Closed
Bug 363849
Opened 18 years ago
Closed 17 years ago
Stack overflow in nsHTMLComboboxAccessible::GetDescription()
Categories
(Core :: Disability Access APIs, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: aaronlev, Assigned: aaronlev)
References
Details
(4 keywords, Whiteboard: [needs testcase] Has been baking on trunk via fix bug 278034)
Attachments
(1 file)
1.97 KB,
patch
|
neil
:
review+
neil
:
superreview+
dveditz
:
approval1.8.1.2+
dveditz
:
approval1.8.0.10+
|
Details | Diff | Splinter Review |
This is causing stack overflows in assistive technologies. The problem exists in the following code: http://lxr.mozilla.org/seamonkey/source/accessible/src/html/nsHTMLSelectAccessible.cpp#898 What Mozila does for a combobox or list description is forward the description for the current "focused option node". We use that awful hack for descriptions on option nodes, where we provide positional info like "3 of 5". So the idea is that the description for the combo box would be "3 of 5" if the currently focused option would be item #3 of #5. Unfortunately the code that returns the current option can fallback on returning the original combo box or list node itself, in which case when we try to forward the description from that we end up in an infinite loop. The fallback is probably happening whenever a combobox is closed.
Comment 1•18 years ago
|
||
how to reproduce this?
Assignee | ||
Comment 2•18 years ago
|
||
This was reported by Freedom Scientific and JAWS users. They said that getting the description from a combo box or listbox would reproduce it. After looking at the code, I think it's an obvious problem, but I haven't spent the time to try and duplicate the error condition.
Assignee | ||
Updated•17 years ago
|
Assignee | ||
Comment 3•17 years ago
|
||
Fixed via checkin to bug 278034.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 4•17 years ago
|
||
Attachment #251562 -
Flags: superreview?(neil)
Attachment #251562 -
Flags: review?(neil)
Assignee | ||
Updated•17 years ago
|
Flags: blocking1.8.1.2?
Flags: blocking1.8.0.10?
Whiteboard: Has been baking on trunk via fix bug 278034
Version: Trunk → 1.8 Branch
Assignee | ||
Comment 5•17 years ago
|
||
Same patch applies 1.8.0 and 1.8 branches.
Comment 6•17 years ago
|
||
Comment on attachment 251562 [details] [diff] [review] The part of the fix from bug 278034 that addresses this crash sr=me for branch port.
Attachment #251562 -
Flags: superreview?(neil)
Attachment #251562 -
Flags: superreview+
Attachment #251562 -
Flags: review?(neil)
Attachment #251562 -
Flags: review+
Assignee | ||
Updated•17 years ago
|
Attachment #251562 -
Flags: approval1.8.1.2?
Attachment #251562 -
Flags: approval1.8.0.10?
Updated•17 years ago
|
Flags: blocking1.8.1.2?
Flags: blocking1.8.1.2-
Flags: blocking1.8.0.10?
Flags: blocking1.8.0.10-
Comment 7•17 years ago
|
||
Comment on attachment 251562 [details] [diff] [review] The part of the fix from bug 278034 that addresses this crash approved for 1.8/1.8.0 branches, a=dveditz for drivers Please land ASAP, we'll remove the approval after the code freeze as this is not a blocking bug.
Attachment #251562 -
Flags: approval1.8.1.2?
Attachment #251562 -
Flags: approval1.8.1.2+
Attachment #251562 -
Flags: approval1.8.0.10?
Attachment #251562 -
Flags: approval1.8.0.10+
Assignee | ||
Updated•17 years ago
|
Keywords: fixed1.8,
fixed1.8.1
Assignee | ||
Updated•17 years ago
|
Updated•17 years ago
|
Whiteboard: Has been baking on trunk via fix bug 278034 → [needs testcase] Has been baking on trunk via fix bug 278034
You need to log in
before you can comment on or make changes to this bug.
Description
•