Closed
Bug 1194859
Opened 9 years ago
Closed 9 years ago
crash in mozilla::a11y::ARIAGridCellAccessible::GroupPosition()
Categories
(Core :: Disability Access APIs, defect)
Tracking
()
RESOLVED
FIXED
mozilla43
People
(Reporter: away, Assigned: surkov)
References
Details
(Keywords: crash)
Crash Data
Attachments
(2 files)
1.79 KB,
patch
|
MarcoZ
:
review+
Sylvestre
:
approval-mozilla-aurora+
Sylvestre
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
1.65 KB,
patch
|
MarcoZ
:
review+
Sylvestre
:
approval-mozilla-aurora+
Sylvestre
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-199b1006-4e4d-4751-bbfc-dcb2a2150813. ============================================================= This signature spiked in 41b1 (because this code is new to 41). Frame Module Signature Source 0 xul.dll mozilla::a11y::ARIAGridCellAccessible::GroupPosition() accessible/generic/ARIAGridAccessible.cpp 1 xul.dll mozilla::a11y::Accessible::NativeAttributes() accessible/generic/Accessible.cpp 2 xul.dll mozilla::a11y::HyperTextAccessible::NativeAttributes() accessible/generic/HyperTextAccessible.cpp 3 xul.dll mozilla::a11y::ARIAGridCellAccessible::NativeAttributes() accessible/generic/ARIAGridAccessible.cpp 4 xul.dll mozilla::a11y::Accessible::Attributes() accessible/generic/Accessible.cpp 5 xul.dll mozilla::a11y::ia2Accessible::get_attributes(wchar_t**) accessible/windows/ia2/ia2Accessible.cpp
[Tracking Requested - why for this release]: topcrash on 41
Crash Signature: [@ mozilla::a11y::ARIAGridCellAccessible::GroupPosition()] → [@ mozilla::a11y::ARIAGridCellAccessible::GroupPosition()]
[@ mozilla::a11y::HTMLTableCellAccessible::GroupPosition() ]
status-firefox40:
--- → unaffected
status-firefox41:
--- → affected
status-firefox42:
--- → affected
status-firefox43:
--- → affected
tracking-firefox41:
--- → ?
http://hg.mozilla.org/releases/mozilla-beta/annotate/be2423a7ec20/accessible/generic/ARIAGridAccessible.cpp#l693 Something in this chain is null: Table()->AsAccessible()->GetContent(). I think it is the |Table()|.
Flags: needinfo?(surkov.alexander)
Tracked for 41 and 42 as crashes are bad.
tracking-firefox42:
--- → +
Assignee | ||
Comment 4•9 years ago
|
||
Assignee: nobody → surkov.alexander
Flags: needinfo?(surkov.alexander)
Attachment #8649278 -
Flags: review?(mzehe)
Comment 5•9 years ago
|
||
Comment on attachment 8649278 [details] [diff] [review] patch r=me. Do we have other places in our table code where we have similar constructs that could bite us in the future?
Attachment #8649278 -
Flags: review?(mzehe) → review+
Assignee | ||
Comment 6•9 years ago
|
||
(In reply to Marco Zehe (:MarcoZ) from comment #5) > Comment on attachment 8649278 [details] [diff] [review] > patch > > r=me. Do we have other places in our table code where we have similar > constructs that could bite us in the future? it seems no other places.
Comment 8•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/2e89ce960e5f
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
Alexander, given that this was a top crash for 41, do you want to request uplift to Beta on this patch? It looks safe to me but you are the best judge. Thanks!
Flags: needinfo?(surkov.alexander)
Assignee | ||
Comment 10•9 years ago
|
||
Comment on attachment 8649278 [details] [diff] [review] patch Approval Request Comment [Feature/regressing bug #]: bug 1177268 [User impact if declined]: assistive technologies users keep crashing [Describe test coverage new/current, TreeHerder]: not covered [Risks and why]: no risk, a null check [String/UUID change made/needed]: no
Flags: needinfo?(surkov.alexander)
Attachment #8649278 -
Flags: approval-mozilla-beta?
Attachment #8649278 -
Flags: approval-mozilla-aurora?
Comment 11•9 years ago
|
||
Comment on attachment 8649278 [details] [diff] [review] patch Fix a top crash, taking it.
Attachment #8649278 -
Flags: approval-mozilla-beta?
Attachment #8649278 -
Flags: approval-mozilla-beta+
Attachment #8649278 -
Flags: approval-mozilla-aurora?
Attachment #8649278 -
Flags: approval-mozilla-aurora+
Reporter | ||
Comment 14•9 years ago
|
||
This crash is still seen on all channels where the patch landed. Looking at the disassembly of beta4, I'm pretty certain the null pointer is |Table()|, not |table|.
Status: RESOLVED → REOPENED
Flags: needinfo?(surkov.alexander)
Resolution: FIXED → ---
Assignee | ||
Comment 15•9 years ago
|
||
Flags: needinfo?(surkov.alexander)
Attachment #8653627 -
Flags: review?(mzehe)
Comment 16•9 years ago
|
||
Comment on attachment 8653627 [details] [diff] [review] patch2 Review of attachment 8653627 [details] [diff] [review]: ----------------------------------------------------------------- Yikes! *That* is where it failed! OK, let's hope that we've now kicked it into obedience! Thanks! r=me.
Comment 17•9 years ago
|
||
Comment on attachment 8653627 [details] [diff] [review] patch2 Umm ... I said: r=me!
Attachment #8653627 -
Flags: review?(mzehe) → review+
Reporter | ||
Comment 18•9 years ago
|
||
Comment on attachment 8653627 [details] [diff] [review] patch2 Review of attachment 8653627 [details] [diff] [review]: ----------------------------------------------------------------- ::: accessible/generic/ARIAGridAccessible.cpp @@ +690,5 @@ > ARIAGridCellAccessible::GroupPosition() > { > int32_t count = 0, index = 0; > + Accessible* table = Table(); > + if (table && nsCoreUtils::GetUIntAttr(table->->AsAccessible()->GetContent(), There's a double arrow here.
Comment 20•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/eb84e5f9c664
Status: REOPENED → RESOLVED
Closed: 9 years ago → 9 years ago
Resolution: --- → FIXED
Comment 21•9 years ago
|
||
Please request Aurora/Beta approval on this when you get a chance.
Flags: needinfo?(surkov.alexander)
Comment 22•9 years ago
|
||
Comment on attachment 8653627 [details] [diff] [review] patch2 Approval Request Comment [Feature/regressing bug #]: bug 1177268 [User impact if declined]: Crashes. [Describe test coverage new/current, TreeHerder]: On Central, follow-up/corrected patch to previous one from this bug. [Risks and why]: Null check. [String/UUID change made/needed]: None.
Flags: needinfo?(surkov.alexander)
Attachment #8653627 -
Flags: approval-mozilla-beta?
Attachment #8653627 -
Flags: approval-mozilla-aurora?
Comment 23•9 years ago
|
||
Comment on attachment 8653627 [details] [diff] [review] patch2 > [Risks and why]: Null check. I don't see a risk evaluation here?! Please be more explicit for future uplift requests.
Attachment #8653627 -
Flags: approval-mozilla-beta?
Attachment #8653627 -
Flags: approval-mozilla-beta+
Attachment #8653627 -
Flags: approval-mozilla-aurora?
Attachment #8653627 -
Flags: approval-mozilla-aurora+
You need to log in
before you can comment on or make changes to this bug.
Description
•