Closed Bug 1696272 Opened 4 years ago Closed 2 years ago

Assertion failure: button->IsButton(), at /builds/worker/checkouts/gecko/accessible/html/HTMLFormControlAccessible.cpp:485

Categories

(Core :: Disability Access APIs, defect, P3)

Product:
Core
Component:
Disability Access APIs
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1415960
Tracking Flags:
Tracking Status
firefox88 --- affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase, Whiteboard: [bugmon:bisected,confirmed])

Attachments

(1 file)

testcase.html
(deleted), text/html
Details
Attached file testcase.html (deleted) —

First detected while fuzzing m-c 20210301-c2a11810933e

#0 0x7fd10f557e11 in mozilla::a11y::HTMLFileInputAccessible::CurrentItem() const src/accessible/html/HTMLFormControlAccessible.cpp:485:3
#1 0x7fd10f4fbb5c in mozilla::a11y::FocusManager::ProcessFocusEvent(mozilla::a11y::AccEvent*) src/accessible/base/FocusManager.cpp:285:43
#2 0x7fd10f4fb417 in mozilla::a11y::EventQueue::ProcessEventQueue() src/accessible/base/EventQueue.cpp:322:21
#3 0x7fd10f504d99 in mozilla::a11y::NotificationController::WillRefresh(mozilla::TimeStamp) src/accessible/base/NotificationController.cpp:889:3
#4 0x7fd10e3ddd1e in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:2138:12
#5 0x7fd10e3e60d1 in TickDriver src/layout/base/nsRefreshDriver.cpp:357:13
#6 0x7fd10e3e60d1 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) src/layout/base/nsRefreshDriver.cpp:336:7
#7 0x7fd10e3e5faf in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:351:5
#8 0x7fd10e3e5558 in RunRefreshDrivers src/layout/base/nsRefreshDriver.cpp:799:5
#9 0x7fd10e3e5558 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:722:16
#10 0x7fd10e3e4e70 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyParentProcessVsync() src/layout/base/nsRefreshDriver.cpp:624:7
#11 0x7fd10e3e48e9 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) src/layout/base/nsRefreshDriver.cpp:545:9
#12 0x7fd10dbc83e6 in mozilla::dom::VsyncChild::RecvNotify(mozilla::VsyncEvent const&, float const&) src/dom/ipc/VsyncChild.cpp:68:15
#13 0x7fd10a8ff0d0 in mozilla::dom::PVsyncChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PVsyncChild.cpp:178:54
#14 0x7fd10a69492c in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBackgroundChild.cpp:6243:32
#15 0x7fd10a34fcae in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2153:25
#16 0x7fd10a34c26d in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2077:9
#17 0x7fd10a34d716 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1925:3
#18 0x7fd10a34e45b in mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1956:13
#19 0x7fd109a1bfff in mozilla::RunnableTask::Run() src/xpcom/threads/TaskController.cpp:472:16
#20 0x7fd109a1a570 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:760:26
#21 0x7fd109a19334 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:611:15
#22 0x7fd109a194e7 in mozilla::TaskController::ProcessPendingMTTask(bool) src/xpcom/threads/TaskController.cpp:395:36
#23 0x7fd109a1fe16 in operator() src/xpcom/threads/TaskController.cpp:133:37
#24 0x7fd109a1fe16 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_3>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:534:5
#25 0x7fd109a31307 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1158:16
#26 0x7fd109a3795a in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:548:10
#27 0x7fd10a355596 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:87:21
#28 0x7fd10a2c09e3 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:335:10
#29 0x7fd10a2c08fd in RunHandler src/ipc/chromium/src/base/message_loop.cc:328:3
#30 0x7fd10a2c08fd in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:310:3
#31 0x7fd10e12d028 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#32 0x7fd10f97c153 in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:902:20
#33 0x7fd10a35647c in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:237:9
#34 0x7fd10a2c09e3 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:335:10
#35 0x7fd10a2c08fd in RunHandler src/ipc/chromium/src/base/message_loop.cc:328:3
#36 0x7fd10a2c08fd in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:310:3
#37 0x7fd10f97bd28 in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:733:34
#38 0x5587adb6efa6 in content_process_main src/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
#39 0x5587adb6efa6 in main src/browser/app/nsBrowserApp.cpp:309:18
#40 0x7fd11f7b30b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#41 0x5587adb4cd4c in _start (/home/worker/builds/m-c-20210301162538-fuzzing-debug/firefox-bin+0x14d4c)

Note for bugmon: GNOME_ACCESSIBILITY=1

Flags: in-testsuite?

A Pernosco session is available here: https://pernos.co/debug/YQlOdrspu64SWab7tp195w/index.html

Keywords: bugmon

Bugmon Analysis:
Verified bug as reproducible on mozilla-central 20210304040740-eee3ec3004e4.
Failed to bisect testcase (Testcase reproduces on start build!):

Start: 1e4b37c9e558728666cf1d006d95677acc7f8153 (20200305041649)
End: c2a11810933e52b8b527bb277e11f877aec6379a (20210301162538)
BuildFlags: BuildFlags(asan=False, tsan=False, debug=True, fuzzing=False, coverage=False, valgrind=False)

Whiteboard: [bugmon:bisected,confirmed]
Severity: -- → S3
Priority: -- → P3

Bugmon Analysis
The bug appears to have been fixed in the following build range:

Start: 2dc4b168d50379bfdda379fd9db9d0da3e1f4b7f (20210322151737)
End: 0d612680ffc455d340c0d637bfff5f592a011ca1 (20210322163452)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=2dc4b168d50379bfdda379fd9db9d0da3e1f4b7f&tochange=0d612680ffc455d340c0d637bfff5f592a011ca1
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.

Keywords: bugmon

:eeejay, is it possible that this was fixed via bug 1415960?

Flags: needinfo?(eitan)

(In reply to Jason Kratzer [:jkratzer] from comment #4)

:eeejay, is it possible that this was fixed via bug 1415960?

That is likely :) sorry for the late reply.

Flags: needinfo?(eitan)
Status: NEW → RESOLVED
Closed: 2 years ago
Duplicate of bug: 1415960
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: