commit 8ba0e2ee02b0
Author: Aaron Klotz <aklotz@mozilla.com>
Date:   Wed Oct 4 09:12:25 2017 -0600

    Bug 1383501 - Do not crash when TabParent::RecvPDocAccessibleConstructor receives a null COM proxy sent to the parent process. r=jimm, a=ritu
    
    MozReview-Commit-ID: 5IOuLXc375T
    
    --HG--
    extra : source : e2a6e2ddfa184b5a1f410408d7232ed0041a360f
---
 accessible/ipc/win/ProxyAccessible.cpp |  2 +-
 accessible/ipc/win/ProxyAccessible.h   | 13 ++++++++++++-
 dom/ipc/TabParent.cpp                  |  2 ++
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git accessible/ipc/win/ProxyAccessible.cpp accessible/ipc/win/ProxyAccessible.cpp
index 0942e280ea30..383ece99fb0c 100644
--- accessible/ipc/win/ProxyAccessible.cpp
+++ accessible/ipc/win/ProxyAccessible.cpp
@@ -34,7 +34,7 @@ ProxyAccessible::GetCOMInterface(void** aOutAccessible) const
     return false;
   }
 
-  if (!mCOMProxy) {
+  if (!mCOMProxy && mSafeToRecurse) {
     // See if we can lazily obtain a COM proxy
     AccessibleWrap* wrap = WrapperFor(this);
     bool isDefunct = false;
diff --git accessible/ipc/win/ProxyAccessible.h accessible/ipc/win/ProxyAccessible.h
index 83f1e6093253..4fd897e588fe 100644
--- accessible/ipc/win/ProxyAccessible.h
+++ accessible/ipc/win/ProxyAccessible.h
@@ -27,6 +27,7 @@ public:
   ProxyAccessible(uint64_t aID, ProxyAccessible* aParent,
                   DocAccessibleParent* aDoc, role aRole, uint32_t aInterfaces)
     : ProxyAccessibleBase(aID, aParent, aDoc, aRole, aInterfaces)
+    , mSafeToRecurse(true)
   {
     MOZ_COUNT_CTOR(ProxyAccessible);
   }
@@ -40,7 +41,16 @@ public:
 
   bool GetCOMInterface(void** aOutAccessible) const;
   void SetCOMInterface(const RefPtr<IAccessible>& aIAccessible)
-  { mCOMProxy = aIAccessible; }
+  {
+    if (aIAccessible) {
+      mCOMProxy = aIAccessible;
+    } else {
+      // If we were supposed to be receiving an interface (hence the call to
+      // this function), but the interface turns out to be null, then we're
+      // broken for some reason.
+      mSafeToRecurse = false;
+    }
+  }
 
 protected:
   explicit ProxyAccessible(DocAccessibleParent* aThisAsDoc)
@@ -49,6 +59,7 @@ protected:
 
 private:
   RefPtr<IAccessible> mCOMProxy;
+  bool                mSafeToRecurse;
 };
 
 }
diff --git dom/ipc/TabParent.cpp dom/ipc/TabParent.cpp
index 7fc5689e6211..d8733a377219 100644
--- dom/ipc/TabParent.cpp
+++ dom/ipc/TabParent.cpp
@@ -972,9 +972,11 @@ TabParent::RecvPDocAccessibleConstructor(PDocAccessibleParent* aDoc,
 #ifdef XP_WIN
     a11y::WrapperFor(doc)->SetID(aMsaaID);
     MOZ_ASSERT(!aDocCOMProxy.IsNull());
+#ifdef NIGHTLY_BUILD
     if (aDocCOMProxy.IsNull()) {
       return IPC_FAIL(this, "Constructing a top-level PDocAccessible with null COM proxy");
     }
+#endif
 
     RefPtr<IAccessible> proxy(aDocCOMProxy.Get());
     doc->SetCOMInterface(proxy);