AT may crash when it frees memory allocated for header cell array by server

RESOLVED FIXED

Status

()

--
critical
RESOLVED FIXED
8 years ago
8 years ago

People

(Reporter: surkov, Assigned: surkov)

Tracking

({access})

unspecified
All
Windows 7
access
Points:
---

Firefox Tracking Flags

(blocking2.0 beta7+, blocking1.9.2 needed, status1.9.2 .11-fixed)

Details

Attachments

(1 attachment)

(Assignee)

Description

8 years ago
Created attachment 478921 [details] [diff] [review]
patch

I think the problem we allocate memory by nsMemory::Allocate which is not thread safe. It's reasonable to use CoTaskMemAlloc here (AT use CoTaskMemFree to free  memory allocated by Firefox).

It was tested as a part of try-server build, it must be safe to land it for Firefox 3.6 as well.
Attachment #478921 - Flags: review?(bolterbugz)
Attachment #478921 - Flags: approval1.9.2.11?
(Assignee)

Updated

8 years ago
blocking2.0: --- → ?

Comment 1

8 years ago
This would be a speedy landing/review, since code freeze for 3.6.11 is tonight, September 28, 2010 11:50 PDT IIRC. I agree this is needed to prevent crashes with assistive technologies properly wanting to support the new table interfaces. Requesting blocking 1.9.2.
blocking1.9.2: --- → ?
(Assignee)

Comment 2

8 years ago
Comment on attachment 478921 [details] [diff] [review]
patch

let's speed up review process :)

all we need is to get blocking status for 2.0 and 1.9.2. 

This is really urgent to land on 1.9.2 because AT developer is going to disable new table interface usage on their side while this bug is not fixed. That would be a big step back.
Attachment #478921 - Flags: review?(bolterbugz) → review?(marco.zehe)

Comment 3

8 years ago
Comment on attachment 478921 [details] [diff] [review]
patch

Yep, this is correct. I remember having seen this kind of problem earlier in my C++ life. :) R=me.

Do we have other places in the msaa codebase where this could bite us?
Attachment #478921 - Flags: review?(marco.zehe) → review+
(Assignee)

Comment 4

8 years ago
Yes, but I didn't check it.
Approving blocking b7, there is urgency for this.
blocking2.0: ? → beta7+

Comment 6

8 years ago
Landed on Alexander's behalf on 2.0: http://hg.mozilla.org/mozilla-central/rev/530a551da062
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Comment on attachment 478921 [details] [diff] [review]
patch

a=beltzner
Attachment #478921 - Flags: approval1.9.2.11? → approval1.9.2.11+
blocking1.9.2: ? → needed

Comment 8

8 years ago
Landed on 1.9.2 on Alexander's behalf: http://hg.mozilla.org/releases/mozilla-1.9.2/rev/7cd8c155da8d
status1.9.2: --- → .11-fixed
(Assignee)

Comment 9

8 years ago
Thanks, Marco!
You need to log in before you can comment on or make changes to this bug.