Closed
Bug 1348028
Opened 7 years ago
Closed 7 years ago
Implement fuzzPriv.enableAccessibility() in FuzzingFunctions
Categories
(Core :: DOM: Core & HTML, enhancement, P3)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla59
| Tracking | Status | |
|---|---|---|
| firefox59 | --- | fixed |
People
(Reporter: mccr8, Assigned: truber)
References
(Blocks 1 open bug)
Details
Attachments
(1 file, 1 obsolete file)
|
2.57 KB,
patch
|
truber
:
review+
|
Details | Diff | Splinter Review |
No description provided.
|
||
Updated•7 years ago
|
Priority: -- → P3
|
Assignee | |
Comment 1•7 years ago
|
||
The fuzzPriv implementation is here for reference: https://github.com/MozillaSecurity/domfuzz/blob/master/dom/extension/components/domfuzzhelperobserver.js#L116 I've verified that this flips "Accessibility / Activated: true" in about:support.
Attachment #8929633 -
Flags: review?(bugs)
|
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → jschwartzentruber
Status: NEW → ASSIGNED
|
||
Comment 2•7 years ago
|
||
Comment on attachment 8929633 [details] [diff] [review] bug1238028.patch + if (rv != NS_OK) { is not the way to check return values. if (NS_FAILED(rv)) { aRv.Throw(rv); } r+ for the .webidl, but I'd prefer if surkov said whether just accessing the service is enough.
Attachment #8929633 -
Flags: review?(surkov.alexander)
Attachment #8929633 -
Flags: review?(bugs)
Attachment #8929633 -
Flags: review+
|
||
Comment 3•7 years ago
|
||
Comment on attachment 8929633 [details] [diff] [review] bug1238028.patch Review of attachment 8929633 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/base/FuzzingFunctions.cpp @@ +34,5 @@ > +{ > + RefPtr<nsIAccessibilityService> a11y; > + nsresult rv; > + > + rv = NS_GetAccessibilityService(getter_AddRefs(a11y)); It probably won't last long. I suppose the a11y will get shutdown as soon as all a11y objects, you requested after, are garbage collected, so that's probably the way for intermittent failures if you don't have a global variable to keep a11y alive.
Attachment #8929633 -
Flags: review?(surkov.alexander) → review+
|
|
||
Comment 4•7 years ago
|
||
cc'ing Yura as he's author of most of the a11y shutdown code.
Flags: needinfo?(yzenevich)
|
||
Comment 5•7 years ago
|
||
Yes, if accessibility is enabled like that, it will be disabled after garbage collection if there are no references to the accessibility service or accessible objects that it creates. The consequences depend on when/if you force garbage collection, if that happens between tests and if accessibility is intended to persist between tests.
Flags: needinfo?(yzenevich)
|
|
Assignee | |
Comment 6•7 years ago
|
||
Thanks! I talked to eeejay and yzen about optionally keeping a global reference to the service, and about force-disabling accessibility in the future. For now I'm matching the old behaviour since it has found bugs and we can set `GNOME_ACCESSIBILITY=1` for enabling it persistently while fuzzing on Linux. We typically force garbage collection before closing the test tab, each fuzzed testcase gets a new tab, and we're randomly forcing garbage collection during the test too.
|
|
||
Comment 7•7 years ago
|
||
(In reply to Jesse Schwartzentruber (:truber) from comment #6) > Thanks! I talked to eeejay and yzen about optionally keeping a global > reference to the service, and about force-disabling accessibility in the > future. It probably make sense then to return an a11y service object from enableAccessibility(), so the script may control a life cycle of a11y. Another option, if you want to keep a11y on as long as you want, then you could add a new a11y consumer nsAccessibilityService::ServiceConsumer, for example, eFuzz and then do GetOrCreateAccessible(aFuzz). You'd have release it though when you don't longer need it.
|
|
Assignee | |
Comment 8•7 years ago
|
||
Update to use NS_FAILED.
Attachment #8929633 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 9•7 years ago
|
||
(In reply to alexander :surkov from comment #7) > It probably make sense then to return an a11y service object from > enableAccessibility(), so the script may control a life cycle of a11y. Yeah, this sounds like an easy way of controlling lifetime from within the script. For now, enabling temporarily until GC will behave like the XUL add-on this is replacing.
Keywords: checkin-needed
|
|
Assignee | |
Comment 10•7 years ago
|
||
Comment on attachment 8930168 [details] [diff] [review] bug1238028v2.patch Carrying r+ from previous with Comment 2 updated.
Attachment #8930168 -
Flags: review+
|
||
Comment 11•7 years ago
|
||
Pushed by rgurzau@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/efdeb2172fe4 Implement fuzzPriv.enableAccessibility() in FuzzingFunctions r=smaug,surkov
Keywords: checkin-needed
|
||
Comment 12•7 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/efdeb2172fe4
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox59:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•