Closed
Bug 547692
Opened 14 years ago
Closed 14 years ago
Crash [@ nsCoreUtils::DispatchMouseEvent(unsigned int, nsIPresShell*, nsIContent*) ]
Categories
(Core :: Disability Access APIs, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: MarcoZ, Assigned: davidb)
References
()
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file, 1 obsolete file)
|
733 bytes,
patch
|
surkov
:
review+
|
Details | Diff | Splinter Review |
Reproducible crash for me when doing the following with Firefox 3.7a2pre and NVDA running: 1. Receiving a nudge from some friend on Facebook. 2. Going to the Facebook main page where these nudges show up. 3. Pressing SPACE (clicking) "nudge back". 4. Pressing SPACE (clicking) "send nudge". 5. Pressing SPACE (clicking) on "OK". Not happening in Firefox 3.6.
|
Reporter | |
Comment 1•14 years ago
|
||
The actual crash happens in a line that was added/changed in bug 500882. Therefore CC'ing Boris.
|
||
Comment 2•14 years ago
|
||
Which line? Can you point me to a crash incident?
|
|
Reporter | |
Comment 3•14 years ago
|
||
Sorry 'bout that! Not my charming self today! :) Here are two reports I submitted: bp-49acefdc-5e7a-4618-bb0f-6e71d2100222 bp-617ea70d-c0d1-4ec3-acd5-993ae2100221
|
|
||
Comment 4•14 years ago
|
||
Perfect, thanks. The line is: nsIFrame *frame = aContent->GetPrimaryFrame(); at the top of nsCoreUtils::DispatchMouseEvent. The crash address is 0x14, which means aContent is null. Should this function just have a null-check up front, or does this indicate a deeper problem somewhere? Presumably someone passed a null aContent to nsAccessible::DoCommand _and_ mDOMNode was not an nsIContent (was the document or something?), right?
|
Assignee | |
Comment 5•14 years ago
|
||
I think we used to use a timer with an nsCommandClosure which probably held onto content (assuming a true 'closure')? ... and now we don't, see: http://hg.mozilla.org/mozilla-central/rev/b8a1a64e36e0 A null check up front does make some sense.
|
|
Assignee | |
Comment 6•14 years ago
|
||
Oh could be the document I suppose... hmmm.
|
|
||
Comment 7•14 years ago
|
||
The code cited in comment 5 seems to stick the nsIContent into an nsCOMPtr in the event (it better do that if it plans to point to it at all, so that's good!).
|
|
Assignee | |
Comment 8•14 years ago
|
||
Yes. I think maybe we want to add a DoAction to nsDocAccessible that does nothing (or just maybe calls TakeFocus()).
|
|
Assignee | |
Comment 9•14 years ago
|
||
Untested (may try later, but need to update my windows tree and today is heavy on meetings)
|
||
Comment 10•14 years ago
|
||
(In reply to comment #9) > Created an attachment (id=428243) [details] > an idea > > Untested (may try later, but need to update my windows tree and today is heavy > on meetings) nope. the document inherits an action from either root element or body. The right fix should be a fix in DoCommand() to call GetRoleContent(mDOMNode) instead of do_QueryInterface(mDOMNode)
|
|
Assignee | |
Comment 11•14 years ago
|
||
Yeah, my way would ignore legitimate actions on documents (probably rare but just as well to cover those cases).
|
|
Assignee | |
Updated•14 years ago
|
Attachment #428243 -
Attachment is obsolete: true
|
|
||
Comment 12•14 years ago
|
||
Oh, as a note.... the old code before bug 500882 effectively had a null-check of aContent and an early return of PR_FALSE if aContent is null in nsCoreUtils::DispatchMouseEvent. It was just not obvious that it did that.
Blocks: 500882
|
|
Assignee | |
Comment 13•14 years ago
|
||
Trivial patch; let's see if it works. Marco can you apply this locally? This approach is better because we will support body/root element actions (e.g. for iframe based ARIA widgets).
Assignee: nobody → bolterbugz
|
|
Assignee | |
Comment 14•14 years ago
|
||
(In reply to comment #12) > Oh, as a note.... the old code before bug 500882 effectively had a null-check > of aContent and an early return of PR_FALSE if aContent is null in > nsCoreUtils::DispatchMouseEvent. It was just not obvious that it did that. Oh I missed that. Good to know thanks.
|
|
||
Comment 15•14 years ago
|
||
Comment on attachment 428249 [details] [diff] [review] getrolecontent approach r=me event if it doesn't fix the Marco's case.
Attachment #428249 -
Flags: review+
|
|
Reporter | |
Comment 16•14 years ago
|
||
This patch fixes the problem!
|
|
Assignee | |
Comment 17•14 years ago
|
||
Thanks Marco. Note I filed bug 547895 while writing a test for this bug.
|
|
Assignee | |
Comment 18•14 years ago
|
||
Landed: http://hg.mozilla.org/mozilla-central/rev/f3687d491693 Thanks guys.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 19•14 years ago
|
||
Verified fixed in Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.3a2pre) Gecko/20100224 Minefield/3.7a2pre (.NET CLR 3.5.30729)
Status: RESOLVED → VERIFIED
|
||
Updated•13 years ago
|
Crash Signature: [@ nsCoreUtils::DispatchMouseEvent(unsigned int, nsIPresShell*, nsIContent*) ]
You need to log in
before you can comment on or make changes to this bug.
Description
•