Closed Bug 600082 Opened 14 years ago Closed 14 years ago

AT may crash when it frees memory allocated for header cell array by server

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Platform:
All
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
blocking2.0 --- beta7+
blocking1.9.2 --- needed
status1.9.2 --- .11-fixed

People

(Reporter: surkov, Assigned: surkov)

References

Details

(Keywords: access)

Attachments

(1 file)

patch
1.12 KB, patch
MarcoZ
: review+
beltzner
: approval1.9.2.11+
Details | Diff | Splinter Review
Attached patch patchSplinter Review 
I think the problem we allocate memory by nsMemory::Allocate which is not thread safe. It's reasonable to use CoTaskMemAlloc here (AT use CoTaskMemFree to free  memory allocated by Firefox).

It was tested as a part of try-server build, it must be safe to land it for Firefox 3.6 as well.
Attachment #478921 - Flags: review?(bolterbugz)
Attachment #478921 - Flags: approval1.9.2.11?
blocking2.0: --- → ?
This would be a speedy landing/review, since code freeze for 3.6.11 is tonight, September 28, 2010 11:50 PDT IIRC. I agree this is needed to prevent crashes with assistive technologies properly wanting to support the new table interfaces. Requesting blocking 1.9.2.
blocking1.9.2: --- → ?
Comment on attachment 478921 [details] [diff] [review]
patch

let's speed up review process :)

all we need is to get blocking status for 2.0 and 1.9.2. 

This is really urgent to land on 1.9.2 because AT developer is going to disable new table interface usage on their side while this bug is not fixed. That would be a big step back.
Attachment #478921 - Flags: review?(bolterbugz) → review?(marco.zehe)
Comment on attachment 478921 [details] [diff] [review]
patch

Yep, this is correct. I remember having seen this kind of problem earlier in my C++ life. :) R=me.

Do we have other places in the msaa codebase where this could bite us?
Attachment #478921 - Flags: review?(marco.zehe) → review+
Yes, but I didn't check it.
Approving blocking b7, there is urgency for this.
blocking2.0: ? → beta7+
Landed on Alexander's behalf on 2.0: http://hg.mozilla.org/mozilla-central/rev/530a551da062
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Comment on attachment 478921 [details] [diff] [review]
patch

a=beltzner
Attachment #478921 - Flags: approval1.9.2.11? → approval1.9.2.11+
blocking1.9.2: ? → needed
Thanks, Marco!
Depends on: 601104
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: