Closed Bug 1423999 Opened 7 years ago Closed 7 years ago

Improved UIA detection

Categories

(Core :: Disability Access APIs, enhancement)

Product:
Core
Component:
Disability Access APIs
Platform:
Unspecified
Windows
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla59
Tracking Flags:
Tracking Status
firefox59 --- fixed

People

(Reporter: bugzilla, Assigned: bugzilla)

References

Details

Attachments

(1 file, 4 obsolete files)

Detect all the things (r4)
22.55 KB, patch
bugzilla
: review+
Details | Diff | Splinter Review
In https://bugzilla.mozilla.org/show_bug.cgi?id=1419886#c8 I speculated about being able to overcome the uiAccess permission by comparing the value of the kernel object. A first cut of that patch ran in 15ms which is a new record.
Comment on attachment 8935485 [details] [diff] [review] 2-pass approach using object pointer that eliminates handle duplication Canceling review. More thought needs to go into this.
Attachment #8935485 - Flags: review?(jteh)
Attached patch Detect all the things (obsolete) — Splinter Review
This patch works and also fixes those PGO crashes. In the comments I allude to a WOW64 quirk. More info can be found here: http://blog.rewolf.pl/blog/?p=1273
Attachment #8935485 - Attachment is obsolete: true
Attachment #8938063 - Flags: review?(jteh)
Attached patch Detect all the things (r2) (obsolete) — Splinter Review
This one actually builds ;-)
Attachment #8938063 - Attachment is obsolete: true
Attachment #8938063 - Flags: review?(jteh)
Attachment #8938072 - Flags: review?(jteh)
Comment on attachment 8938072 [details] [diff] [review] Detect all the things (r2) Review of attachment 8938072 [details] [diff] [review]: ----------------------------------------------------------------- Nice! ::: accessible/windows/msaa/CompatibilityUIA.cpp @@ +97,5 @@ > + return false; > + } > +#else > + if (ntStatus == STATUS_BUFFER_TOO_SMALL) { > + // This case only occurs on 32-bit builds running atop WOW64. 1. I think it might be good to include a comment with the URL of the article about this which you linked in the bug. People could just look at the bug I guess, but because this is a bit obscure, it might be good to have the URL close at hand; I certainly don't think it does any harm. 2. How could this actually occur in our case? The article seems to suggest STATUS_BUFFER_TOO_SMALL only happens with WoW64 if the buffer was too small to fit even one structure: if ( !_number_of_32bit_structs ) { WriteReturnLengthSilent(returnLength, _required_length); return STATUS_BUFFER_TOO_SMALL; } In our case, we always start with a buffer big enough for 1024 structures, so we shouldn't hit this. Am I missing something? @@ +236,2 @@ > ULONG objTypeBufLen; > + ntStatus = NtQueryObject(handle, ObjectTypeInformation, nit: Should this be :: prefixed (::NtQueryObject)? I'm not sure what the policy on this is, but I notice you do ::NtQuerySystemInformation earlier. Same question for other Nt* calls later. ::: widget/windows/nsAppShell.cpp @@ +189,5 @@ > Maybe<bool> shouldCallNextHook = > a11y::Compatibility::OnUIAMessage(cwp->wParam, cwp->lParam); > + if (shouldCallNextHook.isSome()) { > + // We've got an instantiator, disconnect this hook. > + if (::UnhookWindowsHookEx(gUiaHook)) { 1. Was this stuff meant to be included in this patch? I don't really mind, but it seems somewhat separate from the handle duplication elimination (and might need review from someone else as well). 2. We don't try to run the UIA detection once kMaxUiaAttempts has been reached. However, if I'm reading this correctly, we don't remove the hook in that case; we only remove the hook on a successful detection. Sure, it doesn't do much if we reached kMaxUiaAttempts, but should we still remove it anyway so we don't have a pointless hook hanging around?
Attachment #8938072 - Flags: review?(jteh) → review+
(In reply to James Teh [:Jamie] from comment #7) > Comment on attachment 8938072 [details] [diff] [review] > Detect all the things (r2) > > Review of attachment 8938072 [details] [diff] [review]: > ----------------------------------------------------------------- > > Nice! > > ::: accessible/windows/msaa/CompatibilityUIA.cpp > @@ +97,5 @@ > > + return false; > > + } > > +#else > > + if (ntStatus == STATUS_BUFFER_TOO_SMALL) { > > + // This case only occurs on 32-bit builds running atop WOW64. > > 1. I think it might be good to include a comment with the URL of the article > about this which you linked in the bug. People could just look at the bug I > guess, but because this is a bit obscure, it might be good to have the URL > close at hand; I certainly don't think it does any harm. As a point of style, I don't think we like to link directly to external websites in our code, however I did link to the comment in this bug. > > 2. How could this actually occur in our case? The article seems to suggest > STATUS_BUFFER_TOO_SMALL only happens with WoW64 if the buffer was too small > to fit even one structure: > > if ( !_number_of_32bit_structs ) > { > WriteReturnLengthSilent(returnLength, _required_length); > return STATUS_BUFFER_TOO_SMALL; > } > > In our case, we always start with a buffer big enough for 1024 structures, > so we shouldn't hit this. Am I missing something? My understanding is that the single structure case is the native case; under WOW64 it expects enough space for the entire list. > > @@ +236,2 @@ > > ULONG objTypeBufLen; > > + ntStatus = NtQueryObject(handle, ObjectTypeInformation, > > nit: Should this be :: prefixed (::NtQueryObject)? I'm not sure what the > policy on this is, but I notice you do ::NtQuerySystemInformation earlier. > Same question for other Nt* calls later. Ah, yes. This isn't a formal part of our style guide, it is more of a personal preference that I use. But yes, I should be consistent. > > ::: widget/windows/nsAppShell.cpp > @@ +189,5 @@ > > Maybe<bool> shouldCallNextHook = > > a11y::Compatibility::OnUIAMessage(cwp->wParam, cwp->lParam); > > + if (shouldCallNextHook.isSome()) { > > + // We've got an instantiator, disconnect this hook. > > + if (::UnhookWindowsHookEx(gUiaHook)) { > > 1. Was this stuff meant to be included in this patch? I don't really mind, > but it seems somewhat separate from the handle duplication elimination (and > might need review from someone else as well). Yeah, I intentionally included this here. I felt that it was safe for you to review it. If not, I'm sure the Win32 widget owner (jimm) will let me know after the fact. ;-) > > 2. We don't try to run the UIA detection once kMaxUiaAttempts has been > reached. However, if I'm reading this correctly, we don't remove the hook in > that case; we only remove the hook on a successful detection. Sure, it > doesn't do much if we reached kMaxUiaAttempts, but should we still remove it > anyway so we don't have a pointless hook hanging around? Good point. I fixed that.
Attached patch Detect all the things (r3) (obsolete) — Splinter Review
Attachment #8938072 - Attachment is obsolete: true
Attachment #8940803 - Flags: review+
Attachment #8940803 - Attachment is obsolete: true
Attachment #8940818 - Flags: review+
https://hg.mozilla.org/mozilla-central/rev/284f27f2bb61
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox59: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
Blocks: 1838123
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: