Closed Bug 1804991 Opened 2 years ago Closed 2 years ago

mozilla::detail::InvalidArrayIndex_CRASH(unsigned long, unsigned long) when stringifying empty array

Tracking

()

Status:

RESOLVED FIXED

Milestone:

109 Branch

Tracking Flags:

Tracking

Status

firefox109

---

fixed

People

(Reporter: morgan, Assigned: morgan)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1804991: Issue a warning if we attempt to stringify an empty array, but don't crash r?nlapre 2 years ago Morgan Reschenberg [:morgan] (deleted), text/x-phabricator-request		Details

Morgan Reschenberg [:morgan]

Assignee

Description

•

2 years ago

As above. Stack:

(lldb) bt
* thread #1, name = 'firefox', stop reason = signal SIGSEGV: invalid address (fault address: 0x0)
  * frame #0: 0x00005555557903d1 firefox`mozilla::detail::InvalidArrayIndex_CRASH(unsigned long, unsigned long) [inlined] MOZ_Crash(aFilename="/home/morgan/mozilla-unified/mfbt/Assertions.cpp", aLine=51, aReason="ElementAt(aIndex = 0, aLength = 0)") at Assertions.h:261:3
    frame #1: 0x00005555557903bc firefox`mozilla::detail::InvalidArrayIndex_CRASH(aIndex=0, aLength=0) at Assertions.cpp:50
    frame #2: 0x00007fffe42a51d0 libxul.so`nsTArray_Impl<unsigned long, nsTArrayInfallibleAllocator>::ElementAt(this=0x00007fffb58d4178, aIndex=0) const at nsTArray.h:1205:7
    frame #3: 0x00007fffe42a515d libxul.so`nsTArray_Impl<unsigned long, nsTArrayInfallibleAllocator>::operator[](this=0x00007fffb58d4178, aIndex=0) const at nsTArray.h:1236:12
    frame #4: 0x00007fffed65e91b libxul.so`mozilla::a11y::AccAttributes::StringFromValueAndName(this=0x00007fffffff38b8, val=0x00007fffb58d4178)::$_16::operator()(nsTArray<unsigned long> const&) const at AccAttributes.cpp:78:34

In theory we probably shouldn't be storing empty arrays (we should just be using delete entries) but in any case we should make this fail nicely instead of crashing.

Morgan Reschenberg [:morgan]

Assignee

Comment 1

•

2 years ago

Attached file Bug 1804991: Issue a warning if we attempt to stringify an empty array, but don't crash r?nlapre (deleted) — Details

Pulsebot

Comment 2

•

2 years ago

Pushed by mreschenberg@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d34ecc9e78a3 Issue a warning if we attempt to stringify an empty array, but don't crash r=nlapre

Atila Butkovits

Comment 3

•

2 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/d34ecc9e78a3

Status: NEW → RESOLVED

Closed: 2 years ago

status-firefox109: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → 109 Branch

You need to log in before you can comment on or make changes to this bug.

Bugzilla

mozilla::detail::InvalidArrayIndex_CRASH(unsigned long, unsigned long) when stringifying empty array

Categories

(Core :: Disability Access APIs, defect, P4)

Tracking

()

People

(Reporter: morgan, Assigned: morgan)

References

(Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Comment 3

Attachment

General

Description

File Name

Content Type