Closed Bug 377376 Opened 18 years ago Closed 18 years ago

Segmentation fault when opening large folder and ATK accessibility is enabled

Categories

(Thunderbird :: General, defect)

Product:
Thunderbird
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: stransky, Assigned: mscott)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.8.0.10) Gecko/20070301 Fedora/1.0.8-0.6.2.fc6 pango-text SeaMonkey/1.0.8 Build Identifier: Fedora 6, all updates, i386, Thunderbird version 1.5.0.10 (20070302) Thunderbird (version 1.5.0.10 (20070302)), Fedora 6/7 Thunderbird crashes when ATK accessibility is enabled, in nsXULTreeAccessible component (nsXULTreeitemAccessible::GetNextSibling). GTK calls "atk_object_get_index_in_parent" for an AtkObject and tries to determine a position of a given AtkObject in a stream of a child which belongs to a superrior object. Then it's called (via. nsAccessibleWrap) nsAccessible::GetIndexInParent. GetIndexInParent goes through all siblings of the superrior object (via. GetNextSibling) and adds those siblings to Accessibility Cache (via. nsIAccessibleTreeCache::GetCachedTreeitemAccessible). And that's where the problem is. Every single sibling stored in Accessibility Cache (when it's created and moved to cache) holds a reference to the superrior object. Number of those siblings is quite large (~30 000 and more, 7-8 for any mail stored in a mail folder) so the short int mRefCnt can overflow to negative range and the parent object holds a wrong ref. count. Some bactraces are at https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228281 Reproducible: Always Steps to Reproduce: 1. Enable Accessiblity in GTK 2. Run thunderbird 3. click to any folder with ~4000 mails or 1. Enable Accessiblity in GTK 2. Run thunderbird 3. Enable Accessiblity in GTK 4. Disable Accessiblity in GTK 5. Switch back to thunderbird and click to any folder with ~4000 mails Actual Results: Thunderbird crashes (mRefCnt is negative) Expected Results: Thunderbird don't crash
I'm sorry, the former steps should be: 1. Enable Accessiblity in GTK 2. Run thunderbird 3. Disable Accessiblity in GTK 4. Enable Accessiblity in GTK 5. Switch back to thunderbird and click to any folder with ~4000 mails
fixed in thunderbird-2.0.0.0 rc1
->WFM per comment 2
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.