Issue 165081 in chromium: [accessibility] Crash when opening Chrome Settings with NVDA screen reader running

[chro...@googlecode.com]

Status: Unconfirmed
Owner: ----
Labels: Stability-Crash Pri-2 Via-Wizard Type-Bug OS-Windows

New issue 165081 by ja...@nvaccess.org: [accessibility] Crash when opening
Chrome Settings with NVDA screen reader running
http://code.google.com/p/chromium/issues/detail?id=165081

UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20121207
Firefox/20.0

Steps to reproduce the problem:
1. Download NVDA from http://www.vda-project.org/snapshots/ and run it.
2. Open Chrome.
3. Open the Chrome menu and select Settings.

What is the expected behavior?
Settings should be opened.

What went wrong?
Chrome crashed!

Crashed report ID:

How much crashed? Whole browser

Is it a problem with a plugin? No

Did this work before? N/A

Chrome version: 25.0.1354.0 (Official Build171980) canary Channel: canary
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)

This isn't reproduceable 100% of the time. It seems to happen more for some
users than others. This doesn't seem to be caught by the crash reporter for
some reason. Here's the relevant output from WinDBG:

--
(444.ff4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
chrome_66930000!gfx::GLSurfaceAdapter::GetHandle:
66d18b03 8b4908 mov ecx,dword ptr [ecx+8]
ds:002b:00000008=????????
...
0:000:x86> kb
ChildEBP RetAddr Args to Child
003eef9c 67a2b5aa 003ef1ac 003eefc4 7664586c
chrome_66930000!gfx::GLSurfaceAdapter::GetHandle
[c:\b\build\slave\win\build\src\ui\gl\gl_surface.cc @ 222]
003eefa8 7664586c 06f61780 003ef1c0 00000202
chrome_66930000!NativeViewAccessibilityWin::get_windowHandle+0x31
[c:\b\build\slave\win\build\src\ui\views\accessibility\native_view_accessibility_win.cc
@ 583]
003eefc4 766c05f1 67a2b579 003ef1b0 00000002 RPCRT4!Invoke+0x2a
003ef3c8 75b4aec1 075bd318 07562310 0052cfc8 RPCRT4!NdrStubCall2+0x2ea
003ef410 75b4d876 075bd318 0052cfc8 07562310
ole32!CStdStubBuffer_Invoke+0x3c [d:\w7rtm\com\rpc\ndrole\stub.cxx @ 1507]
003ef458 75b4ddd0 0052cfc8 07590d48 00546948 ole32!SyncStubInvoke+0x3c
[d:\w7rtm\com\ole32\com\dcomrem\channelb.cxx @ 1187]
003ef4a4 75a68a43 0052cfc8 075d5550 075bd318 ole32!StubInvoke+0xb9
[d:\w7rtm\com\ole32\com\dcomrem\channelb.cxx @ 1396]
003ef580 75a68938 07562310 00000000 075bd318
ole32!CCtxComChnl::ContextInvoke+0xfa
[d:\w7rtm\com\ole32\com\dcomrem\ctxchnl.cxx @ 1262]
003ef59c 75a6950a 0052cfc8 00000001 075bd318 ole32!MTAInvoke+0x1a
[d:\w7rtm\com\ole32\com\dcomrem\callctrl.cxx @ 2105]
003ef5c8 75b4dccd 0052cfc8 00000001 075bd318 ole32!STAInvoke+0x46
[d:\w7rtm\com\ole32\com\dcomrem\callctrl.cxx @ 1924]
003ef5fc 75b4db41 d0908070 07562310 075bd318 ole32!AppInvoke+0xab
[d:\w7rtm\com\ole32\com\dcomrem\channelb.cxx @ 1086]
003ef6dc 75b4e1fd 0052cf70 0053a5b8 00000400
ole32!ComInvokeWithLockAndIPID+0x372
[d:\w7rtm\com\ole32\com\dcomrem\channelb.cxx @ 1724]
003ef704 75a69367 0052cf70 00000400 005093f0 ole32!ComInvoke+0xc5
[d:\w7rtm\com\ole32\com\dcomrem\channelb.cxx @ 1469]
003ef718 75a69326 0052cf70 00000000 75a69286 ole32!ThreadDispatch+0x23
[d:\w7rtm\com\ole32\com\dcomrem\chancont.cxx @ 298]
003ef75c 75da62fa 004704d4 00000400 0000babe ole32!ThreadWndProc+0x161
[d:\w7rtm\com\ole32\com\dcomrem\chancont.cxx @ 654]
003ef788 75da6d3a 75a69286 004704d4 00000400 USER32!InternalCallWinProc+0x23
003ef800 75da77c4 00000000 75a69286 004704d4
USER32!UserCallWinProcCheckWow+0x109
003ef860 75da788a 75a69286 00000000 003ef90c
USER32!DispatchMessageWorker+0x3bc
003ef870 66e0bc50 003ef944 00d0bd70 003ef944 USER32!DispatchMessageW+0xf
003ef90c 66ae76bf 003ef944 00000000 003ef960
chrome_66930000!views::AcceleratorHandler::Dispatch+0xe1
[c:\b\build\slave\win\build\src\ui\views\focus\accelerator_handler_win.cc @
53]
--

