NEW311427
AX: Opendeck crashes webkitgtk with Orca running 
https://bugs.webkit.org/show_bug.cgi?id=311427
Summary AX: Opendeck crashes webkitgtk with Orca running
Mike Gorse
Reported 2026-04-03 10:56:56 PDT
With the latest code from the webkitglib/2.52 branch, starting opendeck and pressing tab + shift tab a few times gives this crash: (gdb) bt full #0 WTFCrash () at ../../../Source/WTF/wtf/Assertions.cpp:380 #1 0x00007f942eeae77e in WTF::CrashOnOverflow::crash () at WTF/Headers/wtf/CheckedArithmetic.h:110 #2 0x00007f942eeae769 in WTF::CrashOnOverflow::overflowed () at WTF/Headers/wtf/CheckedArithmetic.h:103 #3 0x00007f94349e5c78 in WTF::Vector<unsigned int, 128ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::at (this=0x7ffd4ad67140, i=119) at WTF/Headers/wtf/Vector.h:746 #4 0x00007f94349e5191 in WTF::Vector<unsigned int, 128ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::operator[] (this=0x7ffd4ad67140, i=119) at WTF/Headers/wtf/Vector.h:751 #5 0x00007f94349dd6b5 in WebCore::UTF16OffsetToUTF8 (mapping=WTF::Vector of length 10, capacity 128 = {...}, offset=119) at ../../../Source/WebCore/accessibility/atspi/AccessibilityObjectTextAtspi.cpp:257 #6 0x00007f94349dedfd in WebCore::AccessibilityObjectAtspi::textAtOffset (this=0x7f941885aa00, offset=1, granularity=WebCore::AccessibilityObjectAtspi::TextGranularity::LineStart, startOffset=@0x7ffd4ad675d4: 0, endOffset=@0x7ffd4ad675d0: 0) at ../../../Source/WebCore/accessibility/atspi/AccessibilityObjectTextAtspi.cpp:482 mapping = WTF::Vector of length 10, capacity 128 = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9} utf16Offset = 1 boundaryOffset = {m_x = 119, m_y = 120} utf16Text = Python Exception <class 'TypeError'>: can't concat str to bytes utf8Text = Python Exception <class 'ValueError'>: chr() arg not in range(0x110000) length = 9 substring = std::unique_ptr<char> = {get() = 0x0} #7 0x00007f94349dbd0c in operator() (__closure=0x0, methodName=0x7b4a620 "GetStringAtOffset", parameters=0x7864dd0, invocation=0x7c94900, userData=0x7f941885aa00) at ../../../Source/WebCore/accessibility/atspi/AccessibilityObjectTextAtspi.cpp:96 end = 0 offset = 1 granularityType = 3 start = 0 text = Python Exception <class 'ValueError'>: chr() arg not in range(0x110000) atspiObject = {static isRef = <optimized out>, m_ptr = 0x7f941885aa00} I think that offset values are being calculated incorrectly for the given text, eventually leading to an out-of-range vector look-up.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2026-04-03 10:57:02 PDT
<rdar://problem/174025357>
Mike Gorse
Comment 2 2026-04-06 01:56:14 PDT
I just updated opendeck to 2.11.0, which has several accessibility improvements, and now I am no longer to reproduce the crash that I was seeing before. I'll need to track this down better.
Mike Gorse
Comment 3 2026-04-06 02:08:11 PDT
Actually, looking at this more, I do still encounter the crash using 2.11.0. If I press tab a few times, then focusing the control past "search actions" triggers it. Sorry for the noise.
Note You need to log in before you can comment on or make changes to this bug.