Bug 3408

Summary: Safari 2.0 crashes on an accesskey associated with a button
Product: WebKit Reporter: Joost de Valk (AlthA) <joost>
Component: FormsAssignee: Dave Hyatt <hyatt>
Severity: Normal CC: andersca, speno
Priority: P1    
Version: 412   
Hardware: Mac   
OS: OS X 10.4   
Description Flags
Improved testcase
Crash report
Fix darin: review+

Description Joost de Valk (AlthA) 2005-06-10 01:00:49 PDT
In the attached testcases, use the "n" accesskey and see a crash.
Comment 1 Joost de Valk (AlthA) 2005-06-10 01:03:26 PDT
Created attachment 2206 [details]
Comment 2 Joost de Valk (AlthA) 2005-06-10 01:09:39 PDT
Created attachment 2207 [details]
Improved testcase

spell error Ctrl-n instead of Ctrl-h
Comment 3 Anders Carlsson 2005-06-10 01:28:46 PDT
The problem here is 

if (renderer() && (widget = static_cast<RenderWidget *>(renderer())->widget())) {

since the renderer associated with a HTMLButtonElementImpl is a RenderBlock element (since button 
elements aren't widget elements. Thus widget becomes an invalid value and that's the reason for the 
Comment 4 Joost de Valk (AlthA) 2005-06-10 01:37:17 PDT
Created attachment 2208 [details]
Crash report
Comment 5 Anders Carlsson 2005-06-10 01:44:08 PDT
Created attachment 2210 [details]

This fixes the segfault
Comment 6 Joost de Valk (AlthA) 2005-06-10 04:19:53 PDT
I can confirm that the patch works, the accesskey now enables the action on the button.
Comment 7 Chris Petersen 2005-06-10 15:46:59 PDT
*** Bug 3413 has been marked as a duplicate of this bug. ***
Comment 8 Chris Petersen 2005-06-10 16:32:06 PDT
Apple Bug: <rdar://problem/4117035>
Comment 9 Darin Adler 2005-06-16 09:41:08 PDT
Comment on attachment 2210 [details]

Good fix. It's very strange that this code, appropriate for <input
type=button>, was put here inside the <button> element implementation.

I prefer to completely eliminate the HTMLButtonElementImpl::click function,
however, rather than simply removing its "guts". So ideally someone landing
this would go that extra step.
Comment 10 Chris Petersen 2005-06-18 21:40:02 PDT
I can confirmed this has been fixed on TOT WebKit (checked out 6/18). Reporter, mark this bug as Verified 
after you have tested with the latest TOT Webkit.
Comment 11 Joost de Valk (AlthA) 2005-06-19 23:06:25 PDT
Tested with TOT and fix verified. Thx ppl :)
Comment 12 John Sullivan 2005-06-27 10:18:05 PDT
There was a Radar report of this as <rdar://problem/4117035>
Comment 13 Joost de Valk (AlthA) 2005-06-27 10:32:00 PDT
(In reply to comment #12)
> There was a Radar report of this as <rdar://problem/4117035>

------- Additional Comment #8 From Chris Petersen 2005-06-10 16:32 PST [reply] -------
Apple Bug: <rdar://problem/4117035>

doh :) if i'd have access i'd close it for you guys, but i guess you have to do that yourselves :)
Comment 14 Joost de Valk (AlthA) 2005-06-30 13:54:18 PDT
Reopening to put it on verified fixed. Closed fixed is the next state, it will reach this state when this bug 
gets fixed in a released version of Safari.