33717 – segfault in WebCore::AccessibilityTable::isTableExposableThroughAccessibility

Bug 33717 - segfault in WebCore::AccessibilityTable::isTableExposableThroughAccessibility

Summary: segfault in WebCore::AccessibilityTable::isTableExposableThroughAccessibility

Status:	UNCONFIRMED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKitGTK (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Linux

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-01-15 07:17 PST by Frederic Peters
Modified:	2017-03-11 10:45 PST (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Frederic Peters 2010-01-15 07:17:09 PST

This happened when connecting to an etherpad instance.

#0  0x0000000000000000 in ?? ()
No symbol table info available.
#1  0x00007f448cda374e in WebCore::AccessibilityTable::isTableExposableThroughAccessibility (
    this=<value optimized out>) at ../WebCore/accessibility/AccessibilityTable.cpp:161
        cell = 0x7f447693f9d8
        cellNode = <value optimized out>
        renderStyle = 0x7f446ece8cc0
        col = 0
        row = 1
        table = 0x7f4479b7bd68
        borderedCellCount = 0
        ariaRole = <value optimized out>
        tableNode = <value optimized out>
        numRows = 3
        tableStyle = <value optimized out>
        backgroundDifferenceCellCount = 0
        neededCellCount = <value optimized out>
        firstBody = 0x7f447693fca8
        numCols = 2
        validCellCount = 2
#2  0x00007f448cda3966 in AccessibilityTable (this=0x7f44747db750, renderer=<value optimized out>)
    at ../WebCore/accessibility/AccessibilityTable.cpp:57
No locals.
#3  0x00007f448cda39a1 in WebCore::AccessibilityTable::create (renderer=0x7f4479b7bd68)
    at ../WebCore/accessibility/AccessibilityTable.cpp:69
No locals.
#4  0x00007f448cd8aa30 in WebCore::AXObjectCache::getOrCreate (this=0x7f44762975a0, renderer=0x7f4479b7bd68)
    at ../WebCore/accessibility/AXObjectCache.cpp:160
        node = 0x7f44746f9000
        obj = <value optimized out>
#5  0x00007f448cda4ddd in WebCore::AccessibilityTableRow::isTableRow (this=0x7f447693f9d8)
    at ../WebCore/accessibility/AccessibilityTableRow.cpp:70
        table = <value optimized out>
#6  0x00007f448cda4dbd in WebCore::AccessibilityTableRow::roleValue (this=0x7f447693f9d8)
    at ../WebCore/accessibility/AccessibilityTableRow.cpp:62
No locals.
#7  0x00007f448cd9106c in WebCore::AccessibilityObject::actionVerb (this=0x7f44747f89b0)
    at ../WebCore/accessibility/AccessibilityObject.cpp:814
        buttonAction = @0x7f447af33698
        textFieldAction = @0x7f447af336c0
        radioButtonAction = @0x7f447af33678
        uncheckedCheckBoxAction = @0x7f447af33668
        linkAction = @0x7f447af33660
        checkedCheckBoxAction = @0x7f447af33670
        noAction = @0x7f447af33658
#8  0x00007f448d42f6ba in getInterfaceMaskFromObject (coreObject=0x7f447693f9d8)
    at ../WebCore/accessibility/gtk/AccessibilityObjectWrapperAtk.cpp:1601
        role = <value optimized out>
#9  getAccessibilityTypeFromObject (coreObject=0x7f447693f9d8)
    at ../WebCore/accessibility/gtk/AccessibilityObjectWrapperAtk.cpp:1660
        interfaceMask = <value optimized out>
#10 webkit_accessible_new (coreObject=0x7f447693f9d8)
    at ../WebCore/accessibility/gtk/AccessibilityObjectWrapperAtk.cpp:1681
        type = <value optimized out>
#11 0x00007f448d42ec81 in WebCore::AXObjectCache::attachWrapper (this=<value optimized out>, obj=0x7f44747f89b0)
