Last Comment Bug 761943 - crash in nsXULListitemAccessible::NativeInteractiveState
: crash in nsXULListitemAccessible::NativeInteractiveState
Status: RESOLVED FIXED
: crash, regression
Product: Core
Classification: Components
Component: Disability Access APIs (show other bugs)
: 15 Branch
: x86 Windows 7
: -- critical (vote)
: mozilla16
Assigned To: Mark Capella [:capella]
:
Mentors:
Depends on:
Blocks: 756983
  Show dependency treegraph
 
Reported: 2012-06-06 00:38 PDT by Scoobidiver (away)
Modified: 2012-08-10 08:04 PDT (History)
5 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
verified


Attachments
Patch (v1) (1003 bytes, patch)
2012-06-06 02:49 PDT, Mark Capella [:capella]
surkov.alexander: review+
akeybl: approval‑mozilla‑aurora+
Details | Diff | Splinter Review

Description Scoobidiver (away) 2012-06-06 00:38:50 PDT
It first appeared in 16.0a1/20120605. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=dd6ec482a85d&tochange=a7a905fd70d5
It's likely a regression from bug 756983.

Signature 	nsXULListitemAccessible::NativeInteractiveState() More Reports Search
UUID	047f63ef-ba94-4597-a016-63fb42120605
Date Processed	2012-06-05 16:54:16
Uptime	396
Install Age	6.6 minutes since version was first installed.
Install Time	2012-06-05 16:47:26
Product	Firefox
Version	16.0a1
Build ID	20120605030522
Release Channel	nightly
OS	Windows NT
OS Version	6.1.7601 Service Pack 1
Build Architecture	x86
Build Architecture Info	GenuineIntel family 6 model 26 stepping 4
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0x0
App Notes 	
AdapterVendorID: 0x1002, AdapterDeviceID: 0x9440, AdapterSubsysID: 20071787, AdapterDriverVersion: 8.961.0.0
D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ 
EMCheckCompatibility	True	
Total Virtual Memory	2147352576
Available Virtual Memory	1595027456
System Memory Use Percentage	36
Available Page File	4753297408
Available Physical Memory	2041167872

Frame 	Module 	Signature 	Source
0 	xul.dll 	nsXULListitemAccessible::NativeInteractiveState 	accessible/src/xul/nsXULListboxAccessible.cpp:894
1 	xul.dll 	nsXULListitemAccessible::NativeState 	accessible/src/xul/nsXULListboxAccessible.cpp:872
2 	xul.dll 	Accessible::State 	accessible/src/generic/Accessible.cpp:1512
3 	xul.dll 	AccessibleWrap::get_accState 	accessible/src/msaa/AccessibleWrap.cpp:443
4 	oleacc.dll 	AccWrap_Base::get_accState 	
5 	oleacc.dll 	AccWrap_Annotate::get_accState 	
6 	FSDomNodeFirefox.DLL 	FSDomNodeFirefox.DLL@0x10058 	
7 	FSDomNodeFirefox.DLL 	FSDomNodeFirefox.DLL@0xdf1e 	
8 	FSDomNodeFirefox.DLL 	FSDomNodeFirefox.DLL@0x1a08 	
9 	FSDomNodeFirefox.DLL 	FSDomNodeFirefox.DLL@0x61ed 	
10 	FsDomSrv.dll 	FsDomSrv.dll@0x1f6ef 	
11 	FsDomSrv.dll 	FsDomSrv.dll@0x1c97e 	
12 	user32.dll 	__ClientCallWinEventProc 	
13 	ntdll.dll 	KiUserCallbackDispatcher 	
14 	ntdll.dll 	KiUserApcDispatcher 	
15 	xul.dll 	xul.dll@0x1978af 	
16 	xul.dll 	PL_DHashTableOperate 	obj-firefox/xpcom/build/pldhash.cpp:586
17 	xul.dll 	xul.dll@0xc608ff 	
18 		@0x6568742c 	
19 	xul.dll 	nsObserverService::EnumerateObservers 	xpcom/ds/nsObserverService.cpp:130
20 	xul.dll 	nsRefPtr<nsIDOMEventListener>::~nsRefPtr<nsIDOMEventListener> 	
21 	xul.dll 	xul.dll@0xe1a46b 	
22 	xul.dll 	AccessibleWrap::HandleAccEvent 	accessible/src/msaa/AccessibleWrap.cpp:1502
23 	xul.dll 	nsEventShell::FireEvent 	accessible/src/base/nsEventShell.cpp:29
24 	xul.dll 	DocAccessible::ProcessPendingEvent 	accessible/src/generic/DocAccessible.cpp:1796
25 	xul.dll 	NotificationController::WillRefresh 	accessible/src/base/NotificationController.cpp:323
26 	xul.dll 	nsRefreshDriver::Notify 	layout/base/nsRefreshDriver.cpp:336
27 	xul.dll 	nsTimerImpl::Fire 	xpcom/threads/nsTimerImpl.cpp:476

More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsXULListitemAccessible%3A%3ANativeInteractiveState%28%29
Comment 1 alexander :surkov 2012-06-06 01:45:44 PDT
mParent null check is a fix because mParent can be null for example on hide event.

Mark, would you like to this it?
Comment 2 Mark Capella [:capella] 2012-06-06 02:49:57 PDT
Created attachment 630485 [details] [diff] [review]
Patch (v1)

Stab at it for review ....
Comment 3 alexander :surkov 2012-06-06 02:51:59 PDT
Comment on attachment 630485 [details] [diff] [review]
Patch (v1)

Review of attachment 630485 [details] [diff] [review]:
-----------------------------------------------------------------

r=me, thank you!

::: accessible/src/xul/nsXULListboxAccessible.cpp
@@ +890,5 @@
>  PRUint64
>  nsXULListitemAccessible::NativeInteractiveState() const
>  {
> +  return NativelyUnavailable() ||
> +         (mParent && mParent->NativelyUnavailable()) ?

nit: you can keep it on the same line
Comment 4 Mark Capella [:capella] 2012-06-06 05:21:46 PDT
Push to TRY:
https://tbpl.mozilla.org/?tree=Try&rev=b418f96c3dd6
Comment 5 Mark Capella [:capella] 2012-06-06 08:07:52 PDT
Inbound push:
https://tbpl.mozilla.org/?tree=Mozilla-Inbound&rev=107f611fb258
Comment 6 Ed Morley [:emorley] 2012-06-07 05:53:40 PDT
https://hg.mozilla.org/mozilla-central/rev/107f611fb258
Comment 7 alexander :surkov 2012-06-07 06:01:29 PDT
Comment on attachment 630485 [details] [diff] [review]
Patch (v1)

[Approval Request Comment]
Bug caused by (feature/regressing bug #): 756983
User impact if declined: crash
Testing completed (on m-c, etc.): yes (this bug doesn't have test coverage)
Risk to taking this patch (and alternatives if risky): zero risk (null check)
String or UUID changes made by this patch: no
Comment 8 Alex Keybl [:akeybl] 2012-06-11 12:57:17 PDT
Comment on attachment 630485 [details] [diff] [review]
Patch (v1)

[Triage Comment]
Null check fix, approved for Aurora 15.
Comment 9 Marco Zehe (:MarcoZ) 2012-06-12 03:15:59 PDT
Landed on Aurora on Mark's behalf: http://hg.mozilla.org/releases/mozilla-aurora/rev/7eb0c6f9937b

Note You need to log in before you can comment on or make changes to this bug.