Last Comment Bug 776472 - crash in Accessible::NativeState
: crash in Accessible::NativeState
Status: RESOLVED FIXED
: crash, regression
Product: Core
Classification: Components
Component: Disability Access APIs (show other bugs)
: 17 Branch
: All All
: -- critical (vote)
: mozilla17
Assigned To: Trevor Saunders (:tbsaunde)
:
Mentors:
Depends on:
Blocks: 762876
  Show dependency treegraph
 
Reported: 2012-07-23 03:11 PDT by Scoobidiver (away)
Modified: 2012-07-24 07:26 PDT (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
patch (2.15 KB, patch)
2012-07-23 11:03 PDT, Trevor Saunders (:tbsaunde)
dbolter: review+
Details | Diff | Review

Description Scoobidiver (away) 2012-07-23 03:11:03 PDT
It first appeared in 17.0a1/20120722. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=446b788ab99d&tochange=462106f027af
It's likely a regression from bug 762876.

Stack traces are various:
Frame 	Module 	Signature 	Source
0 	xul.dll 	nsIFrame::GetStyleXUL 	layout/style/nsStyleStructList.h:119
1 	xul.dll 	Accessible::NativeState 	accessible/src/generic/Accessible.cpp:687
2 	xul.dll 	mozilla::a11y::XULMenupopupAccessible::NativeState 	accessible/src/xul/XULMenuAccessible.cpp:448
3 	xul.dll 	Accessible::State 	accessible/src/generic/Accessible.cpp:1450
4 	xul.dll 	AccessibleWrap::get_accState 	accessible/src/msaa/AccessibleWrap.cpp:468
5 	rpcrt4.dll 	Invoke 	
...

Frame 	Module 	Signature 	Source
0 	xul.dll 	nsIFrame::GetStyleXUL 	layout/style/nsStyleStructList.h:119
1 	xul.dll 	Accessible::NativeState 	accessible/src/generic/Accessible.cpp:687
2 	xul.dll 	mozilla::a11y::XULButtonAccessible::NativeState 	accessible/src/xul/XULFormControlAccessible.cpp:96
3 	xul.dll 	Accessible::State 	accessible/src/generic/Accessible.cpp:1450
4 	xul.dll 	AccessibleWrap::get_accState 	accessible/src/msaa/AccessibleWrap.cpp:468
5 	oleacc.dll 	AccWrap_Base::get_accState 	
6 	oleacc.dll 	AccWrap_Annotate::get_accState 	
7 	FSDomNodeFirefox.DLL 	FSDomNodeFirefox.DLL@0x109d1
...

Frame 	Module 	Signature 	Source
0 	libxul.so 	Accessible::NativeState 	nsStyleStructList.h:119
1 	libxul.so 	HyperTextAccessible::NativeState 	accessible/src/generic/HyperTextAccessible.cpp:124
2 	libxul.so 	mozilla::a11y::XULLabelAccessible::NativeState 	accessible/src/xul/XULElementAccessibles.cpp:55
3 	libxul.so 	Accessible::State 	accessible/src/generic/Accessible.cpp:1450
4 	libxul.so 	refStateSetCB 	accessible/src/atk/AccessibleWrap.cpp:885
5 	libatk-1.0.so.0.20409.1 	libatk-1.0.so.0.20409.1@0xb255 
...

More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsIFrame%3A%3AGetStyleXUL%28%29
https://crash-stats.mozilla.com/report/list?signature=Accessible%3A%3ANativeState
Comment 1 David Bolter [:davidb] 2012-07-23 06:51:44 PDT
Assigning based on suspected regression cause.
Comment 2 Trevor Saunders (:tbsaunde) 2012-07-23 11:03:17 PDT
Created attachment 644982 [details] [diff] [review]
patch
Comment 3 David Bolter [:davidb] 2012-07-23 11:12:59 PDT
Comment on attachment 644982 [details] [diff] [review]
patch

Review of attachment 644982 [details] [diff] [review]:
-----------------------------------------------------------------

Why not just check the frame before using it (a one line patch)?
Comment 4 Trevor Saunders (:tbsaunde) 2012-07-23 11:22:49 PDT
(In reply to David Bolter [:davidb] from comment #3)
> Comment on attachment 644982 [details] [diff] [review]
> patch
> 
> Review of attachment 644982 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> Why not just check the frame before using it (a one line patch)?

trying to not check things multiple times, something wrong with it?
Comment 5 David Bolter [:davidb] 2012-07-23 11:37:41 PDT
(In reply to Trevor Saunders (:tbsaunde) from comment #4)
> (In reply to David Bolter [:davidb] from comment #3)
 
> trying to not check things multiple times, something wrong with it?

I guess it is either two isXUL checks or two frame checks, I'm more used to frame checks but meh.
Comment 6 Marcia Knous [:marcia - use ni] 2012-07-23 16:22:36 PDT
I hit this crash while trying to test another bug - https://crash-stats.mozilla.com/report/index/bp-c3b3de8d-3952-4aab-8fb6-089d12120723. At the time of the crash I was using the back button to navigate back from a site. If I can reproduce I will let you know.
Comment 7 Trevor Saunders (:tbsaunde) 2012-07-23 17:47:51 PDT
landed https://hg.mozilla.org/integration/mozilla-inbound/rev/fcc58ba01ef6
Comment 8 Trevor Saunders (:tbsaunde) 2012-07-23 17:50:10 PDT
(In reply to David Bolter [:davidb] from comment #5)
> (In reply to Trevor Saunders (:tbsaunde) from comment #4)
> > (In reply to David Bolter [:davidb] from comment #3)
>  
> > trying to not check things multiple times, something wrong with it?
> 
> I guess it is either two isXUL checks or two frame checks, I'm more used to
> frame checks but meh.

true, but I realized I'd have to do the second IsXUL() check after I started changing stuff...
Comment 9 Ed Morley [:emorley] 2012-07-24 02:57:55 PDT
https://hg.mozilla.org/mozilla-central/rev/fcc58ba01ef6

Note You need to log in before you can comment on or make changes to this bug.