[Webkit-unassigned] [Bug 125761] page crashes WebKit: ARGUMENT BAD in AccessibilityMenuListPopup::didUpdateActiveOption

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Dec 16 09:40:27 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=125761


Adam Dingle <adam at yorba.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|page crashes WebKit in      |page crashes WebKit:
                   |CheckedArithmetic.h:overflo |ARGUMENT BAD in
                   |wed()                       |AccessibilityMenuListPopup:
                   |                            |:didUpdateActiveOption




--- Comment #2 from Adam Dingle <adam at yorba.org>  2013-12-16 09:38:34 PST ---
I tried visiting this page with WebKitGTK built from svn trunk with debugging enabled.  WebKit failed with this stack trace:

ARGUMENT BAD: optionIndex, optionIndex < static_cast<int>(m_children.size())
Source/WebCore/accessibility/AccessibilityMenuListPopup.cpp(135) : void WebCore::AccessibilityMenuListPopup::didUpdateActiveOption(int)
1   0x7f35f25ff00c /home/adam/src/WebKit/.libs/libjavascriptcoregtk-3.0.so.0(WTFCrash+0x1e) [0x7f35f25ff00c]
2   0x7f35f518e926 /home/adam/src/WebKit/.libs/libwebkit2gtk-3.0.so.25(_ZN7WebCore26AccessibilityMenuListPopup21didUpdateActiveOptionEi+0x86) [0x7f35f518e926]
3   0x7f35f518db86 /home/adam/src/WebKit/.libs/libwebkit2gtk-3.0.so.25(_ZN7WebCore21AccessibilityMenuList21didUpdateActiveOptionEi+0x168) [0x7f35f518db86]
4   0x7f35f5bc4ac3 /home/adam/src/WebKit/.libs/libwebkit2gtk-3.0.so.25(_ZN7WebCore14RenderMenuList21didUpdateActiveOptionEi+0x171) [0x7f35f5bc4ac3]
5   0x7f35f5bc3c71 /home/adam/src/WebKit/.libs/libwebkit2gtk-3.0.so.25(_ZN7WebCore14RenderMenuList17setTextFromOptionEi+0x14d) [0x7f35f5bc3c71]
6   0x7f35f5bc3b22 /home/adam/src/WebKit/.libs/libwebkit2gtk-3.0.so.25(_ZN7WebCore14RenderMenuList17updateFromElementEv+0x88) [0x7f35f5bc3b22]
7   0x7f35f56e627b /home/adam/src/WebKit/.libs/libwebkit2gtk-3.0.so.25(_ZN7WebCore17HTMLSelectElement12selectOptionEij+0x14b) [0x7f35f56e627b]
8   0x7f35f56e6065 /home/adam/src/WebKit/.libs/libwebkit2gtk-3.0.so.25(_ZN7WebCore17HTMLSelectElement16setSelectedIndexEi+0x25) [0x7f35f56e6065]
9   0x7f35f5f18805 /home/adam/src/WebKit/.libs/libwebkit2gtk-3.0.so.25(_ZN7WebCore35setJSHTMLSelectElementSelectedIndexEPN3JSC9ExecStateEPNS0_8JSObjectENS0_7JSValueE+0x72) [0x7f35f5f18805]
10  0x7f35f5f1a232 /home/adam/src/WebKit/.libs/libwebkit2gtk-3.0.so.25(+0x2a66232) [0x7f35f5f1a232]
11  0x7f35f5f1a18b /home/adam/src/WebKit/.libs/libwebkit2gtk-3.0.so.25(+0x2a6618b) [0x7f35f5f1a18b]
12  0x7f35f5f19d0e /home/adam/src/WebKit/.libs/libwebkit2gtk-3.0.so.25(+0x2a65d0e) [0x7f35f5f19d0e]
13  0x7f35f5f182b7 /home/adam/src/WebKit/.libs/libwebkit2gtk-3.0.so.25(_ZN7WebCore19JSHTMLSelectElement3putEPN3JSC6JSCellEPNS1_9ExecStateENS1_12PropertyNameENS1_7JSValueERNS1_15PutPropertySlotE+0x14d) [0x7f35f5f182b7]
14  0x7f35f22a1244 /home/adam/src/WebKit/.libs/libjavascriptcoregtk-3.0.so.0(_ZN3JSC7JSValue3putEPNS_9ExecStateENS_12PropertyNameES0_RNS_15PutPropertySlotE+0x96) [0x7f35f22a1244]
15  0x7f35f23efe0b /home/adam/src/WebKit/.libs/libjavascriptcoregtk-3.0.so.0(+0xa9fe0b) [0x7f35f23efe0b]
16  0x7f35f23f937a /home/adam/src/WebKit/.libs/libjavascriptcoregtk-3.0.so.0(+0xaa937a) [0x7f35f23f937a]

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list