Closed
Bug 1525455
Opened 6 years ago
Closed 5 years ago
crash near null in [@ mozilla::a11y::DocAccessibleParent::ParentDoc]
Categories
(Core :: Disability Access APIs, defect, P3)
Core
Disability Access APIs
Tracking
()
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, csectype-nullptr, testcase)
Attachments
(1 file, 1 obsolete file)
|
254 bytes,
text/html
|
Details |
==10164==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000060 (pc 0x7f6fae41c89a bp 0x7ffd9d547130 sp 0x7ffd9d547120 T0)
==10164==The signal is caused by a READ memory access.
==10164==Hint: address points to the zero page.
#0 0x7f6fae41c899 in mozilla::a11y::DocAccessibleParent::ParentDoc() const src/accessible/ipc/DocAccessibleParent.cpp:592:7
#1 0x7f6fae416f3f in Unbind src/obj-firefox/dist/include/mozilla/a11y/DocAccessibleParent.h:126:39
#2 0x7f6fae416f3f in mozilla::a11y::ProxyAccessibleBase<mozilla::a11y::ProxyAccessible>::Shutdown() src/accessible/ipc/ProxyAccessibleBase.cpp:41
#3 0x7f6fae415f8f in mozilla::a11y::DocAccessibleParent::RecvHideEvent(unsigned long const&, bool const&) src/accessible/ipc/DocAccessibleParent.cpp:185:9
#4 0x7f6fa1741797 in mozilla::a11y::PDocAccessibleParent::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PDocAccessibleParent.cpp:7313:20
#5 0x7f6fa15b6f82 in mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PContentParent.cpp:3799:28
#6 0x7f6fa12088b9 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2160:21
#7 0x7f6fa120423a in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2087:9
#8 0x7f6fa1206441 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1936:3
#9 0x7f6fa1207307 in mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1967:13
#10 0x7f6f9ff611c6 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1162:14
#11 0x7f6f9ff68f8d in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:474:10
#12 0x7f6fa1211ccf in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:88:21
#13 0x7f6fa10fe83e in RunInternal src/ipc/chromium/src/base/message_loop.cc:315:10
#14 0x7f6fa10fe83e in RunHandler src/ipc/chromium/src/base/message_loop.cc:308
#15 0x7f6fa10fe83e in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290
#16 0x7f6faa3e4833 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#17 0x7f6faecd8e90 in nsAppStartup::Run() src/toolkit/components/startup/nsAppStartup.cpp:271:30
#18 0x7f6faefc53a0 in XREMain::XRE_mainRun() src/toolkit/xre/nsAppRunner.cpp:4699:22
#19 0x7f6faefc7d99 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:4837:8
#20 0x7f6faefc97e3 in XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:4921:21
#21 0x55a7bb16668c in do_main src/browser/app/nsBrowserApp.cpp:214:22
#22 0x55a7bb16668c in main src/browser/app/nsBrowserApp.cpp:293
Flags: in-testsuite?
|
||
Updated•6 years ago
|
Priority: -- → P3
|
Reporter | |
Comment 1•6 years ago
|
||
More reliable testcase.
Attachment #9041626 -
Attachment is obsolete: true
|
|
Reporter | |
Updated•6 years ago
|
status-firefox69:
--- → wontfix
status-firefox70:
--- → affected
status-firefox71:
--- → affected
status-firefox-esr68:
--- → affected
Keywords: csectype-nullptr
|
|
||
Comment 2•6 years ago
|
||
I can't reproduce this crash running the test case on a Windows nightly. I haven't tried on Linux though.
|
|
Reporter | |
Comment 3•5 years ago
|
||
This was last seen by the fuzzers running m-c 20191107-ac63c8962183.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
|
||
Updated•5 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•