Looking at this output, it looks like the crash is caused by attempting to
obtain the window handle of an accessible object using IAccessible2.
Unfortunately, I'm not sure which object.

Related NVDA issue ticket: http://www.nvda-project.org/ticket/2851

[chro...@googlecode.com]

Updates:
Cc: ligim...@chromium.org

Comment #1 on issue 165081 by msrchan...@chromium.org: [accessibility]

Crash when opening Chrome Settings with NVDA screen reader running
http://code.google.com/p/chromium/issues/detail?id=165081

(No comment was entered for this change.)

[chro...@googlecode.com]

Updates:
Cc: rponn...@chromium.org
Labels: Action-FeedbackNeeded

Comment #2 on issue 165081 by rponn...@chromium.org: [accessibility] Crash

when opening Chrome Settings with NVDA screen reader running
http://code.google.com/p/chromium/issues/detail?id=165081

I have tested this issue on 26.0.1366.0 (Official Build 174109) canary &
windows7 with below steps

1. Opened http://www.nvda-project.org/wiki/Download > Downloaded NVDA > Run
the .exe
2. Opened Chrome > Tools > Settings -- Settings page opened with any crash

@ja...@nvaccess.org: Could please re-check and let us know if you are still
facing the issue.

[chro...@googlecode.com]

Updates:
Cc: smok...@chromium.org

Comment #3 on issue 165081 by smok...@chromium.org: [accessibility] Crash

when opening Chrome Settings with NVDA screen reader running
http://code.google.com/p/chromium/issues/detail?id=165081

@ Jamie, Can you please let us know if you are still seeing this issue ?

[chro...@googlecode.com]

Comment #4 on issue 165081 by ja...@nvaccess.org: [accessibility] Crash

when opening Chrome Settings with NVDA screen reader running
http://code.google.com/p/chromium/issues/detail?id=165081

I just tested this with the latest Chrome Canary build. The first time, I
saw a freeze, though I'm not sure if it was a crash, as I lost speech.
After that, I couldn't reproduce it any more, though I was never able to
reproduce this every time. I will ask on the NVDA ticket, as there seem to
be users who can reproduce this more reliably.

[chro...@googlecode.com]

Comment #5 on issue 165081 by smok...@chromium.org: [accessibility] Crash

when opening Chrome Settings with NVDA screen reader running
http://code.google.com/p/chromium/issues/detail?id=165081

Alright, Please try to get exact repro steps and also provide us if
possible try to fetch screenshots or captures.

[chro...@googlecode.com]

Comment #6 on issue 165081 by mitf07m...@gmail.com: [accessibility] Crash

when opening Chrome Settings with NVDA screen reader running
http://code.google.com/p/chromium/issues/detail?id=165081

Chrome: Version 24.0.1312.57 m
Windows 7 64 bit
NVDA Version: 2012.2.1

1. Run NVDA
2. Open any html form that contains inputs with attributes like aria-label
and aria-required

Observed Error
Chrome freezes and NVDA stops reading

[chro...@googlecode.com]

Updates:
Labels: Cr-UI-Accessibility

Comment #8 on issue 165081 by kenji...@chromium.org: [accessibility]

Crash when opening Chrome Settings with NVDA screen reader running
http://code.google.com/p/chromium/issues/detail?id=165081

(No comment was entered for this change.)

--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

[chro...@googlecode.com]

Updates:
Status: WontFix

Comment #9 on issue 165081 by dmaz...@chromium.org: [accessibility] Crash

when opening Chrome Settings with NVDA screen reader running
http://code.google.com/p/chromium/issues/detail?id=165081

This is old, can't reproduce anymore