[Webkit-unassigned] [Bug 125624] New: REGRESSION(r160417): AX: crash when opening the inspector's DOM Tree/Source Code selector path component

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Dec 12 03:14:30 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=125624

           Summary: REGRESSION(r160417): AX: crash when opening the
                    inspector's DOM Tree/Source Code selector path
                    component
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Accessibility
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: gns at gnome.org
                CC: webkit-bug-importer at group.apple.com


ARGUMENT BAD: optionIndex, optionIndex < static_cast<int>(m_children.size())
../../Source/WebCore/accessibility/AccessibilityMenuListPopup.cpp(135) : void WebCore::AccessibilityMenuListPopup::didUpdateActiveOption(int)
1   0x7f5ed376d82e /home/kov/src/WebKit/WebKitBuild/Debug/.libs/libjavascriptcoregtk-3.0.so.0(WTFCrash+0x1e) [0x7f5ed376d82e]
2   0x7f5ed54058f8 /home/kov/src/WebKit/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(_ZN7WebCore26AccessibilityMenuListPopup21didUpdateActiveOptionEi+0x86) [0x7f5ed54058f8]
3   0x7f5ed5404b56 /home/kov/src/WebKit/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(_ZN7WebCore21AccessibilityMenuList21didUpdateActiveOptionEi+0x168) [0x7f5ed5404b56]
4   0x7f5ed5ec238b /home/kov/src/WebKit/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(_ZN7WebCore14RenderMenuList21didUpdateActiveOptionEi+0x171) [0x7f5ed5ec238b]
5   0x7f5ed5ec1449 /home/kov/src/WebKit/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(_ZN7WebCore14RenderMenuList17setTextFromOptionEi+0x14d) [0x7f5ed5ec1449]
6   0x7f5ed5ec12fa /home/kov/src/WebKit/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(_ZN7WebCore14RenderMenuList17updateFromElementEv+0x88) [0x7f5ed5ec12fa]
7   0x7f5ed598d96f /home/kov/src/WebKit/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(_ZN7WebCore17HTMLSelectElement12selectOptionEij+0x14b) [0x7f5ed598d96f]
8   0x7f5ed598d759 /home/kov/src/WebKit/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(_ZN7WebCore17HTMLSelectElement16setSelectedIndexEi+0x25) [0x7f5ed598d759]
9   0x7f5ed624c687 /home/kov/src/WebKit/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(_ZN7WebCore35setJSHTMLSelectElementSelectedIndexEPN3JSC9ExecStateEPNS0_8JSObjectENS0_7JSValueE+0x72) [0x7f5ed624c687]
10  0x7f5ed624e0fc /home/kov/src/WebKit/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x24300fc) [0x7f5ed624e0fc]

The reason is the AccessibilityMenuList's knowledge of how many children there are is outdated - m_children.size() is 1 and the active option is 1 (so the second element).

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list