Closed Bug 1320192 Opened 6 years ago Closed 6 years ago

[a11y] Flash player crashes on 51.0b2 32bitwith e10s when Windows10 Narrator is activated

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Version:
51 Branch
Platform:
x86
Windows 10
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla53
Tracking Flags:
Tracking Status
firefox50 --- wontfix
firefox51 --- wontfix
firefox52 --- verified
firefox53 --- fixed

People

(Reporter: alice0775, Assigned: bugzilla)

References

(
URL
)

Details

(Keywords: crash, Whiteboard: [DUPEME])

Attachments

(3 files)

screenshot
67.08 KB, image/png
Details
Settings narrator
20.34 KB, image/png
Details
Patch
2.36 KB, patch
tbsaunde
: review+
jcristau
: approval-mozilla-aurora+
Details | Diff | Splinter Review
Attached image screenshot 
[Tracking Requested - why for this release]: Flash Player crashes when Narrator is activated

Build Identifier:
https://hg.mozilla.org/releases/mozilla-beta/rev/749a8d32b74eae516b9427f28aad4ec1c11e0a54
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0 ID:20161115182233

Flash Player 23.0.0.207 crashes when Windows10 Narrator is activated.

Affected to:
Firefox51.0b2 32bit w/ e10s.
Aurora52.0a2 32bit w/ e10s & dom.ipc.plugins.asyncdrawing.enabled=false.
Nightly53.0a1 32bit w/ e10s & dom.ipc.plugins.asyncdrawing.enabled=false & security.sandbox.content.level=1.

Reproducible : often

Steps To Reproduce:
1. Activate Narrator
   (Win+U then turn on)
2. Start Firefox51.0b2 with e10s
3. Open http://emk.name/test/swftxt.html
4. Repeatedly Double click on page if necessary

Actual Results:
Flash player crashes. See attached screenshot

Expected Results:
No crash
Firefox50.0 32bit w/ e10s is also affected.
Attached image Settings narrator 

    
  
Summary: Flash player crashes on 51.0b2 32bitwith e10s when  Windows10 Narrator is activated → [e10s a11y] Flash player crashes on 51.0b2 32bitwith e10s when  Windows10 Narrator is activated

    
    

    
  
also affected to:
Firefox50.0 crashes without e10s.
Firefox51.0b3 crashes without e10s.
Aurora52.0a2 crashes without e10s & dom.ipc.plugins.asyncdrawing.enabled=false.
Nightly53.0a1 crashes without e10s & dom.ipc.plugins.asyncdrawing.enabled=false & security.sandbox.content.level=1.

#2 Steps To Reproduce:
1. Activate Narrator
   (Win+U then turn on)
2. Start Firefox51.0b2 without e10s
3. Open http://emk.name/test/swftxt.html
   --- sometimes flash plugin crashes
4. Open http://emk.name/test/swftxt.html in a new tab
   --- sometimes flash plugin crashes
Summary: [e10s a11y] Flash player crashes on 51.0b2 32bitwith e10s when  Windows10 Narrator is activated → [a11y] Flash player crashes on 51.0b2 32bitwith e10s when  Windows10 Narrator is activated

    
    

    
  
Seems that this is not e10s-specific but is a stack overflow, but related to a11y:

19 	xul.dll 	NeuteredWindowProc(HWND__*, unsigned int, unsigned int, long) 	ipc/glue/WindowsMessageLoop.cpp:458
Ø 20 	user32.dll 	user32.dll@0x2d2b2 	
Ø 21 	user32.dll 	user32.dll@0xe889 	
Ø 22 	user32.dll 	user32.dll@0xdf16 	
23 	xul.dll 	`anonymous namespace'::ProcessOrDeferMessage 	ipc/glue/WindowsMessageLoop.cpp:404
24 	xul.dll 	NeuteredWindowProc(HWND__*, unsigned int, unsigned int, long)

ad infinitum.

