It's a low volume crash signature that first appeared in 10.0a1/20111022. Signature nsXULTextFieldAccessible::FrameSelection() UUID 884d6edc-979a-410e-9f79-b90022111128 Date Processed 2011-11-28 20:19:51.444158 Uptime 646 Install Age 6.3 hours since version was first installed. Install Time 2011-11-28 21:59:14 Product Firefox Version 11.0a1 Build ID 20111128031052 Release Channel nightly OS Windows NT OS Version 6.1.7601 Service Pack 1 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 23 stepping 6 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x2c App Notes AdapterVendorID: 10de, AdapterDeviceID: 0427, AdapterSubsysID: 02091028, AdapterDriverVersion: 6.1.7600.16385 D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- EMCheckCompatibility False Frame Module Signature [Expand] Source 0 xul.dll nsXULTextFieldAccessible::FrameSelection accessible/src/xul/nsXULFormControlAccessible.cpp:892 1 xul.dll nsHyperTextAccessible::GetSelectionDOMRanges accessible/src/html/nsHyperTextAccessible.cpp:1748 2 xul.dll nsHyperTextAccessible::GetSelectionCount accessible/src/html/nsHyperTextAccessible.cpp:1800 3 xul.dll CAccessibleText::get_nSelections accessible/src/msaa/CAccessibleText.cpp:181 4 rpcrt4.dll Invoke 5 rpcrt4.dll NdrStubCall2 6 ole32.dll CStdStubBuffer_Invoke 7 ole32.dll SyncStubInvoke 8 ole32.dll StubInvoke 9 ole32.dll CCtxComChnl::ContextInvoke 10 ole32.dll MTAInvoke 11 ole32.dll STAInvoke 12 ole32.dll AppInvoke 13 ole32.dll ComInvokeWithLockAndIPID 14 ole32.dll ComInvoke 15 ole32.dll ThreadDispatch 16 ole32.dll ThreadWndProc 17 user32.dll InternalCallWinProc 18 user32.dll UserCallWinProcCheckWow 19 user32.dll DispatchMessageWorker 20 user32.dll DispatchMessageW 21 xul.dll nsAppShell::ProcessNextNativeEvent widget/src/windows/nsAppShell.cpp:344 22 xul.dll nsBaseAppShell::OnProcessNextEvent widget/src/xpwidgets/nsBaseAppShell.cpp:324 23 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:587 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=nsXULTextFieldAccessible%3A%3AFrameSelection%28%29
One bug that landed on the 20th of October is bug 680085 that dealt with frame offsets IIRC. David, could this be the cause?
Maybe bug 680085 should be backed out in Aurora.
(In reply to Scoobidiver from comment #3) > Maybe bug 680085 should be backed out in Aurora. It doesn't look guilty. I think bug 688126 caused that. Backing out is always option but this one might be tricky because iirc bunch of other bug fixed depended on that.
Created attachment 577543 [details] [diff] [review] patch small fix to get it ported to aurora branch
Comment on attachment 577543 [details] [diff] [review] patch r=me. I think this makes sense to take on Central, too, since we don't know when Tbsaunde will get to fixing the other bug.
(In reply to Marco Zehe (:MarcoZ) from comment #6) > Comment on attachment 577543 [details] [diff] [review] [diff] [details] [review] > patch > > r=me. I think this makes sense to take on Central, too, since we don't know > when Tbsaunde will get to fixing the other bug. sure it is. It looks bug tracking and my review requests keep him busy :)
Turns out I just ran into this crash, too. I accidentally had invoked the Firefox search instead of the NVDA search, and when I had already typed something, but instead of searching, hit Escape to close the toolbar/search field, I got this crash: https://crash-stats.mozilla.com/report/index/bp-db788a5a-8b3d-464e-8823-e717a2111129
Comment on attachment 577543 [details] [diff] [review] patch trivial regression fix introduced in Firefox 10
Created attachment 581960 [details] [diff] [review] patch to land on aurora To land when aurora tree looks good.
Is this something QA can verify?
I have verified the crash stats on Socorro and this crash doesn't appear to have reproduced anymore after the fix for this bug was pushed. Please let me know if there is another way you want me to verify this bug.