Bug 3408

Summary: Safari 2.0 crashes on an accesskey associated with a button
Product: WebKit Reporter: Joost de Valk (AlthA) <joost>
Component: FormsAssignee: Dave Hyatt <hyatt>
Status: VERIFIED FIXED    
Severity: Normal CC: andersca, speno
Priority: P1    
Version: 412   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
testcase
none
Improved testcase
none
Crash report
none
Fix darin: review+

Joost de Valk (AlthA)
Reported 2005-06-10 01:00:49 PDT
In the attached testcases, use the "n" accesskey and see a crash.
Attachments
testcase (656 bytes, text/html)
2005-06-10 01:03 PDT, Joost de Valk (AlthA) 		no flags
Details
Improved testcase (656 bytes, text/html)
2005-06-10 01:09 PDT, Joost de Valk (AlthA) 		no flags
Details
Crash report (22.19 KB, text/plain)
2005-06-10 01:37 PDT, Joost de Valk (AlthA) 		no flags
Details
Fix (881 bytes, patch)
2005-06-10 01:44 PDT, Anders Carlsson 		darin: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Joost de Valk (AlthA)
Comment 1 2005-06-10 01:03:26 PDT
Created attachment 2206 [details] testcase
Joost de Valk (AlthA)
Comment 2 2005-06-10 01:09:39 PDT
Created attachment 2207 [details] Improved testcase spell error Ctrl-n instead of Ctrl-h
Anders Carlsson
Comment 3 2005-06-10 01:28:46 PDT
The problem here is if (renderer() && (widget = static_cast<RenderWidget *>(renderer())->widget())) { since the renderer associated with a HTMLButtonElementImpl is a RenderBlock element (since button elements aren't widget elements. Thus widget becomes an invalid value and that's the reason for the crash.
Joost de Valk (AlthA)
Comment 4 2005-06-10 01:37:17 PDT
Created attachment 2208 [details] Crash report
Anders Carlsson
Comment 5 2005-06-10 01:44:08 PDT
Created attachment 2210 [details] Fix This fixes the segfault
Joost de Valk (AlthA)
Comment 6 2005-06-10 04:19:53 PDT
I can confirm that the patch works, the accesskey now enables the action on the button.
Chris Petersen
Comment 7 2005-06-10 15:46:59 PDT
*** Bug 3413 has been marked as a duplicate of this bug. ***
Chris Petersen
Comment 8 2005-06-10 16:32:06 PDT
Apple Bug: <rdar://problem/4117035>
Darin Adler
Comment 9 2005-06-16 09:41:08 PDT
Comment on attachment 2210 [details] Fix Good fix. It's very strange that this code, appropriate for <input type=button>, was put here inside the <button> element implementation. I prefer to completely eliminate the HTMLButtonElementImpl::click function, however, rather than simply removing its "guts". So ideally someone landing this would go that extra step.
Chris Petersen
Comment 10 2005-06-18 21:40:02 PDT
I can confirmed this has been fixed on TOT WebKit (checked out 6/18). Reporter, mark this bug as Verified after you have tested with the latest TOT Webkit.
Joost de Valk (AlthA)
Comment 11 2005-06-19 23:06:25 PDT
Tested with TOT and fix verified. Thx ppl :)
John Sullivan
Comment 12 2005-06-27 10:18:05 PDT
There was a Radar report of this as <rdar://problem/4117035>
Joost de Valk (AlthA)
Comment 13 2005-06-27 10:32:00 PDT
(In reply to comment #12) > There was a Radar report of this as <rdar://problem/4117035> ------- Additional Comment #8 From Chris Petersen 2005-06-10 16:32 PST [reply] ------- Apple Bug: <rdar://problem/4117035> doh :) if i'd have access i'd close it for you guys, but i guess you have to do that yourselves :)
Joost de Valk (AlthA)
Comment 14 2005-06-30 13:54:18 PDT
Reopening to put it on verified fixed. Closed fixed is the next state, it will reach this state when this bug gets fixed in a released version of Safari.
Note You need to log in before you can comment on or make changes to this bug.