Last Comment Bug 415776 - AT-SPI Collection Interface crashes Firefox
: AT-SPI Collection Interface crashes Firefox
Status: RESOLVED INVALID
: access
Product: Core
Classification: Components
Component: Disability Access APIs (show other bugs)
: unspecified
: x86 Linux
: -- critical (vote)
: ---
Assigned To: Ginn Chen
:
:
Mentors:
Depends on:
Blocks: fox3access
  Show dependency treegraph
 
Reported: 2008-02-05 07:41 PST by Scott Haeger
Modified: 2008-02-15 05:50 PST (History)
2 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
test script to demonstrate crash (1.95 KB, text/plain)
2008-02-05 08:01 PST, Scott Haeger
no flags Details

Description Scott Haeger 2008-02-05 07:41:05 PST
A second call to Collection.freeMatchRule() crashes Firefox.  Firefox definitely should not crash, but I am wondering if work needs to be done in the Collection module.

Crash reports:
http://crash-stats.mozilla.com/report/index/6719be7d-d3fb-11dc-bebb-001a4bd43e5c
http://crash-stats.mozilla.com/report/index/0d80a29c-d3f9-11dc-88c5-001a4bd46e84
http://crash-stats.mozilla.com/report/index/c5ef9bcc-d3f8-11dc-8f4f-001a4bd43ef6

To reproduce:
You will need the latest version of at-spi and this patch http://bugzilla.gnome.org/attachment.cgi?id=104394.  
Build instrucions: http://live.gnome.org/Orca/Collection#head-3ae090ec1b4f2105a5cf063646ca711109147e14

Once you have logged out or restarted at-spi, use an up to date version of Orca and do a page summary command twice.  The command for a page summary is Orca+(double-click)enter, where enter is pressed twice and Orca=Insert(desktop key binding) or CapsLock(laptop key binding).  In addition, I will post a small Python test script that should illustrate the problem.
Comment 1 Aaron Leventhal 2008-02-05 07:51:30 PST
I have no idea. It's crashing in libc somewhere.
Comment 2 Scott Haeger 2008-02-05 08:01:50 PST
Created attachment 301506 [details]
test script to demonstrate crash

Look at the last 'for' loop on the script to tweak the test.  Removing the freeMatchRule() fixes the crash (but probably bleeds memory on my end).
Comment 3 Ginn Chen 2008-02-14 03:08:10 PST
It is either a bug of at-spi or your script.
I'll ask Li Yuan tomorrow.

Not a bug of Firefox, so close.
Comment 4 Aaron Leventhal 2008-02-14 05:39:15 PST
Ginn, why would it crash Firefox?
Comment 5 Scott Haeger 2008-02-14 06:28:59 PST
Firefox should be bullet proof and be able to handle any errant communication sent to it.  No client should ever be able to take down a server.
Comment 6 Aaron Leventhal 2008-02-14 08:13:04 PST
I agree with Scott.
Comment 7 Ginn Chen 2008-02-14 23:40:55 PST
Sorry, I was wrong about thinking it could be a bug of the script.
It's a bug of libspi library.

firefox loads libatk-bridge.so, which uses libspi.so.
It runs in firefox process to deal with CORBA requests.
If there's something wrong in libspi.so, firefox will crash.
Firefox can do nothing to avoid it.

I posted my comments and a patch at
http://bugzilla.gnome.org/show_bug.cgi?id=326516
Comment 8 Scott Haeger 2008-02-15 05:50:06 PST
Thanks for clarifying the problem and all your hard work.  I'll verify the collection patch today.

Note You need to log in before you can comment on or make changes to this bug.