Closed Bug 751623 Opened 13 years ago Closed 13 years ago

crash in nsRootAccessible::Name

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Version:
15 Branch
Platform:
All
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla15
Tracking Flags:
Tracking Status
firefox15 --- verified

People

(Reporter: scoobidiver, Assigned: surkov)

References

(Blocks 1 open bug)

Details

(Keywords: crash, regression, topcrash)

Crash Data

Attachments

(1 file)

Null check
634 bytes, patch
surkov
: review+
Details | Diff | Splinter Review
It first appeared in 15.0a1/20120503. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=b13bfc70bc44&tochange=807403a04a6a It's likely a regression from bug 740747. Windows and Mac seem unaffected so far. Signature nsRootAccessible::Name More Reports Search UUID f35900f5-ea68-4e98-88cb-e87562120503 Date Processed 2012-05-03 14:07:46 Uptime 2 Last Crash 1.6 minutes before submission Install Age 1.7 minutes since version was first installed. Install Time 2012-05-03 14:05:37 Product Firefox Version 15.0a1 Build ID 20120503030512 Release Channel nightly OS Linux OS Version 0.0.0 Linux 2.6.32-5-686 #1 SMP Mon Mar 26 05:20:33 UTC 2012 i686 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 37 stepping 2 Crash Reason SIGSEGV Crash Address 0x0 App Notes OpenGL: NVIDIA Corporation -- GeForce 310M/PCI/SSE2 -- 3.2.0 NVIDIA 195.36.31 -- texture_from_pixmap Processor Notes WARNING: JSON file missing Add-ons EMCheckCompatibility False Frame Module Signature Source 0 libxul.so nsRootAccessible::Name accessible/src/base/nsRootAccessible.cpp:127 1 libxul.so getNameCB accessible/src/atk/nsAccessibleWrap.cpp:689 2 libatk-1.0.so.0.3009.1 libatk-1.0.so.0.3009.1@0xc135 3 libatk-bridge.so libatk-bridge.so@0x4554 4 libgobject-2.0.so.0.2400.2 libgobject-2.0.so.0.2400.2@0x2102f 5 libgobject-2.0.so.0.2400.2 libgobject-2.0.so.0.2400.2@0x22bfb 6 libgobject-2.0.so.0.2400.2 libgobject-2.0.so.0.2400.2@0x23075 7 libatk-1.0.so.0.3009.1 libatk-1.0.so.0.3009.1@0xd0cc 8 libgobject-2.0.so.0.2400.2 libgobject-2.0.so.0.2400.2@0x183c7 9 libgobject-2.0.so.0.2400.2 libgobject-2.0.so.0.2400.2@0x97a8 10 libgobject-2.0.so.0.2400.2 libgobject-2.0.so.0.2400.2@0xb139 11 libgobject-2.0.so.0.2400.2 libgobject-2.0.so.0.2400.2@0x20eb9 12 libgobject-2.0.so.0.2400.2 libgobject-2.0.so.0.2400.2@0x22bfb 13 libgobject-2.0.so.0.2400.2 libgobject-2.0.so.0.2400.2@0x23075 14 libgobject-2.0.so.0.2400.2 libgobject-2.0.so.0.2400.2@0xf510 15 libgobject-2.0.so.0.2400.2 libgobject-2.0.so.0.2400.2@0xbe6e 16 libgobject-2.0.so.0.2400.2 libgobject-2.0.so.0.2400.2@0x11752 17 libatk-1.0.so.0.3009.1 libatk-1.0.so.0.3009.1@0xb8d4 18 libxul.so ApplicationAccessibleWrap::RemoveChild accessible/src/atk/ApplicationAccessibleWrap.cpp:775 19 libxul.so nsDocAccessible::Shutdown accessible/src/base/nsDocAccessible.cpp:659 20 libxul.so nsAccDocManager::HandleEvent accessible/src/base/nsAccDocManager.cpp:303 21 libxul.so nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:818 22 libxul.so nsEventListenerManager::HandleEventInternal content/events/src/nsEventListenerManager.cpp:875 23 libxul.so nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventListenerManager.h:169 24 libxul.so nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:684 25 libxul.so nsEventDispatcher::DispatchDOMEvent content/events/src/nsEventDispatcher.cpp:747 26 libxul.so nsDocument::DispatchPageTransition content/base/src/nsDocument.cpp:7337 27 libxul.so nsDocument::OnPageHide content/base/src/nsDocument.cpp:7448 28 libxul.so