Bug 25895 - [Gtk] Segfault when deleting the last/only character in an entry if a11y is enabled
Summary: [Gtk] Segfault when deleting the last/only character in an entry if a11y is e...
Status: VERIFIED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Accessibility (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords: Gtk
Depends on:
Blocks: 25531
  Show dependency treegraph
 
Reported: 2009-05-20 14:48 PDT by Joanmarie Diggs
Modified: 2009-07-27 14:32 PDT (History)
3 users (show)

See Also:


Attachments
backtrace (25.98 KB, application/octet-stream)
2009-06-09 15:57 PDT, Joanmarie Diggs
no flags Details
offsetincontainer.patch (2.67 KB, patch)
2009-06-15 07:02 PDT, Xan Lopez
zecke: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Joanmarie Diggs 2009-05-20 14:48:09 PDT
Steps to reproduce:

1. Launch GtkLauncher

2. In the Google search entry, type a character and then press Backspace.

Expected results: GtkLauncher would not segfault.

Actual results: GtkLauncher segfaults with this error:

~~~~
ASSERTION FAILED: anchorType() == PositionIsOffsetInAnchor
(./WebCore/dom/Position.h:85 int WebCore::Position::offsetInContainerNode() const)
~~~~

This only seems to occur when a11y is enabled.

I'm using rev. 43932 from svn trunk.
Comment 1 Xan Lopez 2009-06-09 07:55:36 PDT
I don't seem to be able to reproduce this now, can you?
Comment 2 Joanmarie Diggs 2009-06-09 14:42:28 PDT
(In reply to comment #1)
> I don't seem to be able to reproduce this now, can you?
> 
I'm afraid so. I just built the latest WebKit from trunk and the latest Epiphany from master.

* If a11y is enabled (log out and back in if it wasn't already enabled), all I have to do is navigate to Google type a letter in the search entry, and press Backspace. This is true both in GtkLauncher and Epiphany.

* If a11y is not enabled, the problem does not occur.

* This is true both with and without the patches for get_text_at_offset.
Comment 3 Xan Lopez 2009-06-09 14:49:24 PDT
Weird, I have a11y enabled (everything works OK under accerciser), but I get no crash. I don't have *session* a11y enabled, but I don't think that can make any difference? Could you paste a full backtrace?
Comment 4 Xan Lopez 2009-06-09 14:53:52 PDT
Well, since you seem to have session a11y and I don't I guess it does make a difference, heh. Wonder how that works.
Comment 5 Joanmarie Diggs 2009-06-09 14:57:16 PDT
(In reply to comment #4)
> Well, since you seem to have session a11y and I don't I guess it does make a
> difference, heh. Wonder how that works.
> 
Heh. Mid-air collision. :-) Does that mean you can repro it now? If not, I'll get a trace in a little while.
Comment 6 Xan Lopez 2009-06-09 14:59:35 PDT
(In reply to comment #5)
> (In reply to comment #4)
> > Well, since you seem to have session a11y and I don't I guess it does make a
> > difference, heh. Wonder how that works.
> > 
> Heh. Mid-air collision. :-) Does that mean you can repro it now? If not, I'll
> get a trace in a little while.
> 

No, haven't tried with session a11y, but I believe that it crashes :)

If you can provide a trace that would be useful yeah, thanks! /me goes to bed now
Comment 7 Joanmarie Diggs 2009-06-09 15:57:13 PDT
Created attachment 31110 [details]
backtrace

Here you go. Thanks!
Comment 8 Xan Lopez 2009-06-15 06:42:31 PDT
For the record, I wasn't seeing this because it's crashing in an ASSERT, so it only happens in debug builds. It seems to work fine in release builds. And yes, you need a11y, but not session-wide, just for the app will do.
Comment 9 Xan Lopez 2009-06-15 07:02:41 PDT
Created attachment 31289 [details]
offsetincontainer.patch

Fix for the crasher.
Comment 10 Holger Freyther 2009-06-15 07:14:54 PDT
Comment on attachment 31289 [details]
offsetincontainer.patch

looks sensible.
Comment 11 Xan Lopez 2009-06-15 07:17:48 PDT
Landed as r44683, closing the bug.
Comment 12 Joanmarie Diggs 2009-07-27 14:32:29 PDT
Verifying. Thanks!