Closed
Bug 1394659
Opened 7 years ago
Closed 1 year ago
Full UIA traversals during AT DLL virtual buffer traversals
Categories
(Core :: Disability Access APIs, defect, P3)
Tracking
()
People
(Reporter: bugzilla, Unassigned)
References
Details
(Whiteboard: aes+)
Attachments
(1 file)
2.38 KB,
patch
|
Details | Diff | Splinter Review |
The touch blocking stuff doesn't kick in once a11y is turned on, so this gets through. Some ideas: * Block tiptsf even when a11y is turned on; * Somehow detect reentry by UIA; * If UIA is disabled, somehow stop its traversal; * Try augmenting the main thread message filter to see if we can make it delay the UIA stuff until after the AT is done (via COM causality ID) Provided that it works, the first option is probably the easiest.
Updated•7 years ago
|
Priority: -- → P1
Updated•7 years ago
|
Comment 1•7 years ago
|
||
I can't remember next steps here. Are we targeting 59?
Flags: needinfo?(aklotz)
Reporter | ||
Comment 2•7 years ago
|
||
TL;DR we need to reproduce again and then debug. Effectively targeting 59, though if we can crack this early in the cycle we could probably (and ideally should) uplift. I haven't been able to reproduce using NVDA (but that doesn't mean that there isn't a problem there, of course). Profiling with JAWS on the World War I Wikipedia page can generate this issue. Once we know the call stack that triggers it, we can then repro with some breakpoints set and see what we can do from there. I've set up my Surface Book to attempt another repro. We'll see what I can find...
Flags: needinfo?(aklotz)
Reporter | ||
Comment 3•7 years ago
|
||
I managed to get another repro. UIA traversals are being triggered by a CallWndProc hook that looks for a registered window message named "HOOKUTIL_MSG". In this particular case, the lParam was 92 and the wParam was 0x751b. Not sure how consistent that is. The relevant frames of the call stack are: 13 OLEAUT32!IEnumVARIANT_Next_Proxy+0x37 14 OLEACC!AccWrap_Base::Next+0x1d52 15 UIAutomationCore!MsaaProxy::GetNextOrPrevSibling+0x2bc 16 UIAutomationCore!MsaaProxy::Navigate+0x5f4 17 UIAutomationCore!InProcClientAPIStub::UiaNodeTraverser_NavigateProvider+0xf9 18 UIAutomationCore!InProcClientAPIStub::InvokeInProcAPI+0x41c 19 UIAutomationCore!UiaNodeTraverser::GetNextSibling+0x148 1a UIAutomationCore!UiaNodeTraverser::Traverse+0x583 1b UIAutomationCore!InProcClientAPIStub::UiaNode_Find+0xc6 1c UIAutomationCore!InProcClientAPIStub::InvokeInProcAPI+0x27b 1d UIAutomationCore!UiaNode::CrossProcess_Find+0x8b 1e UIAutomationCore!RemoteUiaNodeStub::Incoming_Find+0x131 1f UIAutomationCore!InvokeOnCorrectContext_Callback+0x2f5 20 UIAutomationCore!ComInvoker::CallTarget+0x1d2 21 UIAutomationCore!ProcessIncomingRequest+0x1db 22 UIAutomationCore!HookBasedServerConnectionManager::HookCallback+0x155 23 UIAutomationCore!HookUtil<&HookBasedClientConnection::HookCallback,0>::CallOut+0x17 24 UIAutomationCore!HandleHookMessage+0x2a1 25 UIAutomationCore!HookUtil<&HookBasedClientConnection::HookCallback,0>::CallWndProc+0x37 26 user32!fnHkINLPCWPSTRUCTW+0xce 27 user32!_fnDWORD+0x33 28 ntdll!KiUserCallbackDispatcherContinue 29 win32u!NtUserPeekMessage+0x14 2a user32!PeekMessageW+0x88 2b MSCTF!CThreadInputMgr::PeekMessageW+0x97 2c xul!mozilla::widget::WinUtils::PeekMessageW+0x45 2d xul!nsAppShell::ProcessNextNativeEvent+0xe6 2e xul!nsBaseAppShell::DoProcessNextNativeEvent+0x24 2f xul!nsBaseAppShell::OnProcessNextEvent+0x199 30 xul!nsThread::ProcessNextEvent+0x147 31 xul!NS_ProcessNextEvent+0x37 32 xul!mozilla::ipc::MessagePump::Run+0xcb 33 xul!MessageLoop::Run+0x4b 34 xul!nsBaseAppShell::Run+0x38 35 xul!nsAppShell::Run+0x24 36 xul!nsAppStartup::Run+0x23 37 xul!XREMain::XRE_mainRun+0xbad 38 xul!XREMain::XRE_main+0x58d 39 xul!XRE_main+0xe5 3a firefox!do_main+0x20e 3b firefox!NS_internal_main+0x142 3c firefox!wmain+0x172 3d firefox!invoke_main+0x22 3e firefox!__scrt_common_main_seh+0x11d 3f KERNEL32!BaseThreadInitThunk+0x14 40 ntdll!RtlUserThreadStart+0x21
Summary: tiptsf is triggering full UIA traversals during AT DLL virtual buffer traversals → Full UIA traversals during AT DLL virtual buffer traversals
Reporter | ||
Comment 4•7 years ago
|
||
Comment 5•6 years ago
|
||
https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Release_Cycle_Queries_and_Activities Move optional bugs to next release
status-firefox59:
--- → ?
Updated•2 years ago
|
Severity: normal → S3
Comment 7•1 year ago
|
||
This should no longer be a problem with Cache the World, which is enabled by default in Firefox 113.
Status: NEW → RESOLVED
Closed: 1 year ago
status-firefox113:
--- → fixed
status-firefox114:
--- → fixed
status-firefox115:
--- → fixed
Resolution: --- → FIXED
Updated•11 months ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•