As a security precaution, we have turned on the setting "Require API key authentication for API requests" for everyone. If this has broken something, please contact bugzilla-admin@mozilla.org
Last Comment Bug 415776 - AT-SPI Collection Interface crashes Firefox
: AT-SPI Collection Interface crashes Firefox
Status: RESOLVED INVALID
: access
Product: Core
Classification: Components
Component: Disability Access APIs (show other bugs)
: unspecified
: x86 Linux
: -- critical (vote)
: ---
Assigned To: Ginn Chen
:
: alexander :surkov
Mentors:
Depends on:
Blocks: fox3access
  Show dependency treegraph
 
Reported: 2008-02-05 07:41 PST by Scott Haeger
Modified: 2008-02-15 05:50 PST (History)
2 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
test script to demonstrate crash (1.95 KB, text/plain)
2008-02-05 08:01 PST, Scott Haeger
no flags Details

Description User image Scott Haeger 2008-02-05 07:41:05 PST
A second call to Collection.freeMatchRule() crashes Firefox.  Firefox definitely should not crash, but I am wondering if work needs to be done in the Collection module.

Crash reports:
http://crash-stats.mozilla.com/report/index/6719be7d-d3fb-11dc-bebb-001a4bd43e5c
http://crash-stats.mozilla.com/report/index/0d80a29c-d3f9-11dc-88c5-001a4bd46e84
http://crash-stats.mozilla.com/report/index/c5ef9bcc-d3f8-11dc-8f4f-001a4bd43ef6

To reproduce:
You will need the latest version of at-spi and this patch http://bugzilla.gnome.org/attachment.cgi?id=104394.  
Build instrucions: http://live.gnome.org/Orca/Collection#head-3ae090ec1b4f2105a5cf063646ca711109147e14

Once you have logged out or restarted at-spi, use an up to date version of Orca and do a page summary command twice.  The command for a page summary is Orca+(double-click)enter, where enter is pressed twice and Orca=Insert(desktop key binding) or CapsLock(laptop key binding).  In addition, I will post a small Python test script that should illustrate the problem.
Comment 1 User image Aaron Leventhal 2008-02-05 07:51:30 PST
I have no idea. It's crashing in libc somewhere.
Comment 2 User image Scott Haeger 2008-02-05 08:01:50 PST
Created attachment 301506 [details]
test script to demonstrate crash

Look at the last 'for' loop on the script to tweak the test.  Removing the freeMatchRule() fixes the crash (but probably bleeds memory on my end).
Comment 3 User image Ginn Chen 2008-02-14 03:08:10 PST
It is either a bug of at-spi or your script.
I'll ask Li Yuan tomorrow.

Not a bug of Firefox, so close.
Comment 4 User image Aaron Leventhal 2008-02-14 05:39:15 PST
Ginn, why would it crash Firefox?
Comment 5 User image Scott Haeger 2008-02-14 06:28:59 PST
Firefox should be bullet proof and be able to handle any errant communication sent to it.  No client should ever be able to take down a server.
Comment 6 User image Aaron Leventhal 2008-02-14 08:13:04 PST
I agree with Scott.
Comment 7 User image Ginn Chen 2008-02-14 23:40:55 PST
Sorry, I was wrong about thinking it could be a bug of the script.
It's a bug of libspi library.

firefox loads libatk-bridge.so, which uses libspi.so.
It runs in firefox process to deal with CORBA requests.
If there's something wrong in libspi.so, firefox will crash.
Firefox can do nothing to avoid it.

I posted my comments and a patch at
http://bugzilla.gnome.org/show_bug.cgi?id=326516
Comment 8 User image Scott Haeger 2008-02-15 05:50:06 PST
Thanks for clarifying the problem and all your hard work.  I'll verify the collection patch today.

Note You need to log in before you can comment on or make changes to this bug.