Bug 46822

Summary: [GTK] editing/selection/selection-modify-crash.html crashes when run in Xvfb
Product: WebKit Reporter: Martin Robinson <mrobinson>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: cfleizach, mario
Priority: P3 Keywords: Gtk
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Patch for this issue cfleizach: review+

Description Martin Robinson 2010-09-29 10:46:30 PDT 
This is the crashing section of code:

AccessibilityObject* objectAndOffsetUnignored(AccessibilityObject* coreObject, int& offset, bool ignoreLinks)
{
    Node* endNode = static_cast<AccessibilityRenderObject*>(coreObject)->renderer()->node();
    int endOffset = coreObject->selection().end().computeOffsetInContainerNode();
    // Indication that something bogus has transpired.
    offset = -1;

    AccessibilityObject* realObject = coreObject;
    if (realObject->accessibilityIsIgnored())
        realObject = realObject->parentObjectUnignored();

    if (ignoreLinks && realObject->isLink()) <------- Guilty line
        realObject = realObject->parentObjectUnignored();

    [...]
}

The issue here is that parentObjectUnignored may return null, particularly in the case that the AccessibilityObject is a WebArea.
Comment 1 Martin Robinson 2010-09-29 10:50:56 PDT 
Created attachment 69218 [details]
Patch for this issue
Comment 2 chris fleizach 2010-09-29 10:53:59 PDT 
Comment on attachment 69218 [details]
Patch for this issue

r=me
Comment 3 Martin Robinson 2010-09-29 10:58:47 PDT 
Committed r68665: <http://trac.webkit.org/changeset/68665>