[Webkit-unassigned] [Bug 31044] [Gtk] assertion when webkit_accessible_get_index_in_parent attempts to get parent of the web view

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 3 21:37:21 PST 2009 

https://bugs.webkit.org/show_bug.cgi?id=31044


Joanmarie Diggs <joanmarie.diggs at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #42361|0                           |1
        is obsolete|                            |
  Attachment #42450|                            |review?
               Flag|                            |




--- Comment #3 from Joanmarie Diggs <joanmarie.diggs at gmail.com>  2009-11-03 21:37:21 PDT ---
Created an attachment (id=42450)
 --> (https://bugs.webkit.org/attachment.cgi?id=42450)
use g_object_unref to free children (?)

> > -    g_return_val_if_fail(parent, 0);
> > +    if (!parent && core(object)->isWebArea()) {
> > +        AtkObject* atkParent = atkParentOfWebView(object);
> > +        if (!atkParent)
> > +            return -1;
> > +
> > +        unsigned count = atk_object_get_n_accessible_children(atkParent);
> > +        for (unsigned i = 0; i < count; ++i)
> > +            if (atk_object_ref_accessible_child(atkParent, i) == object)
> 
> This is doing a g_object_ref on each child, and then letting it go, so it's
> leaking all of them basically. You need to use GOwnPtr here, or similar, so
> that the references go away when you exit the function.

Oops. Thanks for this. At the moment, I'm leaning towards "similar". :-) (Can I
just do a g_object_unref instead??)

But I would like to understand this.... I tried:

    [...]
    GOwnPtr<AtkObject> child(atk_object_ref_accessible_child(atkParent, i));
    if (child == object)
        return i;

This is working, we get a match, and we attempt to return i. At which point,
GtkLauncher aborts. :-(

*** glibc detected ***
/home/jd/WebKit/WebKitBuild/Release/Programs/GtkLauncher: double free or
corruption (out): 0x08d1aa28 ***

~~~~~~~~~~~~~
Thread 2 (Thread 0xb7141b70 (LWP 9857)):
#0  0x003cf422 in __kernel_vsyscall ()
#1  0x004cce15 in pthread_cond_wait@@GLIBC_2.3.2 () at
../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_wait.S:122
#2  0x007b4d07 in WTF::TCMalloc_PageHeap::scavengerThread() () from
/home/jd/WebKit/WebKitBuild/Release/.libs/libwebkit-1.0.so.2
#3  0x007b4d41 in WTF::TCMalloc_PageHeap::runScavengerThread(void*) () from
/home/jd/WebKit/WebKitBuild/Release/.libs/libwebkit-1.0.so.2
#4  0x004c880e in start_thread (arg=0xb7141b70) at pthread_create.c:300
#5  0x067f37ee in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 1 (Thread 0xb72fa760 (LWP 9851)):
#0  0x003cf422 in __kernel_vsyscall ()
#1  0x067514d1 in *__GI_raise (sig=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2  0x06754932 in *__GI_abort () at abort.c:92
#3  0x06787ee5 in __libc_message (do_abort=2, fmt=0x684b438 "*** glibc detected
*** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#4  0x06791ff1 in malloc_printerr (action=<value optimized out>, str=0x6
<Address 0x6 out of bounds>, ptr=0x8d1aa28) at malloc.c:6217
#5  0x067936f2 in _int_free (av=<value optimized out>, p=<value optimized out>)
at malloc.c:4750
#6  0x0679679d in *__GI___libc_free (mem=0x8d1aa28) at malloc.c:3716
#7  0x0856a186 in g_free () from /lib/libglib-2.0.so.0
#8  0x00e29dd2 in webkit_accessible_get_index_in_parent(_AtkObject*) () from
/home/jd/WebKit/WebKitBuild/Release/.libs/libwebkit-1.0.so.2
#9  0x001aff72 in atk_object_get_index_in_parent (accessible=0x8d1aa28) at
atkobject.c:961
#10 0x08279d26 in impl_accessibility_accessible_get_index_in_parent
(servant=0x9087594, ev=0xbfc34d3c) at accessible.c:285
#11 0x08275fa6 in _ORBIT_skel_small_Accessibility_Accessible_getIndexInParent
(_o_servant=0x9087594, _o_retval=0xbfc34b90, _o_args=0x0, 
    _o_ctx=0xbfc34c28, _o_ev=0xbfc34d3c, _impl_getIndexInParent=0x8279d00
<impl_accessibility_accessible_get_index_in_parent>)
    at Accessibility-common.c:124
#12 0x05ccc537 in ?? () from /usr/lib/libORBit-2.so.0
#13 0x05cd2b45 in ORBit_OAObject_invoke () from /usr/lib/libORBit-2.so.0
#14 0x05cbee63 in ORBit_small_invoke_adaptor () from /usr/lib/libORBit-2.so.0
#15 0x05cd0649 in ?? () from /usr/lib/libORBit-2.so.0
#16 0x05cd0d22 in ?? () from /usr/lib/libORBit-2.so.0
#17 0x05cd0ed9 in ?? () from /usr/lib/libORBit-2.so.0
#18 0x05cd2f92 in ORBit_handle_request () from /usr/lib/libORBit-2.so.0
#19 0x05cbb155 in giop_connection_handle_input () from /usr/lib/libORBit-2.so.0
#20 0x05cda743 in ?? () from /usr/lib/libORBit-2.so.0
#21 0x05cdd016 in ?? () from /usr/lib/libORBit-2.so.0
#22 0x08561e78 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#23 0x08565720 in ?? () from /lib/libglib-2.0.so.0
#24 0x08565b8f in g_main_loop_run () from /lib/libglib-2.0.so.0
#25 0x04c78419 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#26 0x08049e6d in main ()
~~~~~~~~~~~~~

Any suggestions regarding what I'm doing wrong/missing? Thanks!

(Flagging for review in the hopes that the use of g_object_unref is fitting and
appropriate.)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list