Closed Bug 630828 Opened 14 years ago Closed 14 years ago

Crash [@ nsAccessible::UpdateChildren() ]

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla5
Tracking Flags:
Tracking Status
blocking2.0 --- .x+

People

(Reporter: scoobidiver, Assigned: surkov)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file, 2 obsolete files)

patch to land
882 bytes, patch
Details | Diff | Splinter Review
It is a new crash signature. Crashes first appeared in 4.0b11pre/20110201. It is #23 top crasher in today's build. Signature nsAccessible::UpdateChildren() UUID 68d0c0d8-de33-41b3-9df0-7ff5c2110201 Time 2011-02-01 10:18:12.614802 Uptime 44 Last Crash 48 seconds before submission Install Age 9704 seconds (2.7 hours) since version was first installed. Product Firefox Version 4.0b11pre Build ID 20110201030339 Branch 2.0 OS Windows NT OS Version 5.1.2600 Service Pack 3 CPU x86 CPU Info GenuineIntel family 15 model 6 stepping 2 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x0 App Notes AdapterVendorID: 1002, AdapterDeviceID: 5b65, AdapterDriverVersion: 8.401.0.0 Frame Module Signature [Expand] Source 0 xul.dll nsAccessible::UpdateChildren accessible/src/base/nsAccessible.h:235 1 xul.dll nsDocAccessible::NotifyOfCachingEnd accessible/src/base/nsDocAccessible.cpp:1470 2 xul.dll nsAccessible::EnsureChildren accessible/src/base/nsAccessible.cpp:3194 3 xul.dll nsDocAccessible::ProcessContentInserted accessible/src/base/nsDocAccessible.cpp:1763 4 xul.dll NotificationController::ContentInsertion::Process accessible/src/base/NotificationController.cpp:1022 5 xul.dll NotificationController::WillRefresh accessible/src/base/NotificationController.cpp:241 6 xul.dll nsRefreshDriver::Notify layout/base/nsRefreshDriver.cpp:254 7 xul.dll nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:428 8 xul.dll nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:517 9 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:633 10 nspr4.dll PR_AssertCurrentThreadOwnsLock nsprpub/pr/src/threads/combined/prulock.c:404 11 nspr4.dll PR_AssertCurrentThreadOwnsLock nsprpub/pr/src/threads/combined/prulock.c:404 12 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110 13 xul.dll MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:219 14 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:202 15 mozcrt19.dll mozcrt19.dll@0x1804a 16 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:176 17 xul.dll nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:192 18 xul.dll xul.dll@0xb2ca5b 19 xul.dll nsAppStartup::Run toolkit/components/startup/src/nsAppStartup.cpp:218 20 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:3775 21 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:128 22 firefox.exe __tmainCRTStartup obj-firefox/memory/jemalloc/crtsrc/crtexe.c:591 23 kernel32.dll BaseProcessStart The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=ba3fe7ee56b9&tochange=8b5cb26bbb10 More reports at: https://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=exact&query=&range_value=4&range_unit=weeks&hang_type=any&process_type=any&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&admin=&signature=nsAccessible%3A%3AUpdateChildren%28%29
blocking2.0: --- → ?
Attached patch patch fixing the crash (obsolete) — Splinter Review
508 nsAccessible* child = GetChildAt(startChildIdx); 509 child->AppendTextTo(aText, aStartOffset - childOffset, 510 aEndOffset - aStartOffset); child is NULL because GetChildAt returns an wrong result (that child has been removed, but mOffsets has not been updated).
Attachment #509089 - Flags: review?(surkov.alexander)
Comment on attachment 509089 [details] [diff] [review] patch fixing the crash wrong bug, sorry, forget patch and last comment
Attachment #509089 - Flags: review?(surkov.alexander)
Assignee: nobody → fherrera
Status: NEW → ASSIGNED
Attachment #509089 - Attachment is obsolete: true
I can only find 3 stacks all with build id: 20110201030339 Let's not block FF4 on this one.
blocking2.0: ? → -
We have got more crashes, but none with builds after 20110222.
(In reply to comment #4) > We have got more crashes, but none with builds after 20110222. ok, let's keep it open for a while then. I don't have clever idea why it can crash.
Attached patch patch (obsolete) — Splinter Review
no idea still how it may happen but let's add assertion and null-check
Assignee: fherrera → surkov.alexander
Attachment #518659 - Flags: review?(bolterbugz)
Got two new crashes from 03/03/2011 builds.
Comment on attachment 518659 [details] [diff] [review] patch OK. I still want to know why it happens though :(
Attachment #518659 - Flags: review?(bolterbugz) → review+
4.x wanted, trivial fix - null check, zero risk.
blocking2.0: - → ?
Agreed.
blocking2.0: ? → .x+
Whiteboard: [safe nullcheck]
Attached patch patch to landSplinter Review
Attachment #518659 - Attachment is obsolete: true
Whiteboard: [safe nullcheck] → [safe nullcheck][fx4-rc-ridealong][has reviewed patch]
landed - http://hg.mozilla.org/mozilla-central/rev/7fe72ffbb780
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Whiteboard: [safe nullcheck][fx4-rc-ridealong][has reviewed patch]
Target Milestone: --- → mozilla2.2
Crash Signature: [@ nsAccessible::UpdateChildren() ]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: