The default bug view has changed. See this FAQ.

AT-SPI Collection Interface crashes Firefox

RESOLVED INVALID

Status

()

Core
Disability Access APIs
--
critical
RESOLVED INVALID
9 years ago
9 years ago

People

(Reporter: Scott Haeger, Assigned: Ginn Chen)

Tracking

({access})

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

9 years ago
A second call to Collection.freeMatchRule() crashes Firefox.  Firefox definitely should not crash, but I am wondering if work needs to be done in the Collection module.

Crash reports:
http://crash-stats.mozilla.com/report/index/6719be7d-d3fb-11dc-bebb-001a4bd43e5c
http://crash-stats.mozilla.com/report/index/0d80a29c-d3f9-11dc-88c5-001a4bd46e84
http://crash-stats.mozilla.com/report/index/c5ef9bcc-d3f8-11dc-8f4f-001a4bd43ef6

To reproduce:
You will need the latest version of at-spi and this patch http://bugzilla.gnome.org/attachment.cgi?id=104394.  
Build instrucions: http://live.gnome.org/Orca/Collection#head-3ae090ec1b4f2105a5cf063646ca711109147e14

Once you have logged out or restarted at-spi, use an up to date version of Orca and do a page summary command twice.  The command for a page summary is Orca+(double-click)enter, where enter is pressed twice and Orca=Insert(desktop key binding) or CapsLock(laptop key binding).  In addition, I will post a small Python test script that should illustrate the problem.

Comment 1

9 years ago
I have no idea. It's crashing in libc somewhere.
Assignee: aaronleventhal → ginn.chen

Updated

9 years ago
Blocks: 396346
Severity: normal → critical
Keywords: access
(Reporter)

Comment 2

9 years ago
Created attachment 301506 [details]
test script to demonstrate crash

Look at the last 'for' loop on the script to tweak the test.  Removing the freeMatchRule() fixes the crash (but probably bleeds memory on my end).
(Assignee)

Comment 3

9 years ago
It is either a bug of at-spi or your script.
I'll ask Li Yuan tomorrow.

Not a bug of Firefox, so close.
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → INVALID

Comment 4

9 years ago
Ginn, why would it crash Firefox?
(Reporter)

Comment 5

9 years ago
Firefox should be bullet proof and be able to handle any errant communication sent to it.  No client should ever be able to take down a server.

Comment 6

9 years ago
I agree with Scott.
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
(Assignee)

Comment 7

9 years ago
Sorry, I was wrong about thinking it could be a bug of the script.
It's a bug of libspi library.

firefox loads libatk-bridge.so, which uses libspi.so.
It runs in firefox process to deal with CORBA requests.
If there's something wrong in libspi.so, firefox will crash.
Firefox can do nothing to avoid it.

I posted my comments and a patch at
http://bugzilla.gnome.org/show_bug.cgi?id=326516
Status: REOPENED → RESOLVED
Last Resolved: 9 years ago9 years ago
Resolution: --- → INVALID
(Reporter)

Comment 8

9 years ago
Thanks for clarifying the problem and all your hard work.  I'll verify the collection patch today.
You need to log in before you can comment on or make changes to this bug.