New issue
Advanced search Search tips

Issue 792232 link

Starred by 6 users
Status: Verified
Owner: ----
Closed: Jul 26
Cc:
dmazz...@chromium.org
katie@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Chrome
Pri: 3
Type: Bug
Team-Accessibility



Sign in to add a comment

Trying to show the native accessibility tree from chrome://accessibility causes a crash

Project Member Reported by katie@chromium.org, Dec 5 2017 
ChromeOS on Linux.

Received signal 11 SEGV_MAPERR 000000000000
#0 0x7f1b9c5ed6cc base::debug::StackTrace::StackTrace()
#1 0x7f1b9c5ed231 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7f1b9c72e330 <unknown>
#3 0x7f1b99f71a69 content::(anonymous namespace)::RecursiveDumpAXPlatformNodeAsString()
#4 0x7f1b99f715d9 content::AccessibilityUIMessageHandler::RequestNativeUITree()
#5 0x7f1b9a390570 _ZN3IPC8MessageTI27FrameHostMsg_WebUISend_MetaNSt3__15tupleIJ4GURLNS2_12basic_stringIcNS2_11char_traitsIcEENS2_9allocatorIcEEEEN4base9ListValueEEEEvE8DispatchIN7content9WebUIImplESH_NSG_15RenderFrameHostEMSH_FvPSI_RKS4_RKSA_RKSC_EEEbPKNS_7MessageEPT_PT0_PT1_T2_
#6 0x7f1b9a3904a7 content::WebUIImpl::OnMessageReceived()
#7 0x7f1b9a3669d5 content::WebContentsImpl::OnMessageReceived()
#8 0x7f1b9a110c05 content::RenderFrameHostImpl::OnMessageReceived()
#9 0x7f1b9ba24f1b IPC::ChannelProxy::Context::OnDispatchMessage()
#10 0x7f1b9c5edf5f base::debug::TaskAnnotator::RunTask()
#11 0x7f1b9c6141b7 base::MessageLoop::RunTask()
#12 0x7f1b9c614719 base::MessageLoop::DoWork()
#13 0x7f1b9c615b39 base::MessagePumpLibevent::Run()
#14 0x7f1b9c63cbf5 base::RunLoop::Run()
#15 0x55de910dea3b ChromeBrowserMainParts::MainMessageLoopRun()
#16 0x7f1b99ff9787 content::BrowserMainLoop::RunMainMessageLoopParts()
#17 0x7f1b99ffc2b2 content::BrowserMainRunnerImpl::Run()
#18 0x7f1b99ff5abc content::BrowserMain()
#19 0x7f1b9a76ac95 content::ContentMainRunnerImpl::Run()
#20 0x7f1b9cb0c536 service_manager::Main()
#21 0x7f1b9a769834 content::ContentMain()
#22 0x55de908c916f ChromeMain
#23 0x7f1b91769f45 __libc_start_main
#24 0x55de908c8e4a _start
  r8: 0000000000000000  r9: 000000000000001c r10: 0000000000000020 r11: 00007f1b918d2110
 r12: 0000000000000000 r13: 00007ffd68554231 r14: 0000000000000000 r15: 00007ffd68554230
  di: 00007ffd68554230  si: 0000000000000000  bp: 00007ffd685540d0  bx: 0000000000000000
  dx: 0000000000000000  ax: 0000000000000000  cx: 00007f1b98943088  sp: 00007ffd68554070
  ip: 00007f1b99f71a69 efl: 0000000000010246 cgf: 0000000000000033 erf: 0000000000000004
 trp: 000000000000000e msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]

Comment 1 by katie@chromium.org, Dec 5 2017 

This is at HEAD / Trunk.

Comment 2 by dsexton@chromium.org, Dec 11 2017

Labels: OS-Linux

Comment 3 by timbrown@chromium.org, Mar 1 2018

Labels: OS-Chrome

Comment 4 by jamwalla@chromium.org, Jul 26 

 Issue 798032  has been merged into this issue.

Comment 5 by jamwalla@chromium.org, Jul 26 

Issue 825126 has been merged into this issue.

Comment 6 by jamwalla@chromium.org, Jul 26 

 Issue 865816  has been merged into this issue.
Project Member

Comment 7 by bugdroid1@chromium.org, Jul 26 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bd2b45bd90ca3b74260b4a592414c38f4564b291

commit bd2b45bd90ca3b74260b4a592414c38f4564b291
Author: James Wallace-Lee <jamwalla@chromium.org>
Date: Thu Jul 26 21:56:24 2018

chrome://accessibility: check for nullptr when converting node to string

RecursiveDumpAXPlatformNodeAsString in accessibility_ui.cc should check
that the node is not null (it previously checked only child nodes). On
Chrome OS, this was causing a crash in RequestNativeUITree when
AXPlatformNode::FromNativeWindow returned null.

Bug:  792232 
Change-Id: Iac07412484b6304ef43906976cb687316b171a21
Reviewed-on: https://chromium-review.googlesource.com/1152109
Commit-Queue: James Wallace-Lee <jamwalla@chromium.org>
Reviewed-by: Dominic Mazzoni <dmazzoni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#578450}
[modify] https://crrev.com/bd2b45bd90ca3b74260b4a592414c38f4564b291/chrome/browser/accessibility/accessibility_ui.cc

Comment 8 by jamwalla@chromium.org, Jul 26

Status: Fixed (was: Untriaged)
This crash was caused by a null pointer dereference, since Chrome OS doesn't have AXPlatformNodes for the native UI. I filed issue 868152 to implement "show native accessibility tree" for chrome os.

Comment 9 by leberly@chromium.org, Jul 30

Labels: a11y-testers

Comment 10 by leberly@chromium.org, Jul 30

Labels: -a11y-testers
Status: Verified (was: Fixed)
Google Chrome	70.0.3505.0 (Official Build) canary (64-bit)
Firmware Version	Google_Eve.9584.160.0

Verified using these steps:

Steps to reproduce:
# Navigate to chrome://accessibility/
# Click on "show accessibility tree" under the heading "Chrome Native UI"
I kept the default setting of 0, set it to -8 since it allowed negative numbers, and set it to 60000 ms. All three did not crash (though they didn't produce results either, but that doesn't stop this bug from being verified.)

Sign in to add a comment