RESOLVED FIXED 164331
AX: [ATK] Attempting to clear selection on ARIA listboxes results in crash 
https://bugs.webkit.org/show_bug.cgi?id=164331
Summary AX: [ATK] Attempting to clear selection on ARIA listboxes results in crash
Joanmarie Diggs
Reported 2016-11-02 12:22:19 PDT
The ATK code is using is<AccessibilityListBox>() to identify native listboxes. But is<AccessibilityListBox>() returns the value of isListBox() which returns true both for AccessibilityListBox instances as well as for AccessibilityObject instances which have an AccessibilityRole value of ListBoxRole. #0 0x00007f3617f3aab1 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:323 #1 0x00007f3617f3aac2 in WTFCrashWithSecurityImplication () at ../../Source/WTF/wtf/Assertions.cpp:343 #2 0x00007f361ec388a0 in WTF::downcast<WebCore::HTMLSelectElement, WebCore::Node> (source=...) at ../../Source/WTF/wtf/TypeCasts.h:81 #3 0x00007f361ec37ef4 in (anonymous namespace)::AccessibilityListBox::canSetSelectedChildrenAttribute (this=0x7f3591df00c0) at ../../Source/WebCore/accessibility/AccessibilityListBox.cpp:64 #4 0x00007f361ec3801c in (anonymous namespace)::AccessibilityListBox::setSelectedChildren (this=0x7f3591df00c0, children=...) at ../../Source/WebCore/accessibility/AccessibilityListBox.cpp:86 #5 0x00007f36200fea9f in webkitAccessibleSelectionClearSelection (selection=0xfdb340) at ../../Source/WebCore/accessibility/atk/WebKitAccessibleInterfaceSelection.cpp:156 #6 0x00007f3603e5c908 in impl_ClearSelection () at /home/jd/checkout/WebKitGtk/WebKitBuild/DependenciesGTK/Source/at-spi2-atk-2.15.4/atk-adaptor/adaptors/selection-adaptor.c:185 #7 0x00007f3603e558c8 in handle_other () at /home/jd/checkout/WebKitGtk/WebKitBuild/DependenciesGTK/Source/at-spi2-atk-2.15.4/droute/droute.c:553 #8 handle_message () at /home/jd/checkout/WebKitGtk/WebKitBuild/DependenciesGTK/Source/at-spi2-atk-2.15.4/droute/droute.c:600 #9 0x00007f3602355a33 in _dbus_object_tree_dispatch_and_unlock () from /lib64/libdbus-1.so.3 #10 0x00007f36023470a4 in dbus_connection_dispatch () from /lib64/libdbus-1.so.3 #11 0x00007f3600f8bef5 in message_queue_dispatch () at /home/jd/checkout/WebKitGtk/WebKitBuild/DependenciesGTK/Source/at-spi2-core-2.15.4/atspi/atspi-gmain.c:89 #12 0x00007f360f7ea777 in g_main_dispatch () at /home/jd/checkout/WebKitGtk/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3122 #13 g_main_context_dispatch () at /home/jd/checkout/WebKitGtk/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3737 #14 0x00007f360f7ea9a8 in g_main_context_iterate () at /home/jd/checkout/WebKitGtk/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3808 #15 0x00007f360f7eacc2 in g_main_loop_run () at /home/jd/checkout/WebKitGtk/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:4002 #16 0x00007f3617fa01ea in WTF::RunLoop::run () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:94 #17 0x00007f361e844680 in (anonymous namespace)::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7ffcc03eebe8) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #18 0x00007f361e84452e in (anonymous namespace)::WebProcessMainUnix (argc=2, argv=0x7ffcc03eebe8) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:69 #19 0x0000000000400c3a in main (argc=2, argv=0x7ffcc03eebe8) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44
Attachments
Patch (19.94 KB, patch)
2016-11-02 12:50 PDT, Joanmarie Diggs 		no flags
DetailsFormatted DiffDiff
Patch (18.79 KB, patch)
2016-11-03 02:06 PDT, Joanmarie Diggs 		no flags
DetailsFormatted DiffDiff
Patch (17.64 KB, patch)
2016-11-04 05:56 PDT, Joanmarie Diggs 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2016-11-02 12:22:44 PDT
<rdar://problem/29072422>
Joanmarie Diggs
Comment 2 2016-11-02 12:50:12 PDT
Created attachment 293687 [details] Patch
Joanmarie Diggs
Comment 3 2016-11-03 02:06:46 PDT
Created attachment 293756 [details] Patch
chris fleizach
Comment 4 2016-11-03 11:09:26 PDT
(In reply to comment #3) > Created attachment 293756 [details] > Patch did this land already? do you need another review
Joanmarie Diggs
Comment 5 2016-11-03 11:45:44 PDT
(In reply to comment #4) > (In reply to comment #3) > > Created attachment 293756 [details] > > Patch > > did this land already? do you need another review It hasn't landed already. My first patch broke the build for both ios-simulator and win. I believe this one is good, and I confirmed the ios-simulator failure and fix locally. But I was hoping EWS would confirm I'm not about to break anyone's port before landing it. :)
Joanmarie Diggs
Comment 6 2016-11-04 05:56:00 PDT
Created attachment 293880 [details] Patch
Joanmarie Diggs
Comment 7 2016-11-04 06:55:30 PDT
Comment on attachment 293880 [details] Patch Bots are all green. Third time is charm. (2nd time failed due to conflicts after r208338.)
WebKit Commit Bot
Comment 8 2016-11-04 09:51:12 PDT
Comment on attachment 293880 [details] Patch Clearing flags on attachment: 293880 Committed r208384: <http://trac.webkit.org/changeset/208384>
WebKit Commit Bot
Comment 9 2016-11-04 09:51:16 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.