crash in nsAccessibleHyperText ? [@ nsAccessibleHyperText]

RESOLVED DUPLICATE of bug 237957

Status

()

--
critical
RESOLVED DUPLICATE of bug 237957
15 years ago
8 years ago

People

(Reporter: basic, Assigned: Louie.Zhao)

Tracking

({crash, topcrash})

Trunk
x86
Linux
crash, topcrash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

Attachments

(1 attachment)

(Reporter)

Description

15 years ago
Debug Build With accessibility turned on (optimised build also has this problem)
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040328 Firefox/0.8.0+

1. go to http://www.xullum.net/mg/
2. click on the image
3. crash

if accessibility is turned off, it does not crash.
(Reporter)

Comment 1

15 years ago
Created attachment 144962 [details]
partial stack trace

here's a partial stack trace
(Reporter)

Updated

15 years ago
Attachment #144962 - Attachment mime type: application/octet-stream → text/plain
(Reporter)

Updated

15 years ago
Severity: normal → critical
Assignee: general → aaronleventhal
Component: Browser-General → Accessibility APIs
QA Contact: general → core.accessibility-apis

Updated

15 years ago
Keywords: crash
This is one of the top crashes in early talkback data from gtk2 Firefox builds.
 Here's a stack trace of the interesting bits, from loading
http://www.smartmoney.com/:

#0  nsAccessibleHyperText (this=0x8f05f5c, aDomNode=0x8f04ce0, aShell=0x0)
    at /builds/mozilla/trunk/mozilla/accessible/src/atk/nsAccessibleHyperText.cpp:78
#1  0x070843b3 in nsHTMLTableCellAccessibleWrap (this=0x8f05f28,
    aDomNode=0x8f04ce0, aShell=0x8a7c240)
#2  0x070671f0 in
nsAccessibilityService::CreateHTMLTableCellAccessible(nsISupports*,
nsIAccessible**) (this=0x88e4b30, aFrame=0x8f04e8c, _retval=0x0)
#3  0x011d96aa in nsTableCellFrame::GetAccessible(nsIAccessible**) (
    this=0x8f04e8c, aAccessible=0xbfef74b0) at nsCOMPtr.h:710
#4  0x070690a3 in nsAccessibilityService::GetAccessible(nsIDOMNode*,
nsIPresShell*, nsIWeakReference*, nsIAccessible**) (this=0x88e4b30, aNode=0x8f04ce0,
    aPresShell=0x8a7bb88, aWeakShell=0x8a7c240, aAccessible=0xbfef75d0)
#5  0x07068ab5 in nsAccessibilityService::GetAccessibleInWeakShell(nsIDOMNode*,
nsIWeakReference*, nsIAccessible**) (this=0x88e4b30, aNode=0x8f04ce0,
    aWeakShell=0x8a7c240, aAccessible=0xbfef75d0) at nsCOMPtr.h:704

I think the aShell == 0x0 is bogus on the first frame.  However, what I do see
is that nsAccessible::GetParentBlockFrame returns null, and we don't check the
result.  I'd like to understand better what this code is doing before papering
over it with a null check.  Anyone know?
Keywords: topcrash
Summary: crash in nsAccessibleHyperText ? → crash in nsAccessibleHyperText ? [@ nsAccessibleHyperText]

Comment 3

15 years ago
Louie already made a patch against the null pointer issue. Louie, I can't
remember whether you have already posted your patch in another bug? Another
issue should be fixed is accessibility should not be turned on by default at
run-time.
Assignee: aaronleventhal → Louie.Zhao
(Assignee)

Comment 4

15 years ago
This accessbility bug is filed in
http://bugzilla.mozilla.org/show_bug.cgi?id=237957. Due to bug 238957,
accessibility feature is enabled by default; After bug238957 is fixed, this bug
will disappear in default build.

Comment 5

15 years ago
okay, dup to 237957 which already has a patch and got r=/sr=.

*** This bug has been marked as a duplicate of 237957 ***
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE
Crash Signature: [@ nsAccessibleHyperText]
You need to log in before you can comment on or make changes to this bug.