[Webkit-unassigned] [Bug 85923] New: Crash when getting accessibility line number from readonly textarea

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 8 15:23:35 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=85923

           Summary: Crash when getting accessibility line number from
                    readonly textarea
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Accessibility
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: dmazzoni at google.com
                CC: cfleizach at apple.com, rniwa at webkit.org


Created an attachment (id=140798)
 --> (https://bugs.webkit.org/attachment.cgi?id=140798&action=review)
Layout test to reproduce problem

Attempting to get the insertion point line number of a readonly textarea that happens to be at the top of the document causes an assertion failure in dom/Position.cpp:95.

See full stack track and attached layout test to reproduce. Crash is easy to reproduce using both Mac and Chromium ports.

I think the problem is when AccessibilityObject::lineForPosition calls previousLinePosition with a visible position that's already essentially the topmost visible position in the document. I'm not familiar enough with the visible position code to know what the right fix should be. Should previousLinePosition be returning the equivalent of null, or should AccessibilityObject be checking some conditions before calling previousLinePosition?

ASSERTION FAILED: !((anchorType == PositionIsBeforeChildren || anchorType == PositionIsAfterChildren) && (m_anchorNode->isTextNode() || editingIgnoresContent(m_anchorNode.get())))
/Users/dmazzoni/src/WebKit/Source/WebCore/dom/Position.cpp(95) : WebCore::Position::Position(WTF::PassRefPtr<WebCore::Node>, WebCore::Position::AnchorType)
1   0x101545762 WebCore::firstPositionInNode(WebCore::Node*)
2   0x101c88293 WebCore::previousLinePosition(WebCore::VisiblePosition const&, int, WebCore::EditableType)
3   0x10149d67e WebCore::AccessibilityObject::lineForPosition(WebCore::VisiblePosition const&) const
4   0x101ca1fb7 -[WebAccessibilityObjectWrapper accessibilityAttributeValue:]
5   0x100008e26 AccessibilityUIElement::insertionPointLineNumber()
6   0x1000038b4 getInsertionPointLineNumberCallback(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSString*, OpaqueJSValue const**)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list