New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Freeze when navigating by landmarks with certain labeled article landmarks #8980
Comments
I investigated the Python side of things, and it appears that the call to VBuf_findNodeByAttributes referenced at the bottom of the stack somehow causes a crash or hang in the VBufBackend, or rather VBufStorage. @jcsteh and @michaelDCurran are probably quicker at investigating this than I, since I'm on PTO even. :) Just found this yesterday while trying out the new Pinafore features. |
So far I have confirmed that regex_match is throwing regex_error with a code of error_stack. Apparently there is insufficient memory to check if the expression matches for some of the article names. At very least we can catch the c++ exception and keep searching. But it does mean next/prev landmark may skip certain articles. It would be good to work out what is special about these particular strings. It is certainly not the majority of them. |
To try to simplify the repro steps, I've created a static version of the page that reproduces the crash. So it should no longer be required to have a Mastodon account; you can just load this page: http://bl.ocks.org/nolanlawson/raw/07e732b654842a2fe62760c4bda179ee/ As in the original description, you should install the Enhanced Aria plugin and ensure that "Report articles" is enabled in the plugin settings. Then you can press D on the page and eventually you will repro the crash. |
I have tried increasing the stack size of all rpc server threads created for NvDAHelper. However, no matter how large I made the stack the problem remains. |
This kind of thing isn't supposed to matter with the STL, but could there be some weird restriction when you allocate a regexp on the stack? We could try building late and allocating on the heap (with That assumes it's size related.new).
|
This problem now also occurs in the Twitter PWA. I encountered it once while skipping through my notifications and once while reading through my Home timeline. |
Although I can't reproduce this yet in the Twitter example, back on the
original testcase:
The freeze occurs in Mozilla Firefox 64 and 67, but not Google Chrome 72
and 74.
I have verified that where the c++ regexp match freezes, both the
regular expression string and the input were identical in allBrowsers.
I will try and simplify the testcase down to a page with only that one
article that I know causes the freeze.
|
match_regexp freezes if the input is 295 characters or longer. It
doesn't matter what the characters are. I was able to reproduce it with
an article with an aria-label made up of 295 'x' characters.
I will investigate Jamie's idea about allocating the regexp object
differently.
|
Failing that, we could just trim any "name" strings longer than 100
characters or so. It's a bit arbitrary, but we don't ever search by name so
much as the "presence" of name, so I think we can live with it.
|
@jcsteh I logged both the regular expression, and the input string, where the regex match freezes. I doubt this is the cause, but I am finding it hard to read. Should name appear twice? and should IAccessible2::attribute_xml-roles appear twice for both region, and the other group of landmarks (search,main etc)? Here is the regular expression:
And here is the input string:
|
Actually, I think I get it. As the comments say: It has to match on all attributes for each dictionary. Never mind. Just never really read the output before. |
Steps to reproduce:
There are several prerequisites:
Steps:
Actual behavior:
NVDA produces an error sound, then falls silent. As if it partially crashed. Braille continues to blink, but won't respond to anything.
Expected behavior:
No crash.
System configuration:
NVDA Installed/portable/running from source:
Installed.
NVDA version:
NVDA version alpha-16298,c651588e
Windows version:
Windows 10 19H1 18282 build. But also happens on 1809 regular.
Name and version of other software in use when reproducing the issue:
Firefox Nightly 65.
Other information about your system:
Other questions:
Does the issue still occur after restarting your PC?
Yes.
Have you tried any other versions of NVDA?
2018.4beta, 2018.3.2, happens with both, too.