DocumentViewerImpl::PageHide layout/base/nsDocumentViewer.cpp:1288 29 libxul.so nsDocShell::FirePageHideNotification docshell/base/nsDocShell.cpp:1615 30 libxul.so nsDocShell::Destroy docshell/base/nsDocShell.cpp:4662 31 libxul.so nsXULWindow::Destroy xpfe/appshell/src/nsXULWindow.cpp:529 32 libxul.so nsWebShellWindow::Destroy xpfe/appshell/src/nsWebShellWindow.cpp:787 33 libxul.so nsChromeTreeOwner::Destroy xpfe/appshell/src/nsChromeTreeOwner.cpp:388 34 libxul.so nsGlobalWindow::ReallyCloseWindow dom/base/nsGlobalWindow.cpp:6438 35 libxul.so nsCloseEvent::Run dom/base/nsGlobalWindow.cpp:6229 36 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:656 37 libxul.so NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:245 38 libxul.so nsXULWindow::ShowModal xpfe/appshell/src/nsXULWindow.cpp:420 39 libxul.so nsContentTreeOwner::ShowAsModal xpfe/appshell/src/nsContentTreeOwner.cpp:564 40 libxul.so nsWindowWatcher::OpenWindowJSInternal embedding/components/windowwatcher/src/nsWindowWatcher.cpp:1023 41 libxul.so nsWindowWatcher::OpenWindow embedding/components/windowwatcher/src/nsWindowWatcher.cpp:414 42 libxul.so ShowProfileManager toolkit/xre/nsAppRunner.cpp:1866 43 libxul.so XREMain::XRE_mainStartup toolkit/xre/nsAppRunner.cpp:2291 44 libxul.so XREMain::XRE_main toolkit/xre/nsAppRunner.cpp:3839 45 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp:3933 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=nsRootAccessible%3A%3AName
Attached patch Null checkSplinter Review
Assignee: nobody → marco.zehe
Status: NEW → ASSIGNED
Attachment #620775 - Flags: review?(trev.saunders)
Comment on attachment 620775 [details] [diff] [review] Null check that might well fix the crash, but it doesn't seem right. First we didn't check the QI before, and it shouldn't fail and mDocument shouldn't be null anyways I think. My guess would be mDOcument is null but it hasn't become defunct yet, surkov any ideas?
Attachment #620775 - Flags: review?(trev.saunders)
I think it crashes on NativeRootAccessibleWrap, we mark it as defunct but getNameCB doesn't have IsDefunct check (technically it's not needed because defunct state means no gecko accessible for atk accessible. perhaps I'd add Name() implementation on NativeRootAccessibleWrap.
OK, handing this back to you folks, then.
Assignee: marco.zehe → nobody
Status: ASSIGNED → NEW
It's currently #1 top crasher in today's build.
tracking-firefox15: --- → ?
Keywords: topcrash
Comment on attachment 620775 [details] [diff] [review] Null check let's take Marco's patch (since it's topcrasher) and then figure out right solution
Attachment #620775 - Flags: review+
Pushed rebased patch to inbound: http://hg.mozilla.org/integration/mozilla-inbound/rev/1f576da2253d Note that due to de-ns-ification, the signature will probably change to RootAccessible::... Surkov, do you want to keep this open for finding the right solution, or do you want to work on it in a separate bug?
Target Milestone: --- → mozilla15
https://hg.mozilla.org/mozilla-central/rev/1f576da2253d
Assignee: nobody → surkov.alexander
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
(In reply to Marco Zehe (:MarcoZ) from comment #7) > Surkov, do you want to keep this open for finding the right solution, or do > you want to work on it in a separate bug? yeah, please open
Blocks: 752510
There are no crash reports with this signature in the last 4 weeks. Marking verified.
Status: RESOLVED → VERIFIED
status-firefox15: fixedverified
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: