Bug 27097 - [Gtk] Segfault when examining an object of ROLE_TABLE via at-spi
Summary: [Gtk] Segfault when examining an object of ROLE_TABLE via at-spi
Status: VERIFIED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Accessibility (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Linux
: P2 Major
Assignee: Nobody
URL:
Keywords: Gtk
Depends on:
Blocks: 25531
  Show dependency treegraph
 
Reported: 2009-07-08 15:42 PDT by Joanmarie Diggs
Modified: 2009-07-27 18:34 PDT (History)
3 users (show)

See Also:

Attachments
Screenshot of Epiphany + Accerciser (145.67 KB, image/png)
2009-07-08 15:42 PDT, Joanmarie Diggs 		no flags Details
fixcrash.patch (2.43 KB, patch)
2009-07-20 04:42 PDT, Xan Lopez 		gustavo: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Joanmarie Diggs 2009-07-08 15:42:29 PDT 
Created attachment 32479 [details]
Screenshot of Epiphany + Accerciser

Steps to reproduce:

1. Launch Epiphany and Accerciser.

2. Perform a search in Google (e.g. 'webkit').

3. In the search results page there should be an accessible of ROLE_TABLE. Locate it in the hierarchy in the tree of Accessibles (see attached screenshot).

4. Attempt to expand the accessible of ROLE_TABLE to see its children.

Expected results: Epiphany wouldn't segfault

Actual results: Epiphany segfaults (see below).

I am using the current Epiphany and the current WebKit each from git and can reproduce this problem reliably.

~~~~~~
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7380760 (LWP 18812)]
0x0174c290 in webkit_accessible_get_role () from /usr/lib/libwebkit-1.0.so.2
Current language:  auto; currently asm
(gdb) thread apply all bt

Thread 1 (Thread 0xb7380760 (LWP 18812)):
#0  0x0174c290 in webkit_accessible_get_role ()
   from /usr/lib/libwebkit-1.0.so.2
#1  0x0011b26b in atk_object_get_role () from /usr/lib/libatk-1.0.so.0
#2  0x05b952d6 in impl_accessibility_accessible_get_role_name (
    servant=0xa3e41c4, ev=0xbf8dcb4c) at accessible.c:415
#3  0x05b918c6 in _ORBIT_skel_small_Accessibility_Accessible_getRoleName (
    _o_servant=0xa3e41c4, _o_retval=0xbf8dc9a0, _o_args=0x0, 
    _o_ctx=0xbf8dca38, _o_ev=0xbf8dcb4c, 
    _impl_getRoleName=0x5b952b0 <impl_accessibility_accessible_get_role_name>)
    at Accessibility-common.c:136
#4  0x006ec537 in ?? () from /usr/lib/libORBit-2.so.0
#5  0x006f2b45 in ORBit_OAObject_invoke () from /usr/lib/libORBit-2.so.0
#6  0x006dee63 in ORBit_small_invoke_adaptor () from /usr/lib/libORBit-2.so.0
#7  0x006f0649 in ?? () from /usr/lib/libORBit-2.so.0
#8  0x006f0d22 in ?? () from /usr/lib/libORBit-2.so.0
#9  0x006f0ed9 in ?? () from /usr/lib/libORBit-2.so.0
#10 0x006f2f92 in ORBit_handle_request () from /usr/lib/libORBit-2.so.0
#11 0x006db155 in giop_connection_handle_input () from /usr/lib/libORBit-2.so.0
#12 0x006fa743 in ?? () from /usr/lib/libORBit-2.so.0
#13 0x006fd016 in ?? () from /usr/lib/libORBit-2.so.0
#14 0x005dabc8 in IA__g_main_context_dispatch (context=0x9d2d688)
    at /build/buildd/glib2.0-2.21.3/glib/gmain.c:1960
#15 0x005de470 in g_main_context_iterate (context=0x9d2d688, 
    block=<value optimized out>, dispatch=1, self=0x9cfb470)
    at /build/buildd/glib2.0-2.21.3/glib/gmain.c:2591
#16 0x005de8df in IA__g_main_loop_run (loop=0x9d72d20)
    at /build/buildd/glib2.0-2.21.3/glib/gmain.c:2799
#17 0x066f2619 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#18 0x0806f02f in main (argc=1, argv=0xbf8ddf84) at ephy-main.c:781
Comment 1 Xan Lopez 2009-07-20 04:42:09 PDT 
Created attachment 33079 [details]
fixcrash.patch

Fix the crash.
Comment 2 Xan Lopez 2009-07-20 06:47:51 PDT 
Landed as r46125.
Comment 3 Joanmarie Diggs 2009-07-27 18:34:26 PDT 
Verifying. Thanks!