68e7f71-e875-45eb-ad0d-783730230303
Reason: EXCEPTION_BREAKPOINT
Top 10 frames of crashing thread:
0 mozglue.dll MOZ_Crash mfbt/Assertions.h:261
0 mozglue.dll mozilla::detail::InvalidArrayIndex_CRASH mfbt/Assertions.cpp:50
1 xul.dll nsTArray_Impl<nsRect, nsTArrayInfallibleAllocator>::ElementAt xpcom/ds/nsTArray.h:1194
1 xul.dll mozilla::a11y::TextLeafPoint::CharBounds accessible/base/TextLeafRange.cpp:1674
2 xul.dll mozilla::a11y::HyperTextAccessibleBase::CharBounds accessible/basetypes/HyperTextAccessibleBase.cpp:219
3 xul.dll mozilla::a11y::ia2AccessibleText::get_characterExtents accessible/windows/ia2/ia2AccessibleText.cpp:120
4 rpcrt4.dll Invoke
5 rpcrt4.dll NdrStubCall2
6 combase.dll CStdStubBuffer_Invoke onecore\com\combase\ndr\ndrole\stub.cxx:1552
7 rpcrt4.dll CStdStubBuffer_Invoke
This occurs when calling HyperTextAccessibleBase::CharBounds with TEXT_OFFSET_CARET on a cached RemoteAccessible. We need to convert these magic offsets like we do in other HyperText functions.
Assignee | ||
Comment 1•2 years ago
|
||
- HyperTextAccessibleBase::CharBounds didn't have code to support magic offsets (like TEXT_OFFSET_CARET) at all, resulting in a crash.
- HyperTextAccessibleBase::TextBounds handled the end offset being a magic offset, but not the start offset.
- HyperTextAccessible::CharBounds assumed it could just add 1 to the start offset to pass to TextBounds, which resulted in returning the rect from the caret to the end of the container, since length (-1) is caret (-2) + 1.
This patch addresses all three of these issues.
Pushed by jteh@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/cc49a4388379 Fix handling of magic offsets in HyperTextAccessible*::Char/TextBounds. r=morgan
Comment 3•2 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox112:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 112 Branch
Updated•2 years ago
|
status-firefox110:
--- → wontfix
status-firefox111:
--- → wontfix
status-firefox-esr102:
--- → unaffected
You need to log in
before you can comment on or make changes to this bug.
Description
•