I think this is a regression from the recent node change made a few minutes ago Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x00000000bbadbeef 0x0000000103630d3e in WebCore::toHTMLSelectElement (node=0x7fe9882d4a00) at HTMLSelectElement.h:207 207 ASSERT(!node || isHTMLSelectElement(node)); (gdb) bt #0 0x0000000103630d3e in WebCore::toHTMLSelectElement (node=0x7fe9882d4a00) at HTMLSelectElement.h:207 #1 0x00000001036140b7 in WebCore::AccessibilityNodeObject::isMultiSelectable (this=0x7fe9838b32f0) at AccessibilityNodeObject.cpp:625 #2 0x000000010362829d in WebCore::AccessibilityRenderObject::ariaSelectedRows (this=0x7fe9838b32f0, result=@0x7fff5e4de0a0) at AccessibilityRenderObject.cpp:2820 Problem looks like we're not verifying that the node is a Select element bool AccessibilityNodeObject::isMultiSelectable() const { const AtomicString& ariaMultiSelectable = getAttribute(aria_multiselectableAttr); if (equalIgnoringCase(ariaMultiSelectable, "true")) return true; if (equalIgnoringCase(ariaMultiSelectable, "false")) return false; return node() && toHTMLSelectElement(node())->multiple(); }
Looks like we lost this if (!m_renderer->isBoxModelObject() || !toRenderBoxModelObject(m_renderer)->isListBox()) 713 return false;
I'll roll out and fix.
i would just fix this one rather than rolling out if you can get to it quickly enough
Created attachment 163650 [details] Patch
Comment on attachment 163650 [details] Patch thanks for quick turn-around. you might want to mention in ChangeLog where this breakage came from (ie refactoring...)
Committed r128332: <http://trac.webkit.org/changeset/128332>
*** Bug 96534 has been marked as a duplicate of this bug. ***