Bug 25895 - [Gtk] Segfault when deleting the last/only character in an entry if a11y is enabled
: [Gtk] Segfault when deleting the last/only character in an entry if a11y is e...
Status: VERIFIED FIXED
: WebKit
Accessibility
: 528+ (Nightly build)
: PC Linux
: P2 Normal
Assigned To:
:
: Gtk
:
: 25531
  Show dependency treegraph
 
Reported: 2009-05-20 14:48 PST by
Modified: 2009-07-27 14:32 PST (History)


Attachments
backtrace (25.98 KB, application/octet-stream)
2009-06-09 15:57 PST, Joanmarie Diggs (irc: joanie)
no flags Details
offsetincontainer.patch (2.67 KB, patch)
2009-06-15 07:02 PST, Xan Lopez
zecke: review+
Review Patch | Details | Formatted Diff | Diff


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2009-05-20 14:48:09 PST
Steps to reproduce:

1. Launch GtkLauncher

2. In the Google search entry, type a character and then press Backspace.

Expected results: GtkLauncher would not segfault.

Actual results: GtkLauncher segfaults with this error:

~~~~
ASSERTION FAILED: anchorType() == PositionIsOffsetInAnchor
(./WebCore/dom/Position.h:85 int WebCore::Position::offsetInContainerNode() const)
~~~~

This only seems to occur when a11y is enabled.

I'm using rev. 43932 from svn trunk.
------- Comment #1 From 2009-06-09 07:55:36 PST -------
I don't seem to be able to reproduce this now, can you?
------- Comment #2 From 2009-06-09 14:42:28 PST -------
(In reply to comment #1)
> I don't seem to be able to reproduce this now, can you?
> 
I'm afraid so. I just built the latest WebKit from trunk and the latest Epiphany from master.

* If a11y is enabled (log out and back in if it wasn't already enabled), all I have to do is navigate to Google type a letter in the search entry, and press Backspace. This is true both in GtkLauncher and Epiphany.

* If a11y is not enabled, the problem does not occur.

* This is true both with and without the patches for get_text_at_offset.
------- Comment #3 From 2009-06-09 14:49:24 PST -------
Weird, I have a11y enabled (everything works OK under accerciser), but I get no crash. I don't have *session* a11y enabled, but I don't think that can make any difference? Could you paste a full backtrace?
------- Comment #4 From 2009-06-09 14:53:52 PST -------
Well, since you seem to have session a11y and I don't I guess it does make a difference, heh. Wonder how that works.
------- Comment #5 From 2009-06-09 14:57:16 PST -------
(In reply to comment #4)
> Well, since you seem to have session a11y and I don't I guess it does make a
> difference, heh. Wonder how that works.
> 
Heh. Mid-air collision. :-) Does that mean you can repro it now? If not, I'll get a trace in a little while.
------- Comment #6 From 2009-06-09 14:59:35 PST -------
(In reply to comment #5)
> (In reply to comment #4)
> > Well, since you seem to have session a11y and I don't I guess it does make a
> > difference, heh. Wonder how that works.
> > 
> Heh. Mid-air collision. :-) Does that mean you can repro it now? If not, I'll
> get a trace in a little while.
> 

No, haven't tried with session a11y, but I believe that it crashes :)

If you can provide a trace that would be useful yeah, thanks! /me goes to bed now
------- Comment #7 From 2009-06-09 15:57:13 PST -------
Created an attachment (id=31110) [details]
backtrace

Here you go. Thanks!
------- Comment #8 From 2009-06-15 06:42:31 PST -------
For the record, I wasn't seeing this because it's crashing in an ASSERT, so it only happens in debug builds. It seems to work fine in release builds. And yes, you need a11y, but not session-wide, just for the app will do.
------- Comment #9 From 2009-06-15 07:02:41 PST -------
Created an attachment (id=31289) [details]
offsetincontainer.patch

Fix for the crasher.
------- Comment #10 From 2009-06-15 07:14:54 PST -------
(From update of attachment 31289 [details])
looks sensible.
------- Comment #11 From 2009-06-15 07:17:48 PST -------
Landed as r44683, closing the bug.
------- Comment #12 From 2009-07-27 14:32:29 PST -------
Verifying. Thanks!