362445 - crash when opening and closing the find bar [@ nsAccessible::TextLength]

Status: RESOLVED FIXED

(Core :: Disability Access APIs, defect)

Description

[Nian Liu(n/a in a long time)]

1.press "/" to invoke search field
2.input some characters
3.press "ESC" to close search field
4.press "/" again

firefox crash

Comment 1

[Nian Liu(n/a in a long time)]

stack

#0  0x00c1a402 in ?? ()
#1  0x00823b86 in __nanosleep_nocancel () from /lib/libc.so.6
#2  0x008239a9 in sleep () from /lib/libc.so.6
#3  0x00285acc in ah_crap_handler (signum=11) at nsSigHandlers.cpp:134
#4  0x00298b38 in nsProfileLock::FatalSignalHandler (signo=11)
    at nsProfileLock.cpp:210
#5  <signal handler called>
#6  0x00eb4a73 in nsAccessible::TextLength (aAccessible=0x8e016f8)
    at nsAccessible.cpp:2822
#7  0x00edca1c in nsHyperTextAccessible::DOMPointToOffset (this=0x8e00328,
    aNode=0x8ee2cc4, aNodeOffset=1, aResult=0xbf990e58)
    at nsHyperTextAccessible.cpp:472
#8  0x00edd2c0 in nsHyperTextAccessible::GetCaretOffset (this=0x8e00328,
    aCaretOffset=0xbf990e58) at nsHyperTextAccessible.cpp:1300
#9  0x00ec744a in nsCaretAccessible::NotifySelectionChanged (this=0x8e04ca0,
    aDoc=0x8a1ef2c, aSel=0x911eb28, aReason=0) at nsCaretAccessible.cpp:208
#10 0x02cb700c in nsTypedSelection::NotifySelectionListeners (this=0x911eb28)
    at nsSelection.cpp:7380
#11 0x02cb7078 in nsFrameSelection::NotifySelectionListeners (this=0xdddddddd,
    aType=1) at nsSelection.cpp:2829
#12 0x02cbac47 in nsTypedSelection::AddRange (this=0x911eb28, aRange=0x8f54bf8)
    at nsSelection.cpp:5735
#13 0x02ce87cd in nsTextControlFrame::SetSelectionInternal (this=0x8ed1ae0,
---Type <return> to continue, or q <return> to quit---
    aStartNode=0x8ee2cc4, aStartOffset=0, aEndNode=0x8ee2cc4, aEndOffset=0)
    at nsTextControlFrame.cpp:2061
#14 0x02ce896a in nsTextControlFrame::SelectAllContents (this=0x8ed1ae0)
    at nsTextControlFrame.cpp:2089
#15 0x02ce8a1b in nsTextControlFrame::SetFormProperty (this=0x8ed1ae0,
    aName=0x86ed398, aValue=@0x38eab8) at nsTextControlFrame.cpp:1983
#16 0x02ebd6b9 in nsHTMLInputElement::SelectAll (this=0x8e46f40,
    aPresContext=0x8b60e70) at nsHTMLInputElement.cpp:1259
#17 0x02ec0e53 in nsHTMLInputElement::Select (this=0x8e46f40)
    at nsHTMLInputElement.cpp:1245
#18 0x00356805 in NS_InvokeByIndex () at xptiInterfaceInfo.cpp:273
#19 0x00e453dc in XPCWrappedNative::CallMethod (ccx=@0xbf991428,
    mode=XPCWrappedNative::CALL_METHOD) at xpcwrappednative.cpp:2162
#20 0x00e4d5cd in XPC_WN_CallMethod (cx=0x8ba2490, obj=0x8ec0258, argc=0,
    argv=0x907fa6c, vp=0xbf991570) at xpcwrappednativejsops.cpp:1455
#21 0x001c0fd4 in js_Invoke (cx=0x8ba2490, argc=0, flags=0) at jsinterp.c:1396
#22 0x001ccf29 in js_Interpret (cx=0x8ba2490, pc=Variable "pc" is not available.) at jsinterp.c:3948
#23 0x001c1045 in js_Invoke (cx=0x8ba2490, argc=1, flags=2) at jsinterp.c:1415
#24 0x00e409d7 in nsXPCWrappedJSClass::CallMethod (this=0x8b28d28,
    wrapper=0x8e057a0, methodIndex=3, info=0x8968250, nativeParams=0xbf991c00)
    at xpcwrappedjsclass.cpp:1419
#25 0x00e3ada4 in nsXPCWrappedJS::CallMethod (this=0x8e057a0, methodIndex=3,
    info=0x8968250, params=0xbf991c00) at xpcwrappedjs.cpp:479

Comment 2

[Adam Guthrie]

I'm assuming you're using trunk? Please paste your user-agent string when filing bugs.

Comment 3

[Evan Yan]

sorry for the component changing, it was an accident when I'm adding CC list.

Comment 4

[Willie Walker]

Yeeeeeeeee haaaaaaaa!  Giddy-up, cowboy!  This no longer crashes for me as of this morning's build: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20061213 Minefield/3.0a1.

Many many many thanks.

Comment 5

[Aaron Leventhal]

For recordkeeping, this was fixed as a result of the fix for bug 359924.