[webkit-reviews] review requested: [Bug 82896] Segmentation fault in JS drop-down menus in facebook.com : [Attachment 136478] Patch proposal

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 10 10:08:12 PDT 2012


Mario Sanchez Prada <msanchez at igalia.com> has asked  for review:
Bug 82896: Segmentation fault in JS drop-down menus in facebook.com
https://bugs.webkit.org/show_bug.cgi?id=82896

Attachment 136478: Patch proposal
https://bugs.webkit.org/attachment.cgi?id=136478&action=review

------- Additional Comments from Mario Sanchez Prada <msanchez at igalia.com>
(In reply to comment #8)
> [...]
> I think it indicates that a render object was destroyed but the ax object was
not updated at the same time. That should not happen, since in
RenderObject::willBeDestroyed(), AXObjectCache::remove is called. 
> 
> A way i can see this happening is if AXObjectCache::remove was not called for
this child, or if it was it failed for some reason.

I think that a possible reason for this to happen is that in GTK we are
treating attachments in a different way than in the Mac, as we're
systematically not ignoring them ever:

  From gtk/AccessibilityObjectAtk.cpp:

  bool AccessibilityObject::accessibilityIgnoreAttachment() const
  {
      return false;
  }

I think a possible solution for this would be to make changes on your patch for
r110819 would be to make sure they apply to Mac only. At least that way we
would be having the -not segfaulting- behaviour we previously had.

Attaching a patch proposal, just in case you already agree with it :)


More information about the webkit-reviews mailing list