Closed Bug 1949617 Opened 6 months ago Closed 6 months ago

Crash in [@ mozilla::StaticPrefs::accessibility_uia_enable]

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Platform:
Unspecified
Windows 11
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
137 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- wontfix
firefox-esr128 --- wontfix
firefox135 --- wontfix
firefox136 --- wontfix
firefox137 --- fixed

People

(Reporter: mccr8, Assigned: Jamie)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1949617: Return an error if QueryInterface is called on MsaaRootAccessible or LazyInstantiator from the wrong thread.
48 bytes, text/x-phabricator-request
Details | Review

Crash report: https://crash-stats.mozilla.org/report/index/355a9065-3753-483d-95c8-f0f280250220

MOZ_CRASH Reason:

MOZ_DIAGNOSTIC_ASSERT(IsAtomic<bool>::value || NS_IsMainThread()) (Non-atomic static pref 'accessibility.uia.enable' being accessed on background thread by getter)

Top 10 frames:

0  xul.dll  mozilla::StaticPrefs::accessibility_uia_enable()  modules/libpref/init/StaticPrefList_accessibility.h:66
0  xul.dll  mozilla::a11y::MsaaRootAccessible::InternalQueryInterface(_GUID const&, void**)  accessible/windows/msaa/MsaaRootAccessible.cpp:40
1  combase.dll  CStdMarshal::CreateStub(tagIPIDEntry*, IRpcStubBuffer**, void**, int*, IUnkno...  onecore\com\combase\dcomrem\marshal.cxx:6908
2  combase.dll  CStdMarshal::ConnectSrvIPIDEntry(tagIPIDEntry*, IUnknown*)  onecore\com\combase\dcomrem\marshal.cxx:2927
2  combase.dll  CStdMarshal::MarshalServerIPID(_GUID const&, unsigned long, unsigned long, bo...  onecore\com\combase\dcomrem\marshal.cxx:1794
2  combase.dll  CStdMarshal::MarshalIPID(_GUID const&, unsigned long, unsigned long, bool, ta...  onecore\com\combase\dcomrem\marshal.cxx:1645
2  combase.dll  CRemoteUnknown::RemQueryInterface(_GUID const&, unsigned long, unsigned short...  onecore\com\combase\dcomrem\remoteu.cxx:527
3  rpcrt4.dll  Invoke
4  rpcrt4.dll  NdrStubCall2
5  rpcrt4.dll  NdrStubCall3

This showed up on the Nightly crash spike report. It looks like this pref needs to be made atomic.

The Nightly crashes are all via MsaaRootAccessible::InternalQueryInterface.

There are also a few similar crashes on beta, via LazyInstantiator::QueryInterface: bp-ae2f5810-3ba7-4e9b-89e5-dd2180250216

Although bug 1896816 suggests the problem might be this code running off the main thread in the first place.

See Also: → 1896816

This is really odd. The COM marshaler is making this call. However, we only ever hand back MsaaRootAccessible from a COM STA (our main thread), which means COM should never call us on anything other than that thread.

The COM marshaler seems to do this sometimes, possibly to determine whether this is a COM proxy.
Our implementation can't be used off the main thread, so just return an error.

Assignee: nobody → jteh
Status: NEW → ASSIGNED
Pushed by jteh@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/37ca140f5820 Return an error if QueryInterface is called on MsaaRootAccessible or LazyInstantiator from the wrong thread. r=nlapre
Severity: -- → S4

https://hg.mozilla.org/mozilla-central/rev/37ca140f5820

Status: ASSIGNED → RESOLVED
Closed: 6 months ago
status-firefox137: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 137 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: