Closed
Bug 1203861
Opened 9 years ago
Closed 9 years ago
Infinite accessible name change events when hovering mouse over certain MIME-encoded subjects
Categories
(Core :: Disability Access APIs, defect)
Tracking
()
RESOLVED
FIXED
mozilla46
People
(Reporter: jdiggs, Assigned: tbsaunde)
References
(Blocks 1 open bug)
Details
(Keywords: hang, testcase)
Attachments
(4 files)
868 bytes,
message/rfc822
|
Details | |
544 bytes,
text/x-python
|
Details | |
9.74 KB,
text/plain
|
Details | |
1.48 KB,
patch
|
davidb
:
review+
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
Steps to reproduce:
1. Import the attached mail message in Thunderbird
2. Quit Thunderbird
3. Launched the attached pyatspi accessible event listener in a terminal
4. Launch Thunderbird
5. Click on the mail folder which holds the imported mail message
6. Hover the mouse pointer over the imported mail message in the message list
which should cause a tooltip with the subject to popup
Results:
1. The listener will (after a slight delay) spew out 20,000 object:property-change:accessible-name events for the tooltip and then bail. An Orca user provided me with debut output with over 500,000 events.
2. Thunderbird becomes (and remains, from what I've seen) non-responsive and needs to be terminated. (Stacktrace will follow.)
Note: If you perform the steps with other messages, things work as expected. As best as I can tell, the bug only happens with certain MIME-encoded subjects.
Reporter | ||
Comment 1•9 years ago
|
||
Reporter | ||
Comment 2•9 years ago
|
||
Updated•9 years ago
|
Reporter | ||
Comment 3•9 years ago
|
||
Ping? I just had to force quit Thunderbird because of this bug.
Updated•9 years ago
|
Severity: major → critical
Assignee | ||
Comment 4•9 years ago
|
||
AtkObject stores the name as a C string, but nsCString can store strings with
'\0' in the middle. That means that if we compute a name containing '\0'
nsCString.equals() will nevr consider that string to be equal to
AtkObject::name, however we only want to compare up to the first '\0' because
that is the only part Atk will ever see. So we should use strncmp() instead of
nsCString.equals().
Attachment #8704836 -
Flags: review?(dbolter)
Comment 5•9 years ago
|
||
Comment on attachment 8704836 [details] [diff] [review]
use strncmp() instead of nsCString.equals() to compare names
Review of attachment 8704836 [details] [diff] [review]:
-----------------------------------------------------------------
I love your commit messages.
Attachment #8704836 -
Flags: review?(dbolter) → review+
Comment 7•9 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 46.0
Updated•9 years ago
|
Assignee: nobody → tbsaunde+mozbugs
Assignee | ||
Comment 8•9 years ago
|
||
Comment on attachment 8704836 [details] [diff] [review]
use strncmp() instead of nsCString.equals() to compare names
Approval Request Comment
[Feature/regressing bug #]:none
[User impact if declined]:crashes with email subjects containing null bytes, and probably other places where the names of things contain '\0'
[Describe test coverage new/current, TreeHerder]: on m-c so for a week without regression, and manually tested the bug in thunderbird is gone.
[Risks and why]: low, it should mean in the worst case we don't fire an event we should.
[String/UUID change made/needed]:
Attachment #8704836 -
Flags: approval-mozilla-aurora?
Comment 9•9 years ago
|
||
Trevor, does this has any potential impact on Firefox?
Thanks
Flags: needinfo?(tbsaunde+mozbugs)
Assignee | ||
Comment 10•9 years ago
|
||
(In reply to Sylvestre Ledru [:sylvestre] from comment #9)
> Trevor, does this has any potential impact on Firefox?
> Thanks
yes, I suspect that you can trigger the same bug in firefox rather easily, but I have not tried. Its a rather odd edge case so I'm not totally suprised we haven't heard about it being a problem in Firefox.
Flags: needinfo?(tbsaunde+mozbugs)
Comment 11•9 years ago
|
||
Comment on attachment 8704836 [details] [diff] [review]
use strncmp() instead of nsCString.equals() to compare names
OK, let's take it. We still can always backout this patch if it causes unexpected regressions in Firefox.
Attachment #8704836 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 12•9 years ago
|
||
bugherder uplift |
status-thunderbird45:
--- → fixed
status-thunderbird46:
--- → fixed
Moving to Core so I can set the flags to stop showing this in our uplift queries.
status-thunderbird45:
fixed → ---
status-thunderbird46:
fixed → ---
Component: Disability Access → Disability Access APIs
Product: Thunderbird → Core
Target Milestone: Thunderbird 46.0 → mozilla46
status-firefox45:
--- → fixed
status-firefox46:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•