Bug 311427
| Summary: | AX: Opendeck crashes webkitgtk with Orca running | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Mike Gorse <mgorse> |
| Component: | Accessibility | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | andresg_22, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | All | ||
| OS: | All | ||
Mike Gorse
With the latest code from the webkitglib/2.52 branch, starting opendeck and pressing tab + shift tab a few times gives this crash:
(gdb) bt full
#0 WTFCrash () at ../../../Source/WTF/wtf/Assertions.cpp:380
#1 0x00007f942eeae77e in WTF::CrashOnOverflow::crash () at WTF/Headers/wtf/CheckedArithmetic.h:110
#2 0x00007f942eeae769 in WTF::CrashOnOverflow::overflowed () at WTF/Headers/wtf/CheckedArithmetic.h:103
#3 0x00007f94349e5c78 in WTF::Vector<unsigned int, 128ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::at (this=0x7ffd4ad67140, i=119) at WTF/Headers/wtf/Vector.h:746
#4 0x00007f94349e5191 in WTF::Vector<unsigned int, 128ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::operator[] (this=0x7ffd4ad67140, i=119) at WTF/Headers/wtf/Vector.h:751
#5 0x00007f94349dd6b5 in WebCore::UTF16OffsetToUTF8 (mapping=WTF::Vector of length 10, capacity 128 = {...}, offset=119) at ../../../Source/WebCore/accessibility/atspi/AccessibilityObjectTextAtspi.cpp:257
#6 0x00007f94349dedfd in WebCore::AccessibilityObjectAtspi::textAtOffset
(this=0x7f941885aa00, offset=1, granularity=WebCore::AccessibilityObjectAtspi::TextGranularity::LineStart, startOffset=@0x7ffd4ad675d4: 0, endOffset=@0x7ffd4ad675d0: 0)
at ../../../Source/WebCore/accessibility/atspi/AccessibilityObjectTextAtspi.cpp:482
mapping = WTF::Vector of length 10, capacity 128 = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9}
utf16Offset = 1
boundaryOffset = {m_x = 119, m_y = 120}
utf16Text = Python Exception <class 'TypeError'>: can't concat str to bytes
utf8Text = Python Exception <class 'ValueError'>: chr() arg not in range(0x110000)
length = 9
substring = std::unique_ptr<char> = {get() = 0x0}
#7 0x00007f94349dbd0c in operator() (__closure=0x0, methodName=0x7b4a620 "GetStringAtOffset", parameters=0x7864dd0, invocation=0x7c94900, userData=0x7f941885aa00)
at ../../../Source/WebCore/accessibility/atspi/AccessibilityObjectTextAtspi.cpp:96
end = 0
offset = 1
granularityType = 3
start = 0
text = Python Exception <class 'ValueError'>: chr() arg not in range(0x110000)
atspiObject = {static isRef = <optimized out>, m_ptr = 0x7f941885aa00}
I think that offset values are being calculated incorrectly for the given text, eventually leading to an out-of-range vector look-up.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/174025357>
Mike Gorse
I just updated opendeck to 2.11.0, which has several accessibility improvements, and now I am no longer to reproduce the crash that I was seeing before. I'll need to track this down better.
Mike Gorse
Actually, looking at this more, I do still encounter the crash using 2.11.0. If I press tab a few times, then focusing the control past "search actions" triggers it. Sorry for the noise.