New issue
Advanced search Search tips

Issue 781902 link

Starred by 2 users
Status: Fixed
Owner: ----
Closed: Nov 2017
Cc:
thomasanderson@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug
Team-Accessibility

Blocked on:
issue 780973


Sign in to add a comment

ATK: launching accerciser after Chromium (with a11y enabled) crashes

Project Member Reported by jose.dap...@lge.com, Nov 6 2017 
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36

Steps to reproduce the problem:
Precondition: accerciser is not running.
1. Launch chromium with ACCESSIBILITY_ENABLED=1 set in environment
2. Launch accerciser
3. 

What is the expected behavior?
Accerciser shows Chromium accessibility tree (with proper contents, so more than 0 children of application node).

What went wrong?
Chromium crashes:
Received signal 11 SEGV_MAPERR 000000000020
#0 0x7f882d96bf3d base::debug::StackTrace::StackTrace()
#1 0x7f882d96a36c base::debug::StackTrace::StackTrace()
#2 0x7f882d96b8f5 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x7f882dec7150 <unknown>
#4 0x7f8828cbab40 content::BrowserAccessibilityAuraLinux::GetAtkObject()
#5 0x7f8828cbb7d7 content::browser_accessibility_ref_child()
#6 0x7f881199a163 <unknown>
#7 0x7f881199a253 <unknown>
#8 0x7f8817d36775 g_type_create_instance
#9 0x7f8817d175e8 <unknown>
#10 0x7f8817d18d85 g_object_new_with_properties
#11 0x7f8817d19801 g_object_new
#12 0x7f881199bf01 <unknown>
#13 0x7f881199c77f <unknown>
#14 0x7f88119a3a65 <unknown>
#15 0x7f88119a140d <unknown>
#16 0x7f8811261fd3 <unknown>
#17 0x7f8811253624 dbus_connection_dispatch
#18 0x7f880d2b5525 <unknown>
#19 0x7f8817a38fb7 g_main_context_dispatch
#20 0x7f8817a391f0 <unknown>
#21 0x7f8817a3927c g_main_context_iteration
#22 0x7f882da1ce1f base::MessagePumpGlib::Run()
#23 0x7f882da187cc base::MessageLoop::Run()
#24 0x7f882dac58fb base::RunLoop::Run()
#25 0x559fe6325add ChromeBrowserMainParts::MainMessageLoopRun()
#26 0x7f8827e897f6 content::BrowserMainLoop::RunMainMessageLoopParts()
#27 0x7f8827e9363f content::BrowserMainRunnerImpl::Run()
#28 0x7f8827e7d1ab content::BrowserMain()
#29 0x7f88299b6e08 content::RunNamedProcessTypeMain()
#30 0x7f88299b99fa content::ContentMainRunnerImpl::Run()
#31 0x7f88299afebd content::ContentServiceManagerMainDelegate::RunEmbedderProcess()
#32 0x7f882e16089d service_manager::Main()
#33 0x7f88299b5c4f content::ContentMain()
#34 0x559fe4b6d22e ChromeMain
#35 0x559fe4b6d142 main
#36 0x7f881530e1c1 __libc_start_main
#37 0x559fe4b6d029 <unknown>

Crashed report ID: 

How much crashed? Whole browser

Is it a problem with a plugin? No 

Did this work before? N/A 

Chrome version: 64.0.3261.0  Channel: canary
OS Version: Ubuntu 17.04
Flash Version: 

It looks like, as atk bridge traverses the accessibility tree due to the request from accerciser, we find an AXNode that has no ATK object created, and fetching it we get a crash.

Comment 1 by ligim...@chromium.org, Nov 6 2017

Components: Internals>Accessibility

Comment 2 by manoranj...@chromium.org, Nov 6 2017

Cc: thomasanderson@chromium.org

Comment 3 by thomasanderson@chromium.org, Nov 6 2017

Blocking: 780973

Comment 4 by thomasanderson@chromium.org, Nov 6 2017

Blockedon: 780973
Blocking: -780973

Comment 5 by pnangunoori@chromium.org, Nov 7 2017

Labels: TE-NeedsTriageHelp

Comment 6 by jose.dap...@lge.com, Nov 7 2017 

Problem was partial adaptation to the PlatformGetChild/PlatformChildCount API. I'll submit a fix today.
Project Member

Comment 7 by bugdroid1@chromium.org, Nov 8 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/354403c148b16c6a99e4175e5a52766a269b1da2

commit 354403c148b16c6a99e4175e5a52766a269b1da2
Author: Jose Dapena Paz <jose.dapena@lge.com>
Date: Wed Nov 08 07:55:02 2017

Fix ATK object children retrieval if there is a child manager.

Desktop Linux Chromium would crash with accessibility enabled if
AT-SPI would retrieve the full tree after Chromium was launched
(i.e. launching Chromium, then accerciser).

The reason was that, while get_n_children would call PlatformChildCount,
ref_child would call InternalGetChild. This way we were not taking
into account the case of a children manager, that is not retrieved
through InternalGetChild.

Bug:  781902 
Change-Id: I28a23a539fe08699551fd866f2b1aa74f5e40a98
Reviewed-on: https://chromium-review.googlesource.com/757318
Commit-Queue: José Dapena Paz <jose.dapena@lge.com>
Reviewed-by: Dominic Mazzoni <dmazzoni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#514775}
[modify] https://crrev.com/354403c148b16c6a99e4175e5a52766a269b1da2/content/browser/accessibility/browser_accessibility_auralinux.cc

Comment 8 by jose.dap...@lge.com, Nov 29 2017

Status: Fixed (was: Unconfirmed)

Sign in to add a comment