Closed Bug 653584 Opened 14 years ago Closed 14 years ago

crash in nsLinkableAccessible::NativeState()

Categories

(Core :: Disability Access APIs, defect)

x86_64
Linux
defect
Not set
normal

Tracking

()

VERIFIED FIXED
mozilla6

People

(Reporter: tbsaunde, Assigned: tbsaunde)

References

Details

(Keywords: common-issue+)

Attachments

(2 files, 10 obsolete files)

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110428 Firefox/6.0a1 Build Identifier: Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110428 Firefox/6.0a1 https://crash-stats.mozilla.com/report/index/bp-8513f64d-8814-4359-b55b-59de12110428 I don't have much time for this till the weekend, but it looks like actionAccessible is somehow null. I'm not sure if that's related to bug 634218 or not yet. Reproducible: Always
Component: Disability Access → Disability Access APIs
Keywords: common-issue+
Product: Firefox → Core
QA Contact: disability.access → accessibility-apis
hm so copying from the url bar just doesn't work, hopefully this does its crash report 8513f64d-8814-4359-b55b-59de12110428 and p.s. I see shift still hates me
well, that was better but if bugzilla would auto link this it would be nice its crash report bp-8513f64d-8814-4359-b55b-59de12110428
Trevor, take an approach from bug 649409: assertion and null check.
(In reply to comment #4) > Trevor, take an approach from bug 649409: assertion and null check. sure, I've thought aboutthat but I'd like to know why actionAcc was null, since if we're asserting it shouldn't be then it would seem something else is wrong...
Attached patch patch (obsolete) — Splinter Review
add assert and check to avoid crashing.
Attachment #529628 - Flags: review?(surkov.alexander)
Comment on attachment 529628 [details] [diff] [review] patch Review of attachment 529628 [details] [diff] [review]: ::: accessible/src/base/nsBaseWidgetAccessible.cpp @@ +120,5 @@ PRUint64 states = nsAccessibleWrap::NativeState(); if (mIsLink) { states |= states::LINKED; nsAccessible* actionAcc = GetActionAccessible(); + NS_ASSERTION(actionAcc, "no action accessible"); please give some explanation in message why it can't be null
Attachment #529628 - Flags: review?(surkov.alexander) → review+
Assignee: nobody → trev.saunders
from irc discussion store a pointer to the action accessible not the action content.
Attachment #529628 - Attachment is obsolete: true
Attachment #531865 - Flags: review?(surkov.alexander)
Attached file irc discussion
Comment on attachment 531865 [details] [diff] [review] fix crash in nsLinkableAccessible::NativeState() Review of attachment 531865 [details] [diff] [review]: ----------------------------------------------------------------- I think I'd like to look at next patch ::: accessible/src/base/nsBaseWidgetAccessible.cpp @@ +131,5 @@ > nsAccessible::GetValue(aValue); > if (!aValue.IsEmpty()) > return NS_OK; > > + return mActionAcc ? mActionAcc->GetValue(aValue) : NS_ERROR_NOT_IMPLEMENTED; you got rid mIsLink check @@ +206,3 @@ > > + if (isLink) > + return mActionAcc->GetAnchorURI(aAnchorIndex); fix identation here, use IsHyperLink() instead of local variable, it's inline and assertion is for debug only @@ +225,5 @@ > mIsLink = PR_FALSE; > mIsOnclick = PR_FALSE; > > + nsAccessible* walkUpAcc = GetAccService()->GetAccessibleInWeakShell(mContent, > + mWeakShell); this is 'this'. @@ +232,5 @@ > mIsOnclick = PR_TRUE; > return; > } > > + while ((walkUpAcc = walkUpAcc->GetParent())) { actually you don't need walkUpAcc before this point ::: accessible/src/base/nsBaseWidgetAccessible.h @@ +107,5 @@ > protected: > // nsAccessible > virtual void BindToParent(nsAccessible* aParent, PRUint32 aIndexInParent); > > + nsAccessible* mActionAcc; perhaps a small comment what action accessible is
Attachment #531865 - Flags: review?(surkov.alexander) → review-
addressed comments, I'm not sure of the comment describing mActionAcc thoughts?
Attachment #531865 - Attachment is obsolete: true
Attachment #531901 - Flags: review?(surkov.alexander)
Comment on attachment 531901 [details] [diff] [review] bug 653584 - fix crash in nsLinkableAccessible::NativeState() Review of attachment 531901 [details] [diff] [review]: ----------------------------------------------------------------- ::: accessible/src/base/nsBaseWidgetAccessible.cpp @@ +189,5 @@ > > void > nsLinkableAccessible::Shutdown() > { > + mActionAcc = nsnull; it makes sense to do mIsLink = PR_FALSE; and mIsOnClick = PR_FALSE; just to be on safe side @@ +206,4 @@ > "nsIAccessibleHyperLink isn't implemented."); > > + if (mActionAcc->IsHyperLink()) > + return mActionAcc->GetAnchorURI(aAnchorIndex); fix indentation please, this whole bock has wrong identation @@ +241,4 @@ > return; > } > > + if (nsCoreUtils::HasClickListener(walkUpAcc->GetContent())) { actually that's not the same, when you crawl the parent chain, then you check the click listener on document, now you do that on body element. ::: accessible/src/base/nsBaseWidgetAccessible.h @@ +111,2 @@ > /** > + * accessible that is actually actionable perhaps, parent accessible that provides an action for this linkable accessible
Attachment #531901 - Flags: review?(surkov.alexander) → review+