    at ../WebCore/accessibility/gtk/AXObjectCacheAtk.cpp:35
No locals.
#12 0x00007f448cd8a70d in WebCore::AXObjectCache::getOrCreate (this=0x7f44762975a0, renderer=0x7f4479b7bf20)
    at ../WebCore/accessibility/AXObjectCache.cpp:185
        node = <value optimized out>
        obj = <value optimized out>
#13 0x00007f448cd8adc9 in WebCore::AXObjectCache::contentChanged (this=0x7f447693f9d8, renderer=0x2)
    at ../WebCore/accessibility/AXObjectCache.cpp:307
        object = <value optimized out>
#14 0x00007f448ceefe76 in WebCore::StyledElement::attributeChanged (this=0x7f446e377380, attr=0x7f446e372ae0, 
    preserveDecls=<value optimized out>) at ../WebCore/dom/StyledElement.cpp:204
        checkDecl = true
        entry = WebCore::eNone
        needToParse = true
#15 0x00007f448cebfae8 in WebCore::Element::setAttribute (this=0x7f446e377380, name=<value optimized out>, 
    value=...) at ../WebCore/dom/Element.cpp:564
        old = 0x7f446e372ae0
#16 0x00007f448cebff1e in WebCore::Element::setAttribute (this=0x7f447693f9d8, name=..., value=...)
    at ../WebCore/dom/Element.cpp:137
        ec = 32767
#17 0x00007f448d55cc0a in WebCore::setJSHTMLElementTitle (exec=<value optimized out>, 
    thisObject=<value optimized out>, value=<value optimized out>) at DerivedSources/JSHTMLElement.cpp:305
        imp = 0x7f446e377380
#18 0x00007f448d55d6c9 in lookupPut<WebCore::JSHTMLElement> (this=0x7f446e77b700, exec=0x7f4477510398, 
    propertyName=..., value=..., slot=...) at ../JavaScriptCore/runtime/Lookup.h:303
        entry = 0x7f447693f708
#19 lookupPut<WebCore::JSHTMLElement, WebCore::JSElement> (this=0x7f446e77b700, exec=0x7f4477510398, 
    propertyName=..., value=..., slot=...) at ../JavaScriptCore/runtime/Lookup.h:317
No locals.
#20 WebCore::JSHTMLElement::put (this=0x7f446e77b700, exec=0x7f4477510398, propertyName=..., value=..., slot=...)
    at DerivedSources/JSHTMLElement.cpp:293
No locals.
#21 0x00007f448d5b583a in lookupPut<WebCore::JSHTMLTableRowElement, WebCore::JSHTMLElement> (
    this=0x7f446e77b700, exec=0x7f4477510398, propertyName=..., value=<value optimized out>, slot=...)
    at ../JavaScriptCore/runtime/Lookup.h:318
No locals.
#22 WebCore::JSHTMLTableRowElement::put (this=0x7f446e77b700, exec=0x7f4477510398, propertyName=..., 
    value=<value optimized out>, slot=...) at DerivedSources/JSHTMLTableRowElement.cpp:237
No locals.
#23 0x00007f448cc741e6 in cti_op_put_by_val (args=<value optimized out>)
    at ../JavaScriptCore/jit/JITStubs.cpp:2010
        slot = {m_type = JSC::PutPropertySlot::Uncachable, m_base = 0x0, m_offset = 139931886941144}
        property = {_ustring = {m_rep = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x7f44773d7078}, 
            static nullUString = 0x7f447af330f8}}
        callFrame = 0x7f4477510398
        subscript = {m_ptr = 0x7f446e69f200}
        stackFrame = @0x7fff32df1890
        baseValue = {m_ptr = 0x7f446e77b700}
#24 0x00007f446de311d0 in ?? ()
No symbol table info available.
#25 0x0000000000000000 in ?? ()
No symbol table info available.

Comment 1 Chris Guillory 2010-09-13 15:26:51 PDT

Chromium windows issue with similar callstack.
http://code.google.com/p/chromium/issues/detail?id=55142

Comment 2 Chris Guillory 2010-09-13 22:15:16 PDT

Chris, this looks like a dup of
https://bugs.webkit.org/show_bug.cgi?id=42652

Comment 3 chris fleizach 2010-09-13 22:20:49 PDT

yea i'm 99% sure that's a dupe