Bug 3408 - Safari 2.0 crashes on an accesskey associated with a button
Summary: Safari 2.0 crashes on an accesskey associated with a button
Status: VERIFIED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Forms (show other bugs)
Version: 412
Hardware: Mac OS X 10.4
: P1 Normal
Assignee: Dave Hyatt
URL:
Keywords:
: 3413 (view as bug list)
Depends on:
Blocks:
 
Reported: 2005-06-10 01:00 PDT by Joost de Valk (AlthA)
Modified: 2005-07-03 07:42 PDT (History)
2 users (show)

See Also:


Attachments
testcase (656 bytes, text/html)
2005-06-10 01:03 PDT, Joost de Valk (AlthA)
no flags Details
Improved testcase (656 bytes, text/html)
2005-06-10 01:09 PDT, Joost de Valk (AlthA)
no flags Details
Crash report (22.19 KB, text/plain)
2005-06-10 01:37 PDT, Joost de Valk (AlthA)
no flags Details
Fix (881 bytes, patch)
2005-06-10 01:44 PDT, Anders Carlsson
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Joost de Valk (AlthA) 2005-06-10 01:00:49 PDT
In the attached testcases, use the "n" accesskey and see a crash.
Comment 1 Joost de Valk (AlthA) 2005-06-10 01:03:26 PDT
Created attachment 2206 [details]
testcase
Comment 2 Joost de Valk (AlthA) 2005-06-10 01:09:39 PDT
Created attachment 2207 [details]
Improved testcase

spell error Ctrl-n instead of Ctrl-h
Comment 3 Anders Carlsson 2005-06-10 01:28:46 PDT
The problem here is 

if (renderer() && (widget = static_cast<RenderWidget *>(renderer())->widget())) {

since the renderer associated with a HTMLButtonElementImpl is a RenderBlock element (since button 
elements aren't widget elements. Thus widget becomes an invalid value and that's the reason for the 
crash.
Comment 4 Joost de Valk (AlthA) 2005-06-10 01:37:17 PDT
Created attachment 2208 [details]
Crash report
Comment 5 Anders Carlsson 2005-06-10 01:44:08 PDT
Created attachment 2210 [details]
Fix

This fixes the segfault
Comment 6 Joost de Valk (AlthA) 2005-06-10 04:19:53 PDT
I can confirm that the patch works, the accesskey now enables the action on the button.
Comment 7 Chris Petersen 2005-06-10 15:46:59 PDT
*** Bug 3413 has been marked as a duplicate of this bug. ***
Comment 8 Chris Petersen 2005-06-10 16:32:06 PDT
Apple Bug: <rdar://problem/4117035>
Comment 9 Darin Adler 2005-06-16 09:41:08 PDT
Comment on attachment 2210 [details]
Fix

Good fix. It's very strange that this code, appropriate for <input
type=button>, was put here inside the <button> element implementation.

I prefer to completely eliminate the HTMLButtonElementImpl::click function,
however, rather than simply removing its "guts". So ideally someone landing
this would go that extra step.
Comment 10 Chris Petersen 2005-06-18 21:40:02 PDT
I can confirmed this has been fixed on TOT WebKit (checked out 6/18). Reporter, mark this bug as Verified 
after you have tested with the latest TOT Webkit.
Comment 11 Joost de Valk (AlthA) 2005-06-19 23:06:25 PDT
Tested with TOT and fix verified. Thx ppl :)
Comment 12 John Sullivan 2005-06-27 10:18:05 PDT
There was a Radar report of this as <rdar://problem/4117035>
Comment 13 Joost de Valk (AlthA) 2005-06-27 10:32:00 PDT
(In reply to comment #12)
> There was a Radar report of this as <rdar://problem/4117035>

------- Additional Comment #8 From Chris Petersen 2005-06-10 16:32 PST [reply] -------
Apple Bug: <rdar://problem/4117035>

doh :) if i'd have access i'd close it for you guys, but i guess you have to do that yourselves :)
Comment 14 Joost de Valk (AlthA) 2005-06-30 13:54:18 PDT
Reopening to put it on verified fixed. Closed fixed is the next state, it will reach this state when this bug 
gets fixed in a released version of Safari.