Summary: | Crash in AccessibilityMenuListOption::elementRect() | ||
---|---|---|---|
Product: | WebKit | Reporter: | Carlos Garcia Campos <cgarcia> |
Component: | Accessibility | Assignee: | Nobody <webkit-unassigned> |
Status: | NEW --- | ||
Severity: | Normal | CC: | apinheiro, bugzilla, cfleizach, jdiggs, mario, webkit-bug-importer |
Priority: | P2 | Keywords: | InRadar |
Version: | 528+ (Nightly build) | ||
Hardware: | Unspecified | ||
OS: | Unspecified |
Description
Carlos Garcia Campos
2014-10-13 10:41:53 PDT
I began looking into this and found other problems. The fix for one of those problems (see bug 137866) by side effect fixes this crash. For users who are not using assistive technologies. Once I figure out how to come up with a clever test case for one of the other problems, this crash will be fixed when using assistive technologies. HOWEVER, the underlying problem causing the crash reported here will persist and still needs to be fixed. (Not yet sure it's a webkit bug however. At least for me, the bug reported here is only reproducible if I use current versions of the build dependencies; using the older versions of the dependencies specified by our jhbuild moduleset results in my seeing no crash.) (In reply to comment #2) > Once I figure out how to come up with a clever test case for one of the > other problems, this crash will be fixed when using assistive technologies. I've not yet come up with that clever test case, but I went ahead and filed bug 137867 and attached the currently-test-free patch. Another of the problems is that you can have the right parent and grandparent, but one of those ancestors gets deliberately removed from the document and then atk_object_ref_state_set() gets called for the selected option. So for that issue, I've just opened bug 138727 and attached a patch for that. So in summary: * Bug 137866 fixes the emission of bogus accessible events on non-focused options, even when we have the correct parent and grandparent. That fix is committed and should make the crash reported here extremely unlikely for most users. * Bug 137867 fixes the role returned for detached accessible objects, so ATs won't innocently poke at moribund accessible objects. That fix is committed and should make the crash reported here extremely unlikely for users of assistive technologies. * Bug 138727 sanity checks for validly null parent and grandparent objects. It's a tiny patch so hopefully it will be reviewed and committed soon. And that should guarantee that the crash here cannot occur. What remains is figuring out why we're not getting the right parent in the case described in the opening report. I'll do that next. (Keeping this bug here open as it's become the metabug.) |