In SelectionController::notifyAccessibilityForSelectionChange(), inside SelectionControllerGtk.cpp, we currently have this: [...] AccessibilityObject* accessibilityObject = m_frame->document()->axObjectCache()->getOrCreate(focusedNode); int offset; // Always report the events w.r.t. the non-linked unignored parent. (i.e. ignoreLinks == true) AccessibilityObject* object = objectAndOffsetUnignored(accessibilityObject, offset, true); [...] The problem with this is that, as getOrCreate() could return 0 under some dark circunstances, we're risking here calling to objectAndOffsetUnignored() with null as first parameter, which will crash for sure as that function won't check that (that's a common assumption in AccessibilityObjectWrapperAtk.cpp). Hence, an extra null check is needed. Attaching one-liner patch soon...
Created attachment 60209 [details] Patch proposal Attached patch for this issue.
Comment on attachment 60209 [details] Patch proposal I think doing: if (!accessibilityObject) return; is much better. Also, we should look into why a NULL object is being created in the first place...
Created attachment 60213 [details] Patch proposal (In reply to comment #2) > (From update of attachment 60209 [details]) > I think doing: > > if (!accessibilityObject) > return; > > is much better. Done. > Also, we should look into why a NULL object is being created in the first place... Agree, and I have the feeling is related to the rendering object not being created by that time, although that would be quite weir and would be indeed another bug for sure... In any case I think this null check doesn't hurt either.
Comment on attachment 60213 [details] Patch proposal Clearing flags on attachment: 60213 Committed r62248: <http://trac.webkit.org/changeset/62248>
All reviewed patches have been landed. Closing bug.