Bug 1308397: Fix stack overflow by ensuring that ProxyAccessible::GetCOMInterface uses its real MSAA ID to lazily resolve its COM proxy, instead of using CHILDID_SELF; r=tbsaunde, a=gchang
authorAaron Klotz <aklotz@mozilla.com>
Mon, 17 Oct 2016 12:39:16 -0600
changeset 358405 cb7f5639c1473b8bad95e8f848f2b3ba6ff89753
parent 358404 27d41ff392d04ea080baad0ae16b79666f5bc103
child 358406 1bb0c02b6c1ce9ed61e2e08b8f37eef5899a7e31
push id1324
push usermtabara@mozilla.com
push dateMon, 16 Jan 2017 13:07:44 +0000
treeherdermozilla-release@a01c49833940 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstbsaunde, gchang
bugs1308397
milestone51.0a2
Bug 1308397: Fix stack overflow by ensuring that ProxyAccessible::GetCOMInterface uses its real MSAA ID to lazily resolve its COM proxy, instead of using CHILDID_SELF; r=tbsaunde, a=gchang MozReview-Commit-ID: 20xdOlcCXed
accessible/ipc/win/ProxyAccessible.cpp
--- a/accessible/ipc/win/ProxyAccessible.cpp
+++ b/accessible/ipc/win/ProxyAccessible.cpp
@@ -31,17 +31,22 @@ ProxyAccessible::GetCOMInterface(void** 
     return false;
   }
 
   if (!mCOMProxy) {
     // See if we can lazily obtain a COM proxy
     AccessibleWrap* wrap = WrapperFor(this);
     bool isDefunct = false;
     ProxyAccessible* thisPtr = const_cast<ProxyAccessible*>(this);
-    thisPtr->mCOMProxy = wrap->GetIAccessibleFor(kChildIdSelf, &isDefunct);
+    // NB: Don't pass CHILDID_SELF here, use the absolute MSAA ID. Otherwise
+    // GetIAccessibleFor will recurse into this function and we will just
+    // overflow the stack.
+    VARIANT realId = {VT_I4};
+    realId.ulVal = wrap->GetExistingID();
+    thisPtr->mCOMProxy = wrap->GetIAccessibleFor(realId, &isDefunct);
   }
 
   RefPtr<IAccessible> addRefed = mCOMProxy;
   addRefed.forget(aOutAccessible);
   return !!mCOMProxy;
 }
 
 void