[Webkit-unassigned] [Bug 82896] Segmentation fault in JS drop-down menus in facebook.com
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 10 10:08:12 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=82896
Mario Sanchez Prada <msanchez at igalia.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #136478| |review?
Flag| |
--- Comment #9 from Mario Sanchez Prada <msanchez at igalia.com> 2012-04-10 10:08:12 PST ---
Created an attachment (id=136478)
--> (https://bugs.webkit.org/attachment.cgi?id=136478&action=review)
Patch proposal
(In reply to comment #8)
> [...]
> I think it indicates that a render object was destroyed but the ax object was not updated at the same time. That should not happen, since in RenderObject::willBeDestroyed(), AXObjectCache::remove is called.
>
> A way i can see this happening is if AXObjectCache::remove was not called for this child, or if it was it failed for some reason.
I think that a possible reason for this to happen is that in GTK we are treating attachments in a different way than in the Mac, as we're systematically not ignoring them ever:
From gtk/AccessibilityObjectAtk.cpp:
bool AccessibilityObject::accessibilityIgnoreAttachment() const
{
return false;
}
I think a possible solution for this would be to make changes on your patch for r110819 would be to make sure they apply to Mac only. At least that way we would be having the -not segfaulting- behaviour we previously had.
Attaching a patch proposal, just in case you already agree with it :)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list