Log entries
Developer info for an article element that causes this problem:
INFO - globalCommands.GlobalCommands.script_navigatorObject_devInfo (15:28:21.299):
Developer info for navigator object:
name: u'Eric Eggert, RT @bigfinish@twitter.comComing September 2019, @BilliePiper is returning to the #DoctorWho universe in Rose Tyler: The Dimension Cannon. -> http://bit.ly/2FIKkiZFour episodes follow Rose\u2019s mission to seek out the Doctor, the only person who can save the doomed multiverse\u2026, 1 hour ago, @yatil@micro.yatil.net, Unlisted'
role: ROLE_DOCUMENT
states: STATE_READONLY, STATE_FOCUSABLE
isFocusable: True
hasFocus: False
Python object: <baseObject.Dynamic_BrokenFocusedStateDocumentMozillaIAccessible object at 0x05B715F0>
Python class mro: (<class 'baseObject.Dynamic_BrokenFocusedStateDocumentMozillaIAccessible'>, <class 'NVDAObjects.IAccessible.mozilla.BrokenFocusedState'>, <class 'NVDAObjects.IAccessible.mozilla.Document'>, <class 'NVDAObjects.IAccessible.mozilla.Mozilla'>, <class 'NVDAObjects.IAccessible.ia2Web.Document'>, <class 'NVDAObjects.IAccessible.ia2Web.Ia2Web'>, <class 'NVDAObjects.IAccessible.IAccessible'>, <class 'NVDAObjects.window.Window'>, <class 'NVDAObjects.NVDAObject'>, <class 'documentBase.TextContainerObject'>, <class 'baseObject.ScriptableObject'>, <class 'baseObject.AutoPropertyObject'>, <type 'object'>)
description: u''
location: RectLTWH(left=665, top=1398, width=900, height=1013)
value: None
appModule: <'firefox' (appName u'firefox', process ID 2012) at address 5766fb0>
appModule.productName: u'Firefox Nightly'
appModule.productVersion: u'65.0a1'
TextInfo: <class 'NVDAObjects.IAccessible.IA2TextTextInfo'>
windowHandle: 590326L
windowClassName: u'MozillaWindowClass'
windowControlID: 0
windowStyle: 399441920
windowThreadID: 14052
windowText: u'toot.cafe \xb7 Home - Firefox Nightly'
displayText: u''
IAccessibleObject: <POINTER(IAccessible2) ptr=0xc0e57b4 at 5a2b8f0>
IAccessibleChildID: 0
IAccessible event parameters: windowHandle=590326L, objectID=-4, childID=-67109111
IAccessible accName: u'Eric Eggert, RT @bigfinish@twitter.comComing September 2019, @BilliePiper is returning to the #DoctorWho universe in Rose Tyler: The Dimension Cannon. -> http://bit.ly/2FIKkiZFour episodes follow Rose\u2019s mission to seek out the Doctor, the only person' (truncated)
IAccessible accRole: ROLE_SYSTEM_DOCUMENT
IAccessible accState: STATE_SYSTEM_READONLY, STATE_SYSTEM_FOCUSABLE, STATE_SYSTEM_VALID (1048640)
IAccessible accDescription: u''
IAccessible accValue: None
IAccessible2 windowHandle: 590326
IAccessible2 uniqueID: -67109111
IAccessible2 role: ROLE_SYSTEM_DOCUMENT
IAccessible2 states: IA2_STATE_SELECTABLE_TEXT, IA2_STATE_OPAQUE (5120)
IAccessible2 attributes: u'margin-left:0px;text-align:start;text-indent:0px;setsize:20;container-busy:false;margin-right:0px;tag:article;class:status-article status-in-timeline;margin-top:0px;posinset:6;margin-bottom:0px;xml-roles:article;display:grid;explicit-name:true;'
End of nvda.log from pressing D before such a crash onwards
Input: kb(laptop):d
DEBUGWARNING - watchdog.watcher (15:24:05.726):
Trying to recover from freeze, core stack:
File "nvda.pyw", line 217, in
File "core.pyc", line 515, in main
File "wx\core.pyc", line 2134, in MainLoop
File "gui_init.pyc", line 963, in Notify
File "core.pyc", line 486, in run
File "queueHandler.pyc", line 86, in pumpAll
File "queueHandler.pyc", line 53, in flushQueue
File "scriptHandler.pyc", line 145, in _queueScriptCallback
File "scriptHandler.pyc", line 187, in executeScript
File "browseMode.pyc", line 414, in
File "browseMode.pyc", line 386, in quickNavScript
File "virtualBuffers_init.pyc", line 570, in _iterNodesByAttribs
DEBUGWARNING - brailleDisplayDrivers.handyTech.BrailleDisplayDriver._handleInputStream (15:24:10.657):
Unhandled extended packet of type 'U': 'U\x05'
DEBUGWARNING - brailleDisplayDrivers.handyTech.BrailleDisplayDriver._handleInputStream (15:24:10.709):
Unhandled extended packet of type 'U': 'U\xff'
DEBUGWARNING - brailleDisplayDrivers.handyTech.BrailleDisplayDriver._handleInputStream (15:24:10.759):
Unhandled extended packet of type 'U': 'U\x06'
DEBUGWARNING - brailleDisplayDrivers.handyTech.BrailleDisplayDriver._handleInputStream (15:24:10.809):
Unhandled extended packet of type 'U': 'U\xff'
DEBUGWARNING - brailleDisplayDrivers.handyTech.BrailleDisplayDriver._handleInputStream (15:24:10.907):
Unhandled extended packet of type 'U': 'U\x08'
DEBUGWARNING - brailleDisplayDrivers.handyTech.BrailleDisplayDriver._handleInputStream (15:24:11.061):
Unhandled extended packet of type 'U': 'U\xff'
DEBUGWARNING - brailleDisplayDrivers.handyTech.BrailleDisplayDriver._handleInputStream (15:24:11.161):
Unhandled extended packet of type 'U': 'U\n'
DEBUGWARNING - brailleDisplayDrivers.handyTech.BrailleDisplayDriver._handleInputStream (15:24:11.260):
Unhandled extended packet of type 'U': 'U\x0b'
DEBUGWARNING - brailleDisplayDrivers.handyTech.BrailleDisplayDriver._handleInputStream (15:24:11.311):
Unhandled extended packet of type 'U': 'U\xff'
DEBUGWARNING - brailleDisplayDrivers.handyTech.BrailleDisplayDriver._handleInputStream (15:24:11.460):
Unhandled extended packet of type 'U': 'U\r'
DEBUGWARNING - brailleDisplayDrivers.handyTech.BrailleDisplayDriver._handleInputStream (15:24:11.559):
Unhandled extended packet of type 'U': 'U\xff'
WARNING - watchdog.watcher (15:24:20.730):
Core frozen in stack:
File "nvda.pyw", line 217, in
File "core.pyc", line 515, in main
File "wx\core.pyc", line 2134, in MainLoop
File "gui_init.pyc", line 963, in Notify
File "core.pyc", line 486, in run
File "queueHandler.pyc", line 86, in pumpAll
File "queueHandler.pyc", line 53, in flushQueue
File "scriptHandler.pyc", line 145, in _queueScriptCallback
File "scriptHandler.pyc", line 187, in executeScript
File "browseMode.pyc", line 414, in
File "browseMode.pyc", line 386, in quickNavScript
File "virtualBuffers_init.pyc", line 570, in _iterNodesByAttribs
DEBUGWARNING - brailleDisplayDrivers.handyTech.BrailleDisplayDriver._handleInputStream (15:24:35.359):
Unhandled extended packet of type 'U': 'U\x01'
DEBUGWARNING - brailleDisplayDrivers.handyTech.BrailleDisplayDriver._handleInputStream (15:24:35.411):
Unhandled extended packet of type 'U': 'U\xff'
WARNING - watchdog.watcher (15:24:35.740):
Core frozen in stack:
File "nvda.pyw", line 217, in
File "core.pyc", line 515, in main
File "wx\core.pyc", line 2134, in MainLoop
File "gui_init.pyc", line 963, in Notify
File "core.pyc", line 486, in run
File "queueHandler.pyc", line 86, in pumpAll
File "queueHandler.pyc", line 53, in flushQueue
File "scriptHandler.pyc", line 145, in _queueScriptCallback
File "scriptHandler.pyc", line 187, in executeScript
File "browseMode.pyc", line 414, in
File "browseMode.pyc", line 386, in quickNavScript
File "virtualBuffers_init.pyc", line 570, in _iterNodesByAttribs
Other info
The pull request that will introduce these new names for the article elements into Pinafore is here.
The text was updated successfully, but these errors were encountered: