Closed Bug 945308 Opened 11 years ago Closed 11 years ago

crash in mozilla::a11y::HyperTextAccessible::GetBoundsInFrame(nsIFrame*, unsigned int, unsigned int)

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Version:
28 Branch
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla28

People

(Reporter: tracy, Assigned: surkov)

Details

(Keywords: crash, topcrash-win)

Crash Data

Attachments

(1 file)

patch
879 bytes, patch
tbsaunde
: review+
Details | Diff | Splinter Review 
This bug was filed from the Socorro interface and is 
report bp-9fb19193-026a-4e3f-ad36-b8f7f2131202.
=============================================================

This has risen to the #2 topcrasher on Nightly (Fx28) on builds since 2013112605. Appears to be essentially isolated to Facebook, with a few random other sites in crash reports.  A few comments say just typing in comment they crashed.

Frame 	Module 	Signature 	Source
0 	xul.dll 	mozilla::a11y::HyperTextAccessible::GetBoundsInFrame(nsIFrame *,unsigned int,unsigned int) 	accessible/src/generic/HyperTextAccessible.cpp
1 	xul.dll 	mozilla::a11y::HyperTextAccessible::TextBounds(int,int,unsigned int) 	accessible/src/generic/HyperTextAccessible.cpp
2 	xul.dll 	mozilla::a11y::HyperTextAccessible::GetCaretRect(nsIWidget * *) 	accessible/src/generic/HyperTextAccessible.cpp
3 	xul.dll 	mozilla::a11y::AccessibleWrap::UpdateSystemCaretFor(mozilla::a11y::Accessible *) 	accessible/src/windows/msaa/AccessibleWrap.cpp
4 	xul.dll 	mozilla::a11y::AccessibleWrap::HandleAccEvent(mozilla::a11y::AccEvent *) 	accessible/src/windows/msaa/AccessibleWrap.cpp
5 	xul.dll 	mozilla::a11y::HyperTextAccessibleWrap::HandleAccEvent(mozilla::a11y::AccEvent *) 	accessible/src/windows/msaa/HyperTextAccessibleWrap.cpp
6 	xul.dll 	nsEventShell::FireEvent(mozilla::a11y::AccEvent *) 	accessible/src/base/nsEventShell.cpp
7 	xul.dll 	mozilla::a11y::FocusManager::ProcessFocusEvent(mozilla::a11y::AccEvent *) 	accessible/src/base/FocusManager.cpp
8 	xul.dll 	mozilla::a11y::EventQueue::ProcessEventQueue() 	accessible/src/base/EventQueue.cpp
9 	xul.dll 	mozilla::a11y::NotificationController::WillRefresh(mozilla::TimeStamp) 	accessible/src/base/NotificationController.cpp
10 	xul.dll 	nsRefreshDriver::Tick(__int64,mozilla::TimeStamp) 	layout/base/nsRefreshDriver.cpp
11 	xul.dll 	mozilla::RefreshDriverTimer::TickDriver(nsRefreshDriver *,__int64,mozilla::TimeStamp) 	layout/base/nsRefreshDriver.cpp
12 	xul.dll 	mozilla::RefreshDriverTimer::Tick() 	layout/base/nsRefreshDriver.cpp
13 	xul.dll 	nsTimerImpl::Fire() 	xpcom/threads/nsTimerImpl.cpp
14 	xul.dll 	nsThread::ProcessNextEvent(bool,bool *) 	xpcom/threads/nsThread.cpp
15 	xul.dll 	NS_ProcessNextEvent(nsIThread *,bool) 	xpcom/glue/nsThreadUtils.cpp
16 	xul.dll 	mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate *) 	ipc/glue/MessagePump.cpp
17 	xul.dll 	MessageLoop::RunHandler() 	ipc/chromium/src/base/message_loop.cc
18 	xul.dll 	MessageLoop::Run() 	ipc/chromium/src/base/message_loop.cc
19 	xul.dll 	nsBaseAppShell::Run() 	widget/xpwidgets/nsBaseAppShell.cpp
20 	xul.dll 	nsAppShell::Run() 	widget/windows/nsAppShell.cpp
21 	xul.dll 	nsAppStartup::Run() 	toolkit/components/startup/nsAppStartup.cpp
22 	xul.dll 	XREMain::XRE_mainRun() 	toolkit/xre/nsAppRunner.cpp
23 	xul.dll 	XREMain::XRE_main(int,char * * const,nsXREAppData const *) 	toolkit/xre/nsAppRunner.cpp
24 	xul.dll 	XRE_main 	toolkit/xre/nsAppRunner.cpp
25 	firefox.exe 	do_main 	browser/app/nsBrowserApp.cpp
26 	firefox.exe 	NS_internal_main(int,char * *) 	browser/app/nsBrowserApp.cpp
27 	firefox.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp
28 	firefox.exe 	__tmainCRTStartup 	f:/dd/vctools/crt_bld/self_x86/crt/src/crtexe.c
29 	kernel32.dll 	BaseThreadInitThunk 	
30 	ntdll.dll 	__RtlUserThreadStart 	
31 	ntdll.dll 	_RtlUserThreadStart
seems to be broken tree, assert (it should be in a good state at WillRefresh) + null check
Attached patch patchSplinter Review 
Assignee: nobody → surkov.alexander
Status: NEW → ASSIGNED

        Attachment #8341760 -
        Flags: review?(trev.saunders)

    
    

    
  
Comment on attachment 8341760 [details] [diff] [review]
patch

ugh :(

        Attachment #8341760 -
        Flags: review?(trev.saunders) → review+

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/87468d6fc936
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28

    
    

    
  
Calling this verified fixed since there are no reports of this signature with a build ID newer than 2013120503.
Status: RESOLVED → VERIFIED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: