Infinite loop caused by the way we expose native objects as IAccessibles

RESOLVED FIXED

Status

()

Core
Disability Access APIs
--
critical
RESOLVED FIXED
13 years ago
13 years ago

People

(Reporter: Aaron Leventhal, Assigned: Aaron Leventhal)

Tracking

({access, crash, sec508})

Trunk
x86
Windows XP
access, crash, sec508
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Assignee)

Description

13 years ago
Steps:
Load testcase
Load accessible explorer for MSAA SDK
Trag target over plugin
Infinite loop in tool

Same bug causes Firefox to crash via stack overflow when used with a screen reader.
(Assignee)

Comment 1

13 years ago
*** Bug 287978 has been marked as a duplicate of this bug. ***
(Assignee)

Comment 2

13 years ago
Created attachment 178761 [details]
Simple markup to cause crash: <embed type="application/x-mplayer2">
(Assignee)

Comment 3

13 years ago
Created attachment 178763 [details] [diff] [review]
1) The child of the Mozilla plugin window container is the window owning the plugin, 2) Null plugins are no longer native objects, and this solves the infinite loop in a more generic way anyway
Attachment #178763 - Flags: review?(timeless)
(Assignee)

Updated

13 years ago
Severity: normal → critical

Comment 4

13 years ago
does this still support the null plugin? it's still used by some platforms....
(Assignee)

Comment 5

13 years ago
This does support the null plugin, but it's a better fix for the original
problem of infinite loops. The new fix takes care of the infinite loops for all
plugins.
(Assignee)

Comment 6

13 years ago
Timeless, see comment 5

Updated

13 years ago
Attachment #178763 - Flags: review?(timeless) → review+
(Assignee)

Updated

13 years ago
Attachment #178763 - Flags: superreview?(jst)
Comment on attachment 178763 [details] [diff] [review]
1) The child of the Mozilla plugin window container is the window owning the plugin, 2) Null plugins are no longer native objects, and this solves the infinite loop in a more generic way anyway

sr=jst
Attachment #178763 - Flags: superreview?(jst) → superreview+
(Assignee)

Comment 8

13 years ago
Checking in accessible/src/msaa/nsAccessibleWrap.cpp;
/cvsroot/mozilla/accessible/src/msaa/nsAccessibleWrap.cpp,v  <-- 
nsAccessibleWrap.cpp
new revision: 1.23; previous revision: 1.22
done
Checking in accessible/src/msaa/nsHTMLWin32ObjectAccessible.cpp;
/cvsroot/mozilla/accessible/src/msaa/nsHTMLWin32ObjectAccessible.cpp,v  <-- 
nsHTMLWin32ObjectAccessible.cpp
new revision: 1.4; previous revision: 1.3
done
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.