Closed
Bug 495555
Opened 16 years ago
Closed 7 years ago
Crash [@ nsAttrValue::ToString] with aria-labelledby, observes and groupbox
Categories
(Core :: Disability Access APIs, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: martijn.martijn, Unassigned)
Details
(Keywords: crash, regression, testcase, Whiteboard: [bk1])
Crash Data
Attachments
(3 files)
|
634 bytes,
application/vnd.mozilla.xul+xml
|
Details | |
|
1.38 KB,
patch
|
Details | Diff | Splinter Review | |
|
104.65 KB,
text/plain
|
Details |
See testcase, which crashes current trunk build after 50ms. The testcase uses enhanced privileges, so you need to download it to your computer locally, probably, to be able to grant it the necessary privileges.
It doesn't crash in Firefox 3. I can look for a regression range, if wanted.
http://crash-stats.mozilla.com/report/index/d389801c-72bc-464e-a642-13cc12090529?p=1
0 xul.dll nsAttrValue::ToString content/base/src/nsAttrValue.cpp:339
1 xul.dll nsCoreUtils::GetElementsByIDRefsAttr accessible/src/base/nsCoreUtils.cpp:788
2 xul.dll nsCoreUtils::GetRoleContent accessible/src/base/nsCoreUtils.cpp:242
|
||
Comment 1•16 years ago
|
||
This stack looks very weird, but the line in "1" points at our work on making anonymous content accessible (bug 483573). However, Martijn's testcase uses regular controls, no anonymous content here.
|
Reporter | |
Comment 2•16 years ago
|
||
Perhaps the patch from bug 391132 might give a clue on how to fix this.
|
||
Comment 3•16 years ago
|
||
Assignee: nobody → david.bolter
Status: NEW → ASSIGNED
|
|
||
Comment 4•16 years ago
|
||
Comment on attachment 380823 [details] [diff] [review]
patch 1
Alex, I'm not sure if I'm correct in passing through to the 'described by' algorithm when there is no content. Thoughts?
(Maybe better just to bail out)
Attachment #380823 -
Flags: review?(surkov.alexander)
|
||
Comment 5•16 years ago
|
||
David, me either I do not understand how nsHTMLTableCellAccessible might be related with XUL-based testcase.
|
|
||
Comment 6•16 years ago
|
||
I think this bug is much similar with bug 391132. Here we get also stack overflow because of @observe attribute I think.
|
|
||
Updated•16 years ago
|
Attachment #380823 -
Flags: review?(surkov.alexander)
|
|
||
Comment 7•16 years ago
|
||
Comment on attachment 380823 [details] [diff] [review]
patch 1
cancelling review
|
|
||
Comment 8•16 years ago
|
||
Woah, yeah... stack overflow. Not sure what bug I was fixing there.
|
|
||
Updated•16 years ago
|
Status: ASSIGNED → NEW
|
|
||
Comment 9•16 years ago
|
||
At least one problem here is that we have mutual recursion between: nsXULGroupboxAccessible::GetNameInternal (calling label->GetName(aName)) and nsAccessible::GetName (calling GetNameInternal(aName)).
I believe this might be set up by the observes attribute.
I'm not sure we need to guard against this edge case, since we can control our XUL to not set up this relationship?
|
|
||
Comment 10•16 years ago
|
||
(In reply to comment #9)
> I believe this might be set up by the observes attribute.
right
> I'm not sure we need to guard against this edge case, since we can control our
> XUL to not set up this relationship?
sory, few additional details for the idea please
|
|
||
Comment 12•14 years ago
|
||
the testcase crashes on nightlies but I don't see a11y involved, the stack is:
ntdll.dll!77a1defe()
[Frames below may be incorrect and/or missing, no symbols loaded for ntdll.dll]
ntdll.dll!77a1e275()
ntdll.dll!77a1e0f2()
msvcr90d.dll!69caff0e()
nspr4.dll!PR_GetThreadPrivate(unsigned int index) Line 232 + 0x5 bytes C
xul.dll!AssertActivityIsLegal() Line 168 + 0x15 bytes C++
xul.dll!NS_LogDtor_P(void * aPtr, const char * aType, unsigned int aInstanceSize) Line 1151 + 0x5 bytes C++
xul.dll!nsHashKey::~nsHashKey() Line 145 + 0x10 bytes C++
> xul.dll!nsXBLPrototypeBinding::nsIIDKey::~nsIIDKey() Line 247 + 0x18 bytes C++
073d5788()
we need somebody from content to look at it.
|
|
||
Comment 13•14 years ago
|
||
Olli, can you look at crash?
|
||
Comment 14•14 years ago
|
||
How do I test this on trunk?
|
|
||
Comment 15•14 years ago
|
||
(In reply to comment #14)
> How do I test this on trunk?
I put the testcase into extension (like DOM inspector and run it as chrome://inspector/content/testcasefilename.xul).
|
Assignee | |
Updated•14 years ago
|
Crash Signature: [@ nsAttrValue::ToString]
|
||
Comment 16•14 years ago
|
||
Seems to be still happening on Windows.
Today several crash reports on various Windows version in various Firefox versions.
See: https://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=contains&query=nsAttrValue::ToString&reason_type=contains&date=11/01/2011%2007:17:02&range_value=1&range_unit=weeks&hang_type=crash&process_type=any&do_query=1&signature=nsAttrValue::ToString%28nsAString_internal%26%29
Whiteboard: [bk1]
|
||
Updated•13 years ago
|
Crash Signature: [@ nsAttrValue::ToString] → [@ nsAttrValue::ToString(nsAString_internal&)]
|
|
||
Updated•13 years ago
|
Crash Signature: [@ nsAttrValue::ToString(nsAString_internal&)] → [@ nsAttrValue::ToString(nsAString_internal&)]
[@ nsAttrValue::ToString ]
|
|
||
Comment 17•13 years ago
|
||
I don't see recent sigs. Maybe fixed by Bug 731813 but I didn't dig too deeply.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
|
||
Updated•8 years ago
|
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
||
Comment 18•7 years ago
|
||
I don't see a11y on stack of existing crashes, I guess we can close this 6 years old bug, since today's crashes are not related with the original report.
Status: REOPENED → RESOLVED
Closed: 13 years ago → 7 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•