GNOME.org
 

[orca-list] Interesting Chromium accessibility-related crash

Dear Orca users/developers,
I can reproduce a crash in Chromium 104 by accessing the following page from the MIT Kerberos documentation and pressing "h" several times quickly to move through the headings. 

https://web.mit.edu/kerberos/krb5-latest/doc/admin/spake.html
I'm using a fairly recent version of Orca from the Git repository. The backtrace indicates that the bug is accessibility-related - output below. 

Can anyone else reproduce this issue?

#0  0x00007ff1e80bf55e in std::local_Rb_tree_decrement (__x=0x306802289c80)
    at /usr/src/debug/gcc/libstdc++-v3/src/c++98/tree.cc:98
#1  std::_Rb_tree_decrement(std::_Rb_tree_node_base*) (__x=0x306802289c80)
    at /usr/src/debug/gcc/libstdc++-v3/src/c++98/tree.cc:123
#2  0x000055a149d19e49 in ui::(anonymous namespace)::atk_text::GetRunAttributes(_AtkText*, int, int*, int*) [clone .097c020c6a847346fc260d73f591d0eb] () 
#3  0x00007ff1eabad00e in atk_text_get_run_attributes
    (text=0x306803a18130, offset=0, start_offset=<optimized out>, end_offset=<optimized out>) at ../atk/atk/atktext.c:781 
        iface = <optimized out>
        local_start_offset = 1410598037
        local_end_offset = 1841970176
        real_start_offset = 0x7ffcc4a3c088
        real_end_offset = 0x7ffcc4a3c08c
        __func__ = "atk_text_get_run_attributes"
#4  0x00007ff1eab81388 in  () at /usr/lib/libatk-bridge-2.0.so.0
#5  0x00007ff1eab794f6 in  () at /usr/lib/libatk-bridge-2.0.so.0
#6  0x00007ff1ea8548c1 in dbus_connection_dispatch ()
    at /usr/lib/libdbus-1.so.3
#7  0x00007ff1e848003b in message_queue_dispatch
    (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at ../at-spi2-core/atspi/atspi-gmain.c:89 
        connection = 0x3068009f1b80
#8  0x00007ff1eb379c6b in g_main_dispatch (context=0x306803421e00) at ../glib/glib/gmain.c:3417 
        dispatch = 0x7ff1e8480020 <message_queue_dispatch>
        prev_source = 0x30680031be20
        begin_time_nsec = 1724594353315
        was_in_call = 0
        user_data = 0x0
        callback = 0x0
        cb_funcs = 0x0
        cb_data = 0x0
        need_destroy = <optimized out>
        source = 0x306803a388c0
        current = 0x30680073d9a0
        i = 0
#9  g_main_context_dispatch (context=0x306803421e00) at ../glib/glib/gmain.c:4135 #10 0x00007ff1eb3d0001 in g_main_context_iterate.constprop.0 (context=0x306803421e00, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/glib/gmain.c:4211 
        max_priority = 0
        timeout = 0
        some_ready = 1
        nfds = 4
        allocated_nfds = <optimized out>
        fds = <optimized out>
        begin_time_nsec = 1724594350530
#11 0x00007ff1eb3791cf in g_main_loop_run (loop=0x3068038299b0) at ../glib/glib/gmain.c:4411 
        __func__ = "g_main_loop_run"
#12 0x00007ff1eab73a27 in  () at /usr/lib/libatk-bridge-2.0.so.0
#13 0x000055a149d07e1e in ui::AtkUtilAuraLinux::HandleAtkKeyEvent(_AtkKeyEventStruct*) () #14 0x000055a150099a1a in non-virtual thunk to views::DesktopWindowTreeHostLinux::OnAtkKeyEvent(_AtkKeyEventStruct*, bool) () 
#15 0x000055a1494cc458 in ui::X11Window::DispatchEvent(ui::Event* const&) ()
#16 0x000055a1494ccb0d in non-virtual thunk to ui::X11Window::DispatchEvent(ui::Event* const&) () #17 0x000055a14db395df in ui::PlatformEventSource::DispatchEvent(ui::Event*) () 
#18 0x000055a14e21e484 in ui::X11EventSource::OnEvent(x11::Event const&) ()
#19 0x000055a148ee2f3c in x11::Connection::DispatchEvent(x11::Event const&) () 
#20 0x000055a148ee2a9d in x11::Connection::ProcessNextEvent() ()
#21 0x000055a148ee255b in x11::Connection::Dispatch() ()
#22 0x000055a14e221ff3 in ui::(anonymous namespace)::XSourceDispatch(_GSource*, int (*)(void*), void*) [clone .a7be18aa7232d78f4beaa50f62e2ca79] [clone .cfi] () #23 0x00007ff1eb379c6b in g_main_dispatch (context=0x55a1542646a0 <(anonymous namespace)::GetActiveKeySnoopFunctions()::active_key_snoop_functions+8>) at ../glib/glib/gmain.c:3417         dispatch = 0x7ff1e80bf4b0 <std::_Rb_tree_increment(std::_Rb_tree_node_base*)> 
        prev_source = 0x0
        begin_time_nsec = 1724579554197
        was_in_call = 0
        user_data = 0x30680023ea00
        callback = 0x0
        cb_funcs = 0x0
        cb_data = 0x3068006bd480
        need_destroy = <optimized out>
        source = 0x30680211b400
        current = 0x30680073d9a0
        i = 123696928
#24 g_main_context_dispatch (context=0x55a1542646a0 <(anonymous namespace)::GetActiveKeySnoopFunctions()::active_key_snoop_functions+8>) at ../glib/glib/gmain.c:4135 #25 0x00007ff1eb3d0001 in g_main_context_iterate.constprop.0 (context=context@entry=0x30680023c780, block=block@entry=0, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/glib/gmain.c:4211 
        max_priority = 2147483647
        timeout = 0
        some_ready = 1
        nfds = 7
        allocated_nfds = <optimized out>
        fds = <optimized out>
        begin_time_nsec = 1724579537607
#26 0x00007ff1eb377392 in g_main_context_iteration (context=0x30680023c780, may_block=0) at ../glib/glib/gmain.c:4276 
        retval = <optimized out>
#27 0x000055a14d0ad4f4 in base::MessagePumpGlib::Run(base::MessagePump::Delegate*) () #28 0x000055a14d113fba in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) () 
#29 0x000055a14d0d903f in base::RunLoop::Run(base::Location const&) ()
#30 0x000055a14a400e98 in content::BrowserMainLoop::RunMainMessageLoop() ()
#31 0x000055a14a4036b3 in content::BrowserMainRunnerImpl::Run() ()
#32 0x000055a14a3fd2a5 in content::BrowserMain(content::MainFunctionParams) () 
#33 0x000055a14cabc0c0 in content::ContentMainRunnerImpl::Run() ()
#34 0x000055a14cab8e39 in content::ContentMain(content::ContentMainParams) () 
#35 0x000055a148aca986 in ChromeMain ()
#36 0x00007ff1e7e3f2d0 in __libc_start_call_main (main=main@entry=0x55a148aca740 <main>, argc=argc@entry=3, argv=0x7ffcc4a3d368, argv@entry=0x306800215e01) at ../sysdeps/nptl/libc_start_call_main.h:58 
        self = <optimized out>
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140723607556968, 1230062217324549272, 0, 140723607557000, 94151380936408, 140677011542016, -1230742367359445864, -1228989197163146088}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7ffcc4a3d368, 0x3}, data = {prev = 0x0, cleanup = 0x0, canceltype = -995896472}}} 
        not_first_call = <optimized out>
#37 0x00007ff1e7e3f38a in __libc_start_main_impl (main=0x55a148aca740 <main>, argc=3, argv=0x306800215e01, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcc4a3d358) at ../csu/libc-start.c:381 
#38 0x000055a1486a0025 in _start () at ../sysdeps/x86_64/start.S:115
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]