Jim, this seems like it's not an Adobe bug but ours. Alice, does this have a recent-ish (after FF42 or so) Firefox regression range, if you keep the Flash version consistent?
Flags: needinfo?(jmathies)
Flags: needinfo?(alice0775)

    
  
Flags: needinfo?(jmathies)

    
    

    
  
At least Firefox38.8ESR, Firefox45.5ESR, Firefox47.0.2, 48.0.0, 49.0.2 crashes.
(I am not sure but it seems a timing out related to Bug 732872.)
Flags: needinfo?(alice0775)

    
    

    
  
Ah, Window neutering, we meet again.
Assignee: nobody → aklotz

    
    

    
  
This is quite likely caused by the same problem as bug 1319640. Once that lands we should retest this.

    
    

    
  
Alice, are you still seeing this after bug 1319640 landed?
Flags: needinfo?(alice0775)

    
    

    
  
Tab crashes on latest Nightly.
bp-539f1a86-9fad-4fb5-9f1b-b28422161207
bp-63e64e04-8d33-47b4-8e78-e3a012161207

[1]https://hg.mozilla.org/mozilla-central/rev/8103c612b79c2587ea4ca1b0a9f9f82db4b185b8
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0 ID:20161206030203
Flags: needinfo?(alice0775)

    
    

    
  

      
      
      
      

        Attached patch
          
          
        PatchSplinter Review
      

    


  
In the e10s case, we'll return IPC_OK() and the native accessible will be nullptr. In the non-e10s case, we make sure that mHwnd is either the "real" plugin HWND or null, which we correctly handle.

        Attachment #8817209 -
        Flags: review?(tbsaunde+mozbugs)

        Attachment #8817209 -
        Flags: review?(tbsaunde+mozbugs) → review+

    
    

    
  
https://hg.mozilla.org/integration/mozilla-inbound/rev/653e7327b3f835cdc42de5632f8831f1616fcddc
Bug 1320192: Ensure that we return a null native accessible if GetWindow(GW_CHILD) on a windowed plugin fails; r=tbsaunde

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/653e7327b3f8
Status: NEW → RESOLVED
Closed: 6 years ago

          status-firefox53:
          affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla53

    
    

    
  
Comment on attachment 8817209 [details] [diff] [review]
Patch

Approval Request Comment
[Feature/Bug causing the regression]: a11y on windows with plugins (both e10s and non-e10s)
[User impact if declined]: Crashes
[Is this code covered by automated tests?]: No
[Has the fix been verified in Nightly?]: Yes
[Needs manual test from QE? If yes, steps to reproduce]: No
[List of other uplifts needed for the feature/fix]: None
[Is the change risky?]: No
[Why is the change risky/not risky?]: Trivial patch
[String changes made/needed]: None

        Attachment #8817209 -
        Flags: approval-mozilla-aurora?

    
    

    
  
Comment on attachment 8817209 [details] [diff] [review]
Patch

a11y/windows/plugin fix for aurora52

        Attachment #8817209 -
        Flags: approval-mozilla-aurora? → approval-mozilla-aurora+

    
    

    
  
need rebasing for aurora
Flags: needinfo?(aklotz)
Component: Plug-ins → Disability Access APIs

    
    

    
  
We should be verifying this on 52 Beta.
Flags: qe-verify+

    
    

    
  
I was able to crash Firefox 51.0.1 using the steps from comment 0 on Windows 10 32bit. 
bp-62608a07-b4cd-4c0c-bce8-587ff2170210
bp-d891970e-14c0-4fdb-ad61-94e5a2170210

I was NOT able to crash Firefox 52 beta 5 on the same platform, so I'm gonna mark as verified on 52.

          status-firefox52:
          fixedverified

    
    

    
  
Removing the qe-verify flag since this has been confirmed fixed on Fx52 (see Comment 19), which has now been released.
Flags: qe-verify+

          You need to log in
          before you can comment on or make changes to this bug.