VERIFIED FIXED 25895
[Gtk] Segfault when deleting the last/only character in an entry if a11y is enabled 
https://bugs.webkit.org/show_bug.cgi?id=25895
Summary [Gtk] Segfault when deleting the last/only character in an entry if a11y is e...
Joanmarie Diggs
Reported 2009-05-20 14:48:09 PDT
Steps to reproduce: 1. Launch GtkLauncher 2. In the Google search entry, type a character and then press Backspace. Expected results: GtkLauncher would not segfault. Actual results: GtkLauncher segfaults with this error: ~~~~ ASSERTION FAILED: anchorType() == PositionIsOffsetInAnchor (./WebCore/dom/Position.h:85 int WebCore::Position::offsetInContainerNode() const) ~~~~ This only seems to occur when a11y is enabled. I'm using rev. 43932 from svn trunk.
Attachments
backtrace (25.98 KB, application/octet-stream)
2009-06-09 15:57 PDT, Joanmarie Diggs 		no flags
Details
offsetincontainer.patch (2.67 KB, patch)
2009-06-15 07:02 PDT, Xan Lopez 		zecke: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Xan Lopez
Comment 1 2009-06-09 07:55:36 PDT
I don't seem to be able to reproduce this now, can you?
Joanmarie Diggs
Comment 2 2009-06-09 14:42:28 PDT
(In reply to comment #1) > I don't seem to be able to reproduce this now, can you? > I'm afraid so. I just built the latest WebKit from trunk and the latest Epiphany from master. * If a11y is enabled (log out and back in if it wasn't already enabled), all I have to do is navigate to Google type a letter in the search entry, and press Backspace. This is true both in GtkLauncher and Epiphany. * If a11y is not enabled, the problem does not occur. * This is true both with and without the patches for get_text_at_offset.
Xan Lopez
Comment 3 2009-06-09 14:49:24 PDT
Weird, I have a11y enabled (everything works OK under accerciser), but I get no crash. I don't have *session* a11y enabled, but I don't think that can make any difference? Could you paste a full backtrace?
Xan Lopez
Comment 4 2009-06-09 14:53:52 PDT
Well, since you seem to have session a11y and I don't I guess it does make a difference, heh. Wonder how that works.
Joanmarie Diggs
Comment 5 2009-06-09 14:57:16 PDT
(In reply to comment #4) > Well, since you seem to have session a11y and I don't I guess it does make a > difference, heh. Wonder how that works. > Heh. Mid-air collision. :-) Does that mean you can repro it now? If not, I'll get a trace in a little while.
Xan Lopez
Comment 6 2009-06-09 14:59:35 PDT
(In reply to comment #5) > (In reply to comment #4) > > Well, since you seem to have session a11y and I don't I guess it does make a > > difference, heh. Wonder how that works. > > > Heh. Mid-air collision. :-) Does that mean you can repro it now? If not, I'll > get a trace in a little while. > No, haven't tried with session a11y, but I believe that it crashes :) If you can provide a trace that would be useful yeah, thanks! /me goes to bed now
Joanmarie Diggs
Comment 7 2009-06-09 15:57:13 PDT
Created attachment 31110 [details] backtrace Here you go. Thanks!
Xan Lopez
Comment 8 2009-06-15 06:42:31 PDT
For the record, I wasn't seeing this because it's crashing in an ASSERT, so it only happens in debug builds. It seems to work fine in release builds. And yes, you need a11y, but not session-wide, just for the app will do.
Xan Lopez
Comment 9 2009-06-15 07:02:41 PDT
Created attachment 31289 [details] offsetincontainer.patch Fix for the crasher.
Holger Freyther
Comment 10 2009-06-15 07:14:54 PDT
Comment on attachment 31289 [details] offsetincontainer.patch looks sensible.
Xan Lopez
Comment 11 2009-06-15 07:17:48 PDT
Landed as r44683, closing the bug.
Joanmarie Diggs
Comment 12 2009-07-27 14:32:29 PDT
Verifying. Thanks!
Note You need to log in before you can comment on or make changes to this bug.