Closed Bug 706026 Opened 13 years ago Closed 13 years ago

Crash in nsXULTextFieldAccessible::FrameSelection

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Version:
10 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla11
Tracking Flags:
Tracking Status
firefox10 --- verified

People

(Reporter: scoobidiver, Assigned: surkov)

References

Details

(Keywords: crash, regression, Whiteboard: [qa!])

Crash Data

Attachments

(2 files)

patch
618 bytes, patch
MarcoZ
: review+
asa
: approval-mozilla-aurora+
Details | Diff | Splinter Review
patch to land on aurora
834 bytes, patch
Details | Diff | Splinter Review
It's a low volume crash signature that first appeared in 10.0a1/20111022. Signature nsXULTextFieldAccessible::FrameSelection() UUID 884d6edc-979a-410e-9f79-b90022111128 Date Processed 2011-11-28 20:19:51.444158 Uptime 646 Install Age 6.3 hours since version was first installed. Install Time 2011-11-28 21:59:14 Product Firefox Version 11.0a1 Build ID 20111128031052 Release Channel nightly OS Windows NT OS Version 6.1.7601 Service Pack 1 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 23 stepping 6 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x2c App Notes AdapterVendorID: 10de, AdapterDeviceID: 0427, AdapterSubsysID: 02091028, AdapterDriverVersion: 6.1.7600.16385 D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- EMCheckCompatibility False Frame Module Signature [Expand] Source 0 xul.dll nsXULTextFieldAccessible::FrameSelection accessible/src/xul/nsXULFormControlAccessible.cpp:892 1 xul.dll nsHyperTextAccessible::GetSelectionDOMRanges accessible/src/html/nsHyperTextAccessible.cpp:1748 2 xul.dll nsHyperTextAccessible::GetSelectionCount accessible/src/html/nsHyperTextAccessible.cpp:1800 3 xul.dll CAccessibleText::get_nSelections accessible/src/msaa/CAccessibleText.cpp:181 4 rpcrt4.dll Invoke 5 rpcrt4.dll NdrStubCall2 6 ole32.dll CStdStubBuffer_Invoke 7 ole32.dll SyncStubInvoke 8 ole32.dll StubInvoke 9 ole32.dll CCtxComChnl::ContextInvoke 10 ole32.dll MTAInvoke 11 ole32.dll STAInvoke 12 ole32.dll AppInvoke 13 ole32.dll ComInvokeWithLockAndIPID 14 ole32.dll ComInvoke 15 ole32.dll ThreadDispatch 16 ole32.dll ThreadWndProc 17 user32.dll InternalCallWinProc 18 user32.dll UserCallWinProcCheckWow 19 user32.dll DispatchMessageWorker 20 user32.dll DispatchMessageW 21 xul.dll nsAppShell::ProcessNextNativeEvent widget/src/windows/nsAppShell.cpp:344 22 xul.dll nsBaseAppShell::OnProcessNextEvent widget/src/xpwidgets/nsBaseAppShell.cpp:324 23 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:587 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=nsXULTextFieldAccessible%3A%3AFrameSelection%28%29
One bug that landed on the 20th of October is bug 680085 that dealt with frame offsets IIRC. David, could this be the cause?
bug 539683 will fix this one
Depends on: 539683
Maybe bug 680085 should be backed out in Aurora.
(In reply to Scoobidiver from comment #3) > Maybe bug 680085 should be backed out in Aurora. It doesn't look guilty. I think bug 688126 caused that. Backing out is always option but this one might be tricky because iirc bunch of other bug fixed depended on that.
Attached patch patchSplinter Review
small fix to get it ported to aurora branch
Assignee: nobody → surkov.alexander
Status: NEW → ASSIGNED
Comment on attachment 577543 [details] [diff] [review] patch r=me. I think this makes sense to take on Central, too, since we don't know when Tbsaunde will get to fixing the other bug.
Attachment #577543 - Flags: review+
(In reply to Marco Zehe (:MarcoZ) from comment #6) > Comment on attachment 577543 [details] [diff] [review] [diff] [details] [review] > patch > > r=me. I think this makes sense to take on Central, too, since we don't know > when Tbsaunde will get to fixing the other bug. sure it is. It looks bug tracking and my review requests keep him busy :)
Turns out I just ran into this crash, too. I accidentally had invoked the Firefox search instead of the NVDA search, and when I had already typed something, but instead of searching, hit Escape to close the toolbar/search field, I got this crash: https://crash-stats.mozilla.com/report/index/bp-db788a5a-8b3d-464e-8823-e717a2111129
https://hg.mozilla.org/mozilla-central/rev/2e7f9c966a9f
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla11
Comment on attachment 577543 [details] [diff] [review] patch trivial regression fix introduced in Firefox 10
Attachment #577543 - Flags: approval-mozilla-aurora?
Attachment #577543 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
To land when aurora tree looks good.
Is this something QA can verify?
Whiteboard: [qa?]
I have verified the crash stats on Socorro and this crash doesn't appear to have reproduced anymore after the fix for this bug was pushed. Please let me know if there is another way you want me to verify this bug.
Status: RESOLVED → VERIFIED
Whiteboard: [qa?] → [qa!]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: