Closed
Bug 706784
Opened 13 years ago
Closed 13 years ago
Firefox 8.0.1 Crash Report [@ nsLinkableAccessible::GetValue(nsAString_internal&) ] (mainly correlated to WebRoot Secure Anywhere)
Categories
(Core :: Disability Access APIs, defect)
Tracking
()
RESOLVED
FIXED
mozilla14
People
(Reporter: cbook, Assigned: surkov)
Details
(Keywords: crash, topcrash, Whiteboard: [qa+])
Crash Data
Attachments
(2 files)
1.72 KB,
patch
|
MarcoZ
:
review+
|
Details | Diff | Splinter Review |
2.30 KB,
patch
|
tbsaunde
:
review+
johnath
:
approval-mozilla-aurora+
johnath
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
noticed this crash on the top changer report for Firefox 8.0.1. Crash [@ nsLinkableAccessible::GetValue(nsAString_internal&) ] - example crash report -> https://crash-stats.mozilla.com/report/index/d0216e0f-4bd2-449e-8b1a-317032111201 and general overview -> https://crash-stats.mozilla.com/report/list?range_value=3&range_unit=days&signature=nsLinkableAccessible%3A%3AGetValue%28nsAString_internal%26%29&version=Firefox%3A8.0.1
seems its there since at least Firefox 7.0.1
stack:
Crashing Thread
Frame Module Signature [Expand] Source
0 xul.dll nsLinkableAccessible::GetValue accessible/src/base/nsBaseWidgetAccessible.cpp:137
1 xul.dll nsAccessibleWrap::get_accValue accessible/src/msaa/nsAccessibleWrap.cpp:322
2 rpcrt4.dll Invoke
3 rpcrt4.dll NdrStubCall2
4 ole32.dll NdrpCreateStub
5 oleaut32.dll oleaut32.dll@0xffd2
6 ole32.dll SyncStubInvoke
7 ole32.dll StubInvoke
8 ole32.dll CCtxComChnl::ContextInvoke
9 ole32.dll MTAInvoke
10 ole32.dll STAInvoke
11 ole32.dll AppInvoke
12 ole32.dll ComInvokeWithLockAndIPID
13 ole32.dll ComInvoke
14 ole32.dll ThreadDispatch
15 ole32.dll ThreadWndProc
16 user32.dll InternalCallWinProc
17 user32.dll UserCallWinProcCheckWow
18 user32.dll DispatchMessageWorker
19 user32.dll DispatchMessageW
20 xul.dll nsAppShell::ProcessNextNativeEvent widget/src/windows/nsAppShell.cpp:346
21 xul.dll nsBaseAppShell::OnProcessNextEvent widget/src/xpwidgets/nsBaseAppShell.cpp:324
22 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:595
23 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:134
24 xul.dll xul.dll@0xba37ab
25 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:205
26 xul.dll xul.dll@0x30056f
27 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:179
28 xul.dll mozilla::storage::AsyncExecuteStatements::AsyncExecuteStatements storage/src/mozStorageAsyncStatementExecution.cpp:239
29 xul.dll nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:189
30 dui70.dll DirectUI::ValueProvider::ValueProvider
31 xul.dll nsAppStartup::Run toolkit/components/startup/nsAppStartup.cpp:224
32 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:3544
33 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:107
34 firefox.exe firefox.exe@0x4043
35 firefox.exe _RTC_Initialize
36 mozcrt19.dll _initterm obj-firefox/memory/jemalloc/crtsrc/crt0dat.c:852
37 firefox.exe __security_init_cookie obj-firefox/memory/jemalloc/crtsrc/gs_support.c:139
38 kernel32.dll BaseThreadInitThunk
39 ntdll.dll WinSqmSetIfMaxDWORD
40 ntdll.dll _RtlUserThreadStart
41 firefox.exe firefox.exe@0x1cef
42 firefox.exe firefox.exe@0x1cef
Updated•13 years ago
|
Component: Disability Access → Disability Access APIs
Product: Firefox → Core
QA Contact: disability.access → accessibility-apis
Assignee | ||
Comment 1•13 years ago
|
||
Assignee: nobody → surkov.alexander
Status: NEW → ASSIGNED
Attachment #578219 -
Flags: review?(marco.zehe)
Comment 2•13 years ago
|
||
Comment on attachment 578219 [details] [diff] [review]
patch
r=me thanks for the quick fix!
Attachment #578219 -
Flags: review?(marco.zehe) → review+
Comment 3•13 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla11
Comment 4•13 years ago
|
||
There are still crashes with 64-bit builds:
https://crash-stats.mozilla.com/report/list?version=Firefox:11.0a1&range_value=30&range_unit=days&signature=nsLinkableAccessible%3A%3AGetValue%28nsAString_internal%26%29
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 5•13 years ago
|
||
Trevor, I was looking at the fix over on bug 653584. It seems that nsLinkableAccessible::BindToParent can exit without assigning mActionAcc (leaving it null).
Should we be null checking in GetValue,DoAction,GetKeyboardShortcut,GetAnchorURI?
Also, I didn't dive too deep but is there any danger mActionAcc could equal /this/? (GetValue could infinitely recurse)?
Comment 6•13 years ago
|
||
OK as per IRC I see mIsLink should only be true when we have an mActionAcc. Smells a bit funny though.
I have no idea why these crashes are only happening on amd64.
Comment 7•13 years ago
|
||
Users are still getting crashes.
Comment 8•13 years ago
|
||
It's #47 top browser crasher in 9.0.1 and #46 in 10.0b2.
After the patch landing, it's #82 top browser crasher in 11.0a2 and #288 in 12.0a1.
Comment 9•13 years ago
|
||
There's a high correlation in 9.0.1 (before the patch) with WebRoot Secure Anywhere:
94% (240/255) vs. 1% (555/101230) WRusr.dll
Summary: Firefox 8.0.1 Crash Report [@ nsLinkableAccessible::GetValue(nsAString_internal&) ] → Firefox 8.0.1 Crash Report [@ nsLinkableAccessible::GetValue(nsAString_internal&) ] (mainly correlated to WebRoot Secure Anywhere)
Comment 10•13 years ago
|
||
This is showing up in Firefox 10 crash data as the #32 overall crash. Adding Kev to see if he has a contact at that company - http://www.webroot.com/En_US/consumer-products-secureanywhere-complete.html.
Comment 11•13 years ago
|
||
Before the patch, it's #35 top crasher in 10.0.
After the patch, it's #87 top crasher in 11.0b1, #61 in 12.0a2, and #146 in 13.0a1.
There are still correlations to WebRoot SecureAnywhere in 11.0:
nsLinkableAccessible::GetValue(nsAString_internal&)|EXCEPTION_ACCESS_VIOLATION_READ (30 crashes)
90% (27/30) vs. 0% (69/26008) WRusr.dll
0% (0/30) vs. 0% (2/26008) 8.0.1.42
90% (27/30) vs. 0% (67/26008) 8.0.1.95
Comment 12•13 years ago
|
||
Marcia, did we try and reproduce this?
Comment 13•13 years ago
|
||
It's #18 top browser crasher in 11.0, #24 in 12.0b1.
It still happens with the latest WebRoot SecureAnywhere version:
95% (20/21) vs. 0% (39/13377) WRusr.dll
0% (0/21) vs. 0% (1/13377) 8.0.1.40
95% (20/21) vs. 0% (38/13377) 8.0.1.154
Keywords: topcrash
Comment 14•13 years ago
|
||
Alexander, any ideas?
Comment 15•13 years ago
|
||
(In reply to David Bolter [:davidb] from comment #14)
> Alexander, any ideas?
I still can't think of anything, but I'd be interested to see if msvc can get us a stack trace with a little more info, such as local vars or exactly which instruction we crash on and the local disassembly
Assignee | ||
Comment 16•13 years ago
|
||
a crash link pls?
Comment 17•13 years ago
|
||
Assignee | ||
Comment 18•13 years ago
|
||
Attachment #607832 -
Flags: review?(trev.saunders)
Updated•13 years ago
|
Comment 19•13 years ago
|
||
Comment on attachment 607832 [details] [diff] [review]
patch: second round
>+nsLinkableAccessible::UnbindFromParent()
>+{
>+ mActionAcc = nsnull;
>+ mIsLink = false;
>+ mIsOnclick = nsnull;
false?
Attachment #607832 -
Flags: review?(trev.saunders) → review+
Assignee | ||
Comment 20•13 years ago
|
||
(In reply to Trevor Saunders (:tbsaunde) from comment #19)
> >+ mIsOnclick = nsnull;
>
> false?
sure, I noticed that after I filed the patch :)
Assignee | ||
Comment 21•13 years ago
|
||
(In reply to alexander :surkov from comment #18)
> Created attachment 607832 [details] [diff] [review]
> patch: second round
https://hg.mozilla.org/integration/mozilla-inbound/rev/21fabfdbeaab
Comment 22•13 years ago
|
||
Status: REOPENED → RESOLVED
Closed: 13 years ago → 13 years ago
Resolution: --- → FIXED
Target Milestone: mozilla11 → mozilla14
Comment 23•13 years ago
|
||
It's #25 top browser crasher in 12.0b1 and 13.0a2.
That qualifies it for Aurora and Beta approvals.
Assignee | ||
Comment 24•13 years ago
|
||
(In reply to Scoobidiver from comment #23)
> It's #25 top browser crasher in 12.0b1 and 13.0a2.
> That qualifies it for Aurora and Beta approvals.
this patch is a reasonable guess about the crash cause. What is the best way to proceed, should we get some results from Firefox 14 before nomination for back porting or should we proceed immediately?
Comment 25•13 years ago
|
||
(In reply to alexander :surkov from comment #24)
> should we get some results from Firefox 14 before nomination for
> back porting or should we proceed immediately?
Before back porting it, let's monitor it in the trunk during a few days with this link:
https://crash-stats.mozilla.com/report/list?query_search=signature&version=Firefox:14.0a1&query_type=contains&reason_type=contains&range_value=4&range_unit=weeks&hang_type=any&process_type=any&signature=nsLinkableAccessible%3A%3AGetValue%28nsAString_internal%26%29
Assignee | ||
Comment 26•13 years ago
|
||
it sounds like it improves things: two crashes for 25 and 28 March builds. Makes sense to back port this patch.
Comment 27•13 years ago
|
||
Comment on attachment 607832 [details] [diff] [review]
patch: second round
[Approval Request Comment]
Regression caused by (bug #): unknown
User impact if declined: frequent crashes
Testing completed (on m-c, etc.): Yes, see comment #26
Risk to taking this patch (and alternatives if risky):None, just nulling out some members.
String changes made by this patch:None
Attachment #607832 -
Flags: approval-mozilla-beta?
Attachment #607832 -
Flags: approval-mozilla-aurora?
Comment 28•13 years ago
|
||
Comment on attachment 607832 [details] [diff] [review]
patch: second round
Discussed and approved in triage, land it soon please!
Attachment #607832 -
Flags: approval-mozilla-beta?
Attachment #607832 -
Flags: approval-mozilla-beta+
Attachment #607832 -
Flags: approval-mozilla-aurora?
Attachment #607832 -
Flags: approval-mozilla-aurora+
Comment 29•13 years ago
|
||
Landed on Alexander's behalf:
http://hg.mozilla.org/releases/mozilla-aurora/rev/fdce25e870da
http://hg.mozilla.org/releases/mozilla-beta/rev/833d79ffbf39
Comment 30•13 years ago
|
||
(In reply to alexander :surkov from comment #20)
> (In reply to Trevor Saunders (:tbsaunde) from comment #19)
> > >+ mIsOnclick = nsnull;
> >
> > false?
>
> sure, I noticed that after I filed the patch :)
I guess it doesn't matter, but the push to aurora and beta doesn't seem to have this change from nsnull to false, which was made between attaching the patch and pushing to trunk.
Comment 31•13 years ago
|
||
Alex, did you make a change before pushing to trunk? If so, please make these changes to the aurora and beta source files and push as bustage fixes.
Assignee | ||
Comment 32•13 years ago
|
||
(In reply to Marco Zehe (:MarcoZ) from comment #31)
> Alex, did you make a change before pushing to trunk?
yes, sometimes I do that. So the best way is to import path from trunk and then back port it to aurora or beta. To be on safe side.
> If so, please make
> these changes to the aurora and beta source files and push as bustage fixes.
I don't think it's big deal. nsnull is casted to false.
Comment 33•13 years ago
|
||
Verify fix by checking crashstats after the March 29th landing.
Whiteboard: [qa+]
Comment 34•13 years ago
|
||
http://bit.ly/HPSf4c
Since the fix landed on 12 beta, a lot less crashes than F11, but still a few:
12 crashes on 12b4
5 crashes on 12b5
Are these expected? Would it be enough to call it verified?
Comment 35•13 years ago
|
||
(In reply to Virgil Dicu [:virgil] [QA] from comment #34)
> Are these expected? Would it be enough to call it verified?
I would think so. From the experience I have dealing with crash stats every day, I'd guess the main issue we saw here has been fixed and there is a different issue just merely triggering something with the same signature. For this other issue, a different bug should be filed if it's of high enough frequency (which your numbers don't seem to imply).
Comment 36•13 years ago
|
||
Thank you for the clarification, Robert. Marking this as verified on Firefox 12 based on crash-stats data.
Comment 37•13 years ago
|
||
http://bit.ly/HPSf4c
Only one crash in F13beta after 2 weeks after merge. Marking as verified in F13 as well, as the main issue is resolved.
You need to log in
before you can comment on or make changes to this bug.
Description
•