Closed
Bug 1822544
Opened 1 year ago
Closed 1 year ago
Crash in [@ mozilla::a11y::Accessible::IsOuterDoc]
Categories
(Core :: Disability Access APIs, defect)
Tracking
()
RESOLVED
FIXED
113 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr102 | --- | unaffected |
| firefox111 | --- | unaffected |
| firefox112 | --- | fixed |
| firefox113 | --- | fixed |
People
(Reporter: RyanVM, Assigned: eeejay)
References
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
diannaS
:
approval-mozilla-beta+
|
Details | Review |
We fixed crashes with this signature back in the Fx109 timeframe, but we're seeing other macOS crashes more recently.
Crash report: https://crash-stats.mozilla.org/report/index/24e152f6-582d-467b-8c14-b1f6a0230315
Reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Top 10 frames of crashing thread:
0 XUL mozilla::a11y::Accessible::IsOuterDoc const accessible/basetypes/Accessible.h:531
0 XUL mozilla::a11y::TextLeafPoint::TextLeafPoint accessible/base/TextLeafRange.cpp:582
1 XUL mozilla::a11y::TextLeafPoint::TextLeafPoint accessible/base/TextLeafRange.cpp:579
1 XUL mozilla::a11y::TextLeafRange::Iterator::BeginIterator accessible/base/TextLeafRange.cpp:1868
2 XUL mozilla::a11y::TextLeafRange::begin const accessible/base/TextLeafRange.h:339
2 XUL mozilla::a11y::CachedTextMarkerRange::Length const accessible/mac/CachedTextMarker.mm:356
3 XUL mozilla::a11y::GeckoTextMarkerRange::Length const accessible/mac/GeckoTextMarker.h:187
3 XUL -[MOXTextMarkerDelegate moxLengthForTextMarkerRange:] accessible/mac/MOXTextMarkerDelegate.mm:259
4 XUL -[MOXAccessibleBase accessibilityAttributeValue:forParameter:] accessible/mac/MOXAccessibleBase.mm:359
5 AppKit ___NSAccessibilityEntryPointValueForAttributeWithParameter_block_invoke.777
Flags: needinfo?(eitan)
|
Assignee | |
Comment 1•1 year ago
|
||
We are not promised a valid range from an external-facing API.
We already check if the range is valid for other operations.
|
||
Updated•1 year ago
|
Assignee: nobody → eitan
Status: NEW → ASSIGNED
|
|
Assignee | |
Updated•1 year ago
|
Flags: needinfo?(eitan)
Pushed by eisaacson@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/de3c876412c6 Return 0 for length of invalid range. r=Jamie
|
||
Comment 3•1 year ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox113:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 113 Branch
|
Reporter | |
Comment 4•1 year ago
|
||
Please nominate this for Beta approval when you get a chance.
status-firefox111:
--- → unaffected
status-firefox112:
--- → affected
status-firefox-esr102:
--- → unaffected
Flags: needinfo?(eitan)
|
|
Assignee | |
Comment 5•1 year ago
|
||
Comment on attachment 9323306 [details]
Bug 1822544 - Return 0 for length of invalid range. r?Jamie!
Beta/Release Uplift Approval Request
- User impact if declined: Crash
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This is a simple early return for invalid platform input
- String changes made/needed:
- Is Android affected?: No
Flags: needinfo?(eitan)
Attachment #9323306 -
Flags: approval-mozilla-beta?
|
||
Comment 6•1 year ago
|
||
Comment on attachment 9323306 [details]
Bug 1822544 - Return 0 for length of invalid range. r?Jamie!
Approved for 112.0b5
Attachment #9323306 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
||
Comment 7•1 year ago
|
||
| bugherder uplift | ||
You need to log in
before you can comment on or make changes to this bug.
Description
•