Closed Bug 945308 Opened 6 years ago Closed 6 years ago

crash in mozilla::a11y::HyperTextAccessible::GetBoundsInFrame(nsIFrame*, unsigned int, unsigned int)

Categories

(Core :: Disability Access APIs, defect, critical)

28 Branch
x86
All
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla28

People

(Reporter: tracy, Assigned: surkov)

Details

(Keywords: crash, topcrash-win)

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is 
report bp-9fb19193-026a-4e3f-ad36-b8f7f2131202.
=============================================================

This has risen to the #2 topcrasher on Nightly (Fx28) on builds since 2013112605. Appears to be essentially isolated to Facebook, with a few random other sites in crash reports.  A few comments say just typing in comment they crashed.

Frame 	Module 	Signature 	Source
0 	xul.dll 	mozilla::a11y::HyperTextAccessible::GetBoundsInFrame(nsIFrame *,unsigned int,unsigned int) 	accessible/src/generic/HyperTextAccessible.cpp
1 	xul.dll 	mozilla::a11y::HyperTextAccessible::TextBounds(int,int,unsigned int) 	accessible/src/generic/HyperTextAccessible.cpp
2 	xul.dll 	mozilla::a11y::HyperTextAccessible::GetCaretRect(nsIWidget * *) 	accessible/src/generic/HyperTextAccessible.cpp
3 	xul.dll 	mozilla::a11y::AccessibleWrap::UpdateSystemCaretFor(mozilla::a11y::Accessible *) 	accessible/src/windows/msaa/AccessibleWrap.cpp
4 	xul.dll 	mozilla::a11y::AccessibleWrap::HandleAccEvent(mozilla::a11y::AccEvent *) 	accessible/src/windows/msaa/AccessibleWrap.cpp
5 	xul.dll 	mozilla::a11y::HyperTextAccessibleWrap::HandleAccEvent(mozilla::a11y::AccEvent *) 	accessible/src/windows/msaa/HyperTextAccessibleWrap.cpp
6 	xul.dll 	nsEventShell::FireEvent(mozilla::a11y::AccEvent *) 	accessible/src/base/nsEventShell.cpp
7 	xul.dll 	mozilla::a11y::FocusManager::ProcessFocusEvent(mozilla::a11y::AccEvent *) 	accessible/src/base/FocusManager.cpp
8 	xul.dll 	mozilla::a11y::EventQueue::ProcessEventQueue() 	accessible/src/base/EventQueue.cpp
9 	xul.dll 	mozilla::a11y::NotificationController::WillRefresh(mozilla::TimeStamp) 	accessible/src/base/NotificationController.cpp
10 	xul.dll 	nsRefreshDriver::Tick(__int64,mozilla::TimeStamp) 	layout/base/nsRefreshDriver.cpp
11 	xul.dll 	mozilla::RefreshDriverTimer::TickDriver(nsRefreshDriver *,__int64,mozilla::TimeStamp) 	layout/base/nsRefreshDriver.cpp
12 	xul.dll 	mozilla::RefreshDriverTimer::Tick() 	layout/base/nsRefreshDriver.cpp
13 	xul.dll 	nsTimerImpl::Fire() 	xpcom/threads/nsTimerImpl.cpp
14 	xul.dll 	nsThread::ProcessNextEvent(bool,bool *) 	xpcom/threads/nsThread.cpp
15 	xul.dll 	NS_ProcessNextEvent(nsIThread *,bool) 	xpcom/glue/nsThreadUtils.cpp
16 	xul.dll 	mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate *) 	ipc/glue/MessagePump.cpp
17 	xul.dll 	MessageLoop::RunHandler() 	ipc/chromium/src/base/message_loop.cc
18 	xul.dll 	MessageLoop::Run() 	ipc/chromium/src/base/message_loop.cc
19 	xul.dll 	nsBaseAppShell::Run() 	widget/xpwidgets/nsBaseAppShell.cpp
20 	xul.dll 	nsAppShell::Run() 	widget/windows/nsAppShell.cpp
21 	xul.dll 	nsAppStartup::Run() 	toolkit/components/startup/nsAppStartup.cpp
22 	xul.dll 	XREMain::XRE_mainRun() 	toolkit/xre/nsAppRunner.cpp
23 	xul.dll 	XREMain::XRE_main(int,char * * const,nsXREAppData const *) 	toolkit/xre/nsAppRunner.cpp
24 	xul.dll 	XRE_main 	toolkit/xre/nsAppRunner.cpp
25 	firefox.exe 	do_main 	browser/app/nsBrowserApp.cpp
26 	firefox.exe 	NS_internal_main(int,char * *) 	browser/app/nsBrowserApp.cpp
27 	firefox.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp
28 	firefox.exe 	__tmainCRTStartup 	f:/dd/vctools/crt_bld/self_x86/crt/src/crtexe.c
29 	kernel32.dll 	BaseThreadInitThunk 	
30 	ntdll.dll 	__RtlUserThreadStart 	
31 	ntdll.dll 	_RtlUserThreadStart
seems to be broken tree, assert (it should be in a good state at WillRefresh) + null check
Attached patch patchSplinter Review
Assignee: nobody → surkov.alexander
Status: NEW → ASSIGNED
Attachment #8341760 - Flags: review?(trev.saunders)
Comment on attachment 8341760 [details] [diff] [review]
patch

ugh :(
Attachment #8341760 - Flags: review?(trev.saunders) → review+
https://hg.mozilla.org/mozilla-central/rev/87468d6fc936
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
Calling this verified fixed since there are no reports of this signature with a build ID newer than 2013120503.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.