Bug 27097 - [Gtk] Segfault when examining an object of ROLE_TABLE via at-spi
Summary: [Gtk] Segfault when examining an object of ROLE_TABLE via at-spi
Status: VERIFIED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Accessibility (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Linux
: P2 Major
Assignee: Nobody
URL:
Keywords: Gtk
Depends on:
Blocks: 25531
  Show dependency treegraph
 
Reported: 2009-07-08 15:42 PDT by Joanmarie Diggs (irc: joanie)
Modified: 2009-07-27 18:34 PDT (History)
3 users (show)

See Also:


Attachments
Screenshot of Epiphany + Accerciser (145.67 KB, image/png)
2009-07-08 15:42 PDT, Joanmarie Diggs (irc: joanie)
no flags Details
fixcrash.patch (2.43 KB, patch)
2009-07-20 04:42 PDT, Xan Lopez
gns: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Joanmarie Diggs (irc: joanie) 2009-07-08 15:42:29 PDT
Created attachment 32479 [details]
Screenshot of Epiphany + Accerciser

Steps to reproduce:

1. Launch Epiphany and Accerciser.

2. Perform a search in Google (e.g. 'webkit').

3. In the search results page there should be an accessible of ROLE_TABLE. Locate it in the hierarchy in the tree of Accessibles (see attached screenshot).

4. Attempt to expand the accessible of ROLE_TABLE to see its children.

Expected results: Epiphany wouldn't segfault

Actual results: Epiphany segfaults (see below).

I am using the current Epiphany and the current WebKit each from git and can reproduce this problem reliably.

~~~~~~
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7380760 (LWP 18812)]
0x0174c290 in webkit_accessible_get_role () from /usr/lib/libwebkit-1.0.so.2
Current language:  auto; currently asm
(gdb) thread apply all bt

Thread 1 (Thread 0xb7380760 (LWP 18812)):
#0  0x0174c290 in webkit_accessible_get_role ()
   from /usr/lib/libwebkit-1.0.so.2
#1  0x0011b26b in atk_object_get_role () from /usr/lib/libatk-1.0.so.0
#2  0x05b952d6 in impl_accessibility_accessible_get_role_name (
    servant=0xa3e41c4, ev=0xbf8dcb4c) at accessible.c:415
#3  0x05b918c6 in _ORBIT_skel_small_Accessibility_Accessible_getRoleName (
    _o_servant=0xa3e41c4, _o_retval=0xbf8dc9a0, _o_args=0x0, 
    _o_ctx=0xbf8dca38, _o_ev=0xbf8dcb4c, 
    _impl_getRoleName=0x5b952b0 <impl_accessibility_accessible_get_role_name>)
    at Accessibility-common.c:136
#4  0x006ec537 in ?? () from /usr/lib/libORBit-2.so.0
#5  0x006f2b45 in ORBit_OAObject_invoke () from /usr/lib/libORBit-2.so.0
#6  0x006dee63 in ORBit_small_invoke_adaptor () from /usr/lib/libORBit-2.so.0
#7  0x006f0649 in ?? () from /usr/lib/libORBit-2.so.0
#8  0x006f0d22 in ?? () from /usr/lib/libORBit-2.so.0
#9  0x006f0ed9 in ?? () from /usr/lib/libORBit-2.so.0
#10 0x006f2f92 in ORBit_handle_request () from /usr/lib/libORBit-2.so.0
#11 0x006db155 in giop_connection_handle_input () from /usr/lib/libORBit-2.so.0
#12 0x006fa743 in ?? () from /usr/lib/libORBit-2.so.0
#13 0x006fd016 in ?? () from /usr/lib/libORBit-2.so.0
#14 0x005dabc8 in IA__g_main_context_dispatch (context=0x9d2d688)
    at /build/buildd/glib2.0-2.21.3/glib/gmain.c:1960
#15 0x005de470 in g_main_context_iterate (context=0x9d2d688, 
    block=<value optimized out>, dispatch=1, self=0x9cfb470)
    at /build/buildd/glib2.0-2.21.3/glib/gmain.c:2591
#16 0x005de8df in IA__g_main_loop_run (loop=0x9d72d20)
    at /build/buildd/glib2.0-2.21.3/glib/gmain.c:2799
#17 0x066f2619 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#18 0x0806f02f in main (argc=1, argv=0xbf8ddf84) at ephy-main.c:781
Comment 1 Xan Lopez 2009-07-20 04:42:09 PDT
Created attachment 33079 [details]
fixcrash.patch

Fix the crash.
Comment 2 Xan Lopez 2009-07-20 06:47:51 PDT
Landed as r46125.
Comment 3 Joanmarie Diggs (irc: joanie) 2009-07-27 18:34:26 PDT
Verifying. Thanks!