Closed Bug 706026 Opened 12 years ago Closed 12 years ago

Crash in nsXULTextFieldAccessible::FrameSelection


(Core :: Disability Access APIs, defect)

10 Branch
Windows 7
Not set



Tracking Status
firefox10 --- verified


(Reporter: scoobidiver, Assigned: surkov)



(Keywords: crash, regression, Whiteboard: [qa!])

Crash Data


(2 files)

It's a low volume crash signature that first appeared in 10.0a1/20111022.

Signature	nsXULTextFieldAccessible::FrameSelection()
UUID	884d6edc-979a-410e-9f79-b90022111128
Date Processed	2011-11-28 20:19:51.444158
Uptime	646
Install Age	6.3 hours since version was first installed.
Install Time	2011-11-28 21:59:14
Product	Firefox
Version	11.0a1
Build ID	20111128031052
Release Channel	nightly
OS	Windows NT
OS Version	6.1.7601 Service Pack 1
Build Architecture	x86
Build Architecture Info	GenuineIntel family 6 model 23 stepping 6
Crash Address	0x2c
App Notes 	AdapterVendorID: 10de, AdapterDeviceID: 0427, AdapterSubsysID: 02091028, AdapterDriverVersion: 6.1.7600.16385
D3D10 Layers? D3D10 Layers-
D3D9 Layers? D3D9 Layers-
EMCheckCompatibility	False

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	nsXULTextFieldAccessible::FrameSelection 	accessible/src/xul/nsXULFormControlAccessible.cpp:892
1 	xul.dll 	nsHyperTextAccessible::GetSelectionDOMRanges 	accessible/src/html/nsHyperTextAccessible.cpp:1748
2 	xul.dll 	nsHyperTextAccessible::GetSelectionCount 	accessible/src/html/nsHyperTextAccessible.cpp:1800
3 	xul.dll 	CAccessibleText::get_nSelections 	accessible/src/msaa/CAccessibleText.cpp:181
4 	rpcrt4.dll 	Invoke 	
5 	rpcrt4.dll 	NdrStubCall2 	
6 	ole32.dll 	CStdStubBuffer_Invoke 	
7 	ole32.dll 	SyncStubInvoke 	
8 	ole32.dll 	StubInvoke 	
9 	ole32.dll 	CCtxComChnl::ContextInvoke 	
10 	ole32.dll 	MTAInvoke 	
11 	ole32.dll 	STAInvoke 	
12 	ole32.dll 	AppInvoke 	
13 	ole32.dll 	ComInvokeWithLockAndIPID 	
14 	ole32.dll 	ComInvoke 	
15 	ole32.dll 	ThreadDispatch 	
16 	ole32.dll 	ThreadWndProc 	
17 	user32.dll 	InternalCallWinProc 	
18 	user32.dll 	UserCallWinProcCheckWow 	
19 	user32.dll 	DispatchMessageWorker 	
20 	user32.dll 	DispatchMessageW 	
21 	xul.dll 	nsAppShell::ProcessNextNativeEvent 	widget/src/windows/nsAppShell.cpp:344
22 	xul.dll 	nsBaseAppShell::OnProcessNextEvent 	widget/src/xpwidgets/nsBaseAppShell.cpp:324
23 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:587

More reports at:
One bug that landed on the 20th of October is bug 680085 that dealt with frame offsets IIRC. David, could this be the cause?
bug 539683 will fix this one
Depends on: 539683
Maybe bug 680085 should be backed out in Aurora.
(In reply to Scoobidiver from comment #3)
> Maybe bug 680085 should be backed out in Aurora.

It doesn't look guilty. I think bug 688126 caused that. Backing out is always option but this one might be tricky because iirc bunch of other bug fixed depended on that.
Attached patch patchSplinter Review
small fix to get it ported to aurora branch
Assignee: nobody → surkov.alexander
Comment on attachment 577543 [details] [diff] [review]

r=me. I think this makes sense to take on Central, too, since we don't know when Tbsaunde will get to fixing the other bug.
Attachment #577543 - Flags: review+
(In reply to Marco Zehe (:MarcoZ) from comment #6)
> Comment on attachment 577543 [details] [diff] [review] [diff] [details] [review]
> patch
> r=me. I think this makes sense to take on Central, too, since we don't know
> when Tbsaunde will get to fixing the other bug.

sure it is. It looks bug tracking and my review requests keep him busy :)
Turns out I just ran into this crash, too. I accidentally had invoked the Firefox search instead of the NVDA search, and when I had already typed something, but instead of searching, hit Escape to close the toolbar/search field, I got this crash:
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla11
Comment on attachment 577543 [details] [diff] [review]

trivial regression fix introduced in Firefox 10
Attachment #577543 - Flags: approval-mozilla-aurora?
Attachment #577543 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
To land when aurora tree looks good.
Is this something QA can verify?
Whiteboard: [qa?]
I have verified the crash stats on Socorro and this crash doesn't appear to have reproduced anymore after the fix for this bug was pushed.

Please let me know if there is another way you want me to verify this bug.
Whiteboard: [qa?] → [qa!]
You need to log in before you can comment on or make changes to this bug.