(In reply to comment #12) > Comment on attachment 531901 [details] [diff] [review] [review] > bug 653584 - fix crash in nsLinkableAccessible::NativeState() > > Review of attachment 531901 [details] [diff] [review] [review]: > ----------------------------------------------------------------- > > ::: accessible/src/base/nsBaseWidgetAccessible.cpp > @@ +189,5 @@ > > > > void > > nsLinkableAccessible::Shutdown() > > { > > + mActionAcc = nsnull; > > it makes sense to do mIsLink = PR_FALSE; and mIsOnClick = PR_FALSE; just to > be on safe side sure > @@ +241,4 @@ > > return; > > } > > > > + if (nsCoreUtils::HasClickListener(walkUpAcc->GetContent())) { > > actually that's not the same, when you crawl the parent chain, then you > check the click listener on document, now you do that on body element. hmm, I'm not sure I understand this it looks to me like we used to look at everything in the content parent change to see if it had a click listener, and now we look at the content for each accessible in the accessible parent chain to see if it has a listener. are these two sets of content elements not necessarily the same? > ::: accessible/src/base/nsBaseWidgetAccessible.h > @@ +111,2 @@ > > /** > > + * accessible that is actually actionable > > perhaps, parent accessible that provides an action for this linkable sure > accessible
(In reply to comment #13) > > > + if (nsCoreUtils::HasClickListener(walkUpAcc->GetContent())) { > > > > actually that's not the same, when you crawl the parent chain, then you > > check the click listener on document, now you do that on body element. > > hmm, I'm not sure I understand this it looks to me like we used to look at > everything in the content parent change to see if it had a click listener, > and now we look at the content for each accessible in the accessible parent > chain to see if it has a listener. are these two sets of content elements > not necessarily the same? we did: iterate through DOM, check click listener (in particular you did a check on document node), now you iterate through accessibles and check click listener on content node (in particular you check on body element but don't do this on document node). Actually in many cases that is great (examples like <body onclick="bla();">) but that's not equivalent to what we had. In general all logic here is somehow broken (for example, the case of click listener on non accessible element in parent chain). Maybe it's worth to keep what you suggest but you should add a comment so we can find something better later.
Attached patch patch to land (obsolete) — Splinter Review
David, the comments seem reasonable?
Attachment #531901 - Attachment is obsolete: true
Comment on attachment 533752 [details] [diff] [review] patch to land Review of attachment 533752 [details] [diff] [review]: ----------------------------------------------------------------- ::: accessible/src/base/nsBaseWidgetAccessible.cpp @@ +190,5 @@ > void > nsLinkableAccessible::Shutdown() > { > + mIsLink = PR_FALSE; > + mIsOnclick = PR_FALSE; fix identation @@ +234,5 @@ > } > > + // XXX this doesn't cover all content that is the parent of this accessibles > + // content, for example it doesn't cover the document, but does get the body > + // element maybe something like this: // XXX: The logic looks broken since the click listener may be registered on non accessible node in parent chain but this node is skipped when tree is traversed. On the another hand, click listener associated with document accessible can be registered on body element or document node, we don't check them both.
(In reply to comment #16) > maybe something like this: > > // XXX: The logic looks broken since the click listener may be registered on > non accessible node in parent chain but this node is skipped when tree is > traversed. On the another hand, click listener associated with document > accessible can be registered on body element or document node, we don't > check them both. the last part is not valid since we never checked the document node itself (we have nsIContent restriction for the check).
Attached patch patch (obsolete) — Splinter Review
fix the tests to pass, it turns out that the test harness has a xul:browser that has a onclick handler registered. The tests can probably be fixed in a better way, but I'm not sure what it would be. Review:
Attachment #533752 - Attachment is obsolete: true
Attachment #534136 - Flags: review?
Attached patch patch (obsolete) — Splinter Review
don't cross document boundaries when climbing the tree
Attached patch patch (obsolete) — Splinter Review
fix silliness we should do walkUpAcc->IsDoc() not IsDoc(). The tests now pass without changes
Attachment #534136 - Attachment is obsolete: true
Attachment #534168 - Attachment is obsolete: true
Attachment #534136 - Flags: review?
Attachment #534174 - Flags: review?(surkov.alexander)
Attached patch patch (obsolete) — Splinter Review
restore behaviour for not checking for link or onclick on document
Attachment #534174 - Attachment is obsolete: true
Attachment #534174 - Flags: review?(surkov.alexander)
Attachment #534176 - Flags: review?(surkov.alexander)
Comment on attachment 534176 [details] [diff] [review] patch Review of attachment 534176 [details] [diff] [review]: ----------------------------------------------------------------- ::: accessible/src/base/nsBaseWidgetAccessible.cpp @@ +232,5 @@ > mIsOnclick = PR_TRUE; > return; > } > > + // // XXX: The logic looks broken since the click listener may be registered double // // @@ +243,1 @@ > again IsDocument(), not sure how it works I prefer while ((walkUpAcc = walkUpAcc->GetParent()) && !walkUpAcc->IsDoc()) { }
Attachment #534176 - Flags: review?(surkov.alexander) → review+
Attached patch patch (obsolete) — Splinter Review
Attachment #534176 - Attachment is obsolete: true
Attached patch patch to land (obsolete) — Splinter Review
deal with last nits
Attachment #534186 - Attachment is obsolete: true
Attached patch right patchSplinter Review
actually refresh patch this time
Attachment #534190 - Attachment is obsolete: true
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla6
Build: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0 The changes made in m-c and landed (comment 26) are visible in hg, under beta (i.e. http://hg.mozilla.org/releases/mozilla-beta/file/f3e82fad65b2/accessible/src/base/nsBaseWidgetAccessible.cpp). Setting this as verified for Firefox 6 Beta
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: