Bug 30565

Summary: [Gtk] accessibility/iframe-bastardization.html fails on Gtk+
Product: WebKit Reporter: Alejandro G. Castro <alex>
Component: AccessibilityAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   

Description Alejandro G. Castro 2009-10-20 05:48:17 PDT
It crashes due to a assertion:

** CRITICAL **: AtkObject* webkit_accessible_ref_child(AtkObject*, gint): assertion `static_cast<size_t>(index) < coreObject->children().size()' failed
aborting...

Program received signal SIGTRAP, Trace/breakpoint trap.
0x00007fffee61d1f9 in IA__g_logv (log_domain=0x0, log_level=G_LOG_LEVEL_CRITICAL, format=0x7fffee685975 "%s: assertion `%s' failed", args1=0x7fffffffba50) at gmessages.c:545
545			G_BREAKPOINT ();
Current language:  auto; currently c
(gdb) bt
#0  0x00007fffee61d1f9 in IA__g_logv (log_domain=0x0, log_level=G_LOG_LEVEL_CRITICAL, format=0x7fffee685975 "%s: assertion `%s' failed", args1=0x7fffffffba50) at gmessages.c:545
#1  0x00007fffee61d391 in IA__g_log (log_domain=0x0, log_level=G_LOG_LEVEL_CRITICAL, format=0x7fffee685975 "%s: assertion `%s' failed") at gmessages.c:569
#2  0x00007fffee61d3e5 in IA__g_return_if_fail_warning (log_domain=0x0, pretty_function=0x7ffff717cee0 "AtkObject* webkit_accessible_ref_child(AtkObject*, gint)", 
    expression=0x7ffff717c5e0 "static_cast<size_t>(index) < coreObject->children().size()") at gmessages.c:584
#3  0x00007ffff69c2178 in webkit_accessible_ref_child (object=0x83b000, index=0) at WebCore/accessibility/gtk/AccessibilityObjectWrapperAtk.cpp:155
#4  0x00007ffff106cc71 in atk_object_ref_accessible_child (accessible=0x83b000, i=0) at atkobject.c:800
#5  0x000000000040e18f in AccessibilityUIElement::getChildrenWithRange (this=0x8413d0, elementVector=..., start=0, end=1)
    at WebKitTools/DumpRenderTree/gtk/AccessibilityUIElementGtk.cpp:73
#6  0x000000000040e1fd in AccessibilityUIElement::getChildAtIndex (this=0x8413d0, index=0) at WebKitTools/DumpRenderTree/gtk/AccessibilityUIElementGtk.cpp:97
#7  0x000000000040780b in childAtIndexCallback (context=0x7fffe5f430a8, function=0x7ffff7f83080, thisObject=0x7ffff7f83100, argumentCount=1, arguments=0x7fffffffbd58, 
    exception=0x7fffffffbdf8) at WebKitTools/DumpRenderTree/AccessibilityUIElement.cpp:161
#8  0x00007ffff60fa7ad in JSC::JSCallbackFunction::call (exec=0x7fffe5f430a8, functionObject=0x7ffff7f83080, thisValue=..., args=...)
    at JavaScriptCore/API/JSCallbackFunction.cpp:65
#9  0x00007ffff6136d3a in cti_op_call_NotJSFunction (args=0x7fffffffbf50) at JavaScriptCore/jit/JITStubs.cpp:1613
#10 0x00007ffff612fe71 in doubleHash (key=0) at ./JavaScriptCore/wtf/HashTable.h:437
#11 0x00007ffff616474e in JSC::JITCode::execute (this=0x71ded8, registerFile=0x7c5b68, callFrame=0x7fffe5f43048, globalData=0x7c17d0, exception=0x7fffffffc180)
    at ./JavaScriptCore/jit/JITCode.h:79
#12 0x00007ffff615522a in JSC::Interpreter::execute (this=0x7c5b50, program=0x71dec0, callFrame=0x7d71e8, scopeChain=0x7d7460, thisObj=0x7ffff7f80000, exception=0x7fffffffc180)
    at JavaScriptCore/interpreter/Interpreter.cpp:613
#13 0x00007ffff62142b2 in JSC::evaluate (exec=0x7d71e8, scopeChain=..., source=..., thisValue=...) at JavaScriptCore/runtime/Completion.cpp:60
#14 0x00007ffff62cd8bd in WebCore::ScriptController::evaluate (this=0x6fb428, sourceCode=...) at WebCore/bindings/js/ScriptController.cpp:111
#15 0x00007ffff62dce2f in WebCore::ScriptController::executeScript (this=0x6fb428, sourceCode=...) at WebCore/bindings/ScriptControllerBase.cpp:46
#16 0x00007ffff653d272 in WebCore::HTMLTokenizer::scriptExecution (this=0x72bf70, sourceCode=..., state=...) at WebCore/html/HTMLTokenizer.cpp:565
#17 0x00007ffff653dffd in WebCore::HTMLTokenizer::scriptHandler (this=0x72bf70, state=...) at WebCore/html/HTMLTokenizer.cpp:507
#18 0x00007ffff653e78c in WebCore::HTMLTokenizer::parseNonHTMLText (this=0x72bf70, src=..., state=...) at WebCore/html/HTMLTokenizer.cpp:353
#19 0x00007ffff6540f95 in WebCore::HTMLTokenizer::parseTag (this=0x72bf70, src=..., state=...) at WebCore/html/HTMLTokenizer.cpp:1524
#20 0x00007ffff6541afc in WebCore::HTMLTokenizer::write (this=0x72bf70, str=..., appendData=true) at WebCore/html/HTMLTokenizer.cpp:1758
#21 0x00007ffff65cae76 in WebCore::FrameLoader::write (this=0x6fb050, 
    str=0x7b7fb0 "<html>\n<script>\n    if (window.layoutTestController)\n        layoutTestController.dumpAsText();\n</script>\n<body id=\"body\">\n\n    <!-- This test makes sure that the AX parent chain hierarchy with iframe"..., len=1468, flush=false) at WebCore/loader/FrameLoader.cpp:907
#22 0x00007ffff65cafad in WebCore::FrameLoader::addData (this=0x6fb050, 
    bytes=0x7b7fb0 "<html>\n<script>\n    if (window.layoutTestController)\n        layoutTestController.dumpAsText();\n</script>\n<body id=\"body\">\n\n    <!-- This test makes sure that the AX parent chain hierarchy with iframe"..., length=1468) at WebCore/loader/FrameLoader.cpp:1529
#23 0x00007ffff60d01ab in WebKit::FrameLoaderClient::committedLoad (this=0x6fa540, loader=0x7abb30, 
    data=0x7b7fb0 "<html>\n<script>\n    if (window.layoutTestController)\n        layoutTestController.dumpAsText();\n</script>\n<body id=\"body\">\n\n    <!-- This test makes sure that the AX parent chain hierarchy with iframe"..., length=1468) at WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:150
#24 0x00007ffff65c294e in WebCore::FrameLoader::committedLoad (this=0x6fb050, loader=0x7abb30, 
    data=0x7b7fb0 "<html>\n<script>\n    if (window.layoutTestController)\n        layoutTestController.dumpAsText();\n</script>\n<body id=\"body\">\n\n    <!-- This test makes sure that the AX parent chain hierarchy with iframe"..., length=1468) at WebCore/loader/FrameLoader.cpp:3270
#25 0x00007ffff65ad243 in WebCore::DocumentLoader::commitLoad (this=0x7abb30, 
    data=0x7b7fb0 "<html>\n<script>\n    if (window.layoutTestController)\n        layoutTestController.dumpAsText();\n</script>\n<body id=\"body\">\n\n    <!-- This test makes sure that the AX parent chain hierarchy with iframe"..., length=1468) at WebCore/loader/DocumentLoader.cpp:342
---Type <return> to continue, or q <return> to quit---
#26 0x00007ffff65ad29c in WebCore::DocumentLoader::receivedData (this=0x7abb30, 
    data=0x7b7fb0 "<html>\n<script>\n    if (window.layoutTestController)\n        layoutTestController.dumpAsText();\n</script>\n<body id=\"body\">\n\n    <!-- This test makes sure that the AX parent chain hierarchy with iframe"..., length=1468) at WebCore/loader/DocumentLoader.cpp:354
#27 0x00007ffff65c58df in WebCore::FrameLoader::receivedData (this=0x6fb050, 
    data=0x7b7fb0 "<html>\n<script>\n    if (window.layoutTestController)\n        layoutTestController.dumpAsText();\n</script>\n<body id=\"body\">\n\n    <!-- This test makes sure that the AX parent chain hierarchy with iframe"..., length=1468) at WebCore/loader/FrameLoader.cpp:2117
#28 0x00007ffff65dab60 in WebCore::MainResourceLoader::addData (this=0x7aec00, 
    data=0x7b7fb0 "<html>\n<script>\n    if (window.layoutTestController)\n        layoutTestController.dumpAsText();\n</script>\n<body id=\"body\">\n\n    <!-- This test makes sure that the AX parent chain hierarchy with iframe"..., length=1468, allAtOnce=false) at WebCore/loader/MainResourceLoader.cpp:143
#29 0x00007ffff65e53a2 in WebCore::ResourceLoader::didReceiveData (this=0x7aec00, 
    data=0x7b7fb0 "<html>\n<script>\n    if (window.layoutTestController)\n        layoutTestController.dumpAsText();\n</script>\n<body id=\"body\">\n\n    <!-- This test makes sure that the AX parent chain hierarchy with iframe"..., length=1468, lengthReceived=1468, allAtOnce=false) at WebCore/loader/ResourceLoader.cpp:248
#30 0x00007ffff65da3bc in WebCore::MainResourceLoader::didReceiveData (this=0x7aec00, 
    data=0x7b7fb0 "<html>\n<script>\n    if (window.layoutTestController)\n        layoutTestController.dumpAsText();\n</script>\n<body id=\"body\">\n\n    <!-- This test makes sure that the AX parent chain hierarchy with iframe"..., length=1468, lengthReceived=1468, allAtOnce=false) at WebCore/loader/MainResourceLoader.cpp:374
#31 0x00007ffff65e488d in WebCore::ResourceLoader::didReceiveData (this=0x7aec00, 
    data=0x7b7fb0 "<html>\n<script>\n    if (window.layoutTestController)\n        layoutTestController.dumpAsText();\n</script>\n<body id=\"body\">\n\n    <!-- This test makes sure that the AX parent chain hierarchy with iframe"..., length=1468, lengthReceived=1468) at WebCore/loader/ResourceLoader.cpp:398
#32 0x00007ffff69f6f0c in readCallback (source=0x7ae980, res=0x7ae760) at WebCore/platform/network/soup/ResourceHandleSoup.cpp:729
#33 0x00007fffef1a67b0 in async_ready_callback_wrapper (source_object=0x7ae980, res=0x7ae760, user_data=0x0) at ginputstream.c:471
#34 0x00007fffef1b7d04 in IA__g_simple_async_result_complete (simple=0x7ae760) at gsimpleasyncresult.c:588
#35 0x00007fffef1b7e92 in complete_in_idle_cb_for_thread (_data=0x6b1680) at gsimpleasyncresult.c:650
#36 0x00007fffee615ea3 in g_idle_dispatch (source=0x7b78a0, callback=0x7fffef1b7e1a <complete_in_idle_cb_for_thread>, user_data=0x6b1680) at gmain.c:4065
#37 0x00007fffee611bee in g_main_dispatch (context=0x66e360) at gmain.c:1960
#38 0x00007fffee613367 in IA__g_main_context_dispatch (context=0x66e360) at gmain.c:2513
#39 0x00007fffee613928 in g_main_context_iterate (context=0x66e360, block=1, dispatch=1, self=0x63c0c0) at gmain.c:2591
#40 0x00007fffee613b69 in IA__g_main_context_iteration (context=0x66e360, may_block=1) at gmain.c:2654
#41 0x00000000004104b9 in runTest (testPathOrURL=...) at WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp:486
#42 0x00000000004109bd in main (argc=2, argv=0x7fffffffe028) at WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp:809

stderr message:

** (DumpRenderTree:10584): CRITICAL **: AtkObject* webkit_accessible_ref_child(AtkObject*, gint): assertion `static_cast<size_t>(index) < coreObject->children().size()' failed

** (DumpRenderTree:10584): CRITICAL **: atk_object_ref_accessible_child: assertion `ATK_IS_OBJECT (accessible)' failed
ASSERTION FAILED: m_element
(WebKitTools/DumpRenderTree/gtk/AccessibilityUIElementGtk.cpp:131 AccessibilityUIElement AccessibilityUIElement::parentElement())

After checking the objects with gdb in that situation apparently the iframe does not have children nodes.

Apparently all these tests have a similar problem, they do not crash though:

accessibility/nochildren-elements.html	stderr
accessibility/non-data-table-cell-title-ui-element.html	stderr
accessibility/table-notbody.html	stderr

The stderr in all these cases is:

** (DumpRenderTree:10586): CRITICAL **: AtkObject* webkit_accessible_ref_child(AtkObject*, gint): assertion `static_cast<size_t>(index) < coreObject->children().size()' failed
After checking the objects with gdb in that situation apparently the iframe does not have children nodes.
Comment 1 Alejandro G. Castro 2009-10-20 07:12:42 PDT
Bug duplicated.

*** This bug has been marked as a duplicate of bug 30123 ***