[Webkit-unassigned] [Bug 164331] New: AX: [ATK] Attempting to clear selection on ARIA listboxes results in crash
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 2 12:22:19 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=164331
Bug ID: 164331
Summary: AX: [ATK] Attempting to clear selection on ARIA
listboxes results in crash
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: All
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: Accessibility
Assignee: webkit-unassigned at lists.webkit.org
Reporter: jdiggs at igalia.com
CC: webkit-bug-importer at group.apple.com
The ATK code is using is<AccessibilityListBox>() to identify native listboxes. But is<AccessibilityListBox>() returns the value of isListBox() which returns true both for AccessibilityListBox instances as well as for AccessibilityObject instances which have an AccessibilityRole value of ListBoxRole.
#0 0x00007f3617f3aab1 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:323
#1 0x00007f3617f3aac2 in WTFCrashWithSecurityImplication () at ../../Source/WTF/wtf/Assertions.cpp:343
#2 0x00007f361ec388a0 in WTF::downcast<WebCore::HTMLSelectElement, WebCore::Node> (source=...)
at ../../Source/WTF/wtf/TypeCasts.h:81
#3 0x00007f361ec37ef4 in (anonymous namespace)::AccessibilityListBox::canSetSelectedChildrenAttribute (this=0x7f3591df00c0)
at ../../Source/WebCore/accessibility/AccessibilityListBox.cpp:64
#4 0x00007f361ec3801c in (anonymous namespace)::AccessibilityListBox::setSelectedChildren (this=0x7f3591df00c0, children=...)
at ../../Source/WebCore/accessibility/AccessibilityListBox.cpp:86
#5 0x00007f36200fea9f in webkitAccessibleSelectionClearSelection (selection=0xfdb340)
at ../../Source/WebCore/accessibility/atk/WebKitAccessibleInterfaceSelection.cpp:156
#6 0x00007f3603e5c908 in impl_ClearSelection ()
at /home/jd/checkout/WebKitGtk/WebKitBuild/DependenciesGTK/Source/at-spi2-atk-2.15.4/atk-adaptor/adaptors/selection-adaptor.c:185
#7 0x00007f3603e558c8 in handle_other ()
at /home/jd/checkout/WebKitGtk/WebKitBuild/DependenciesGTK/Source/at-spi2-atk-2.15.4/droute/droute.c:553
#8 handle_message () at /home/jd/checkout/WebKitGtk/WebKitBuild/DependenciesGTK/Source/at-spi2-atk-2.15.4/droute/droute.c:600
#9 0x00007f3602355a33 in _dbus_object_tree_dispatch_and_unlock () from /lib64/libdbus-1.so.3
#10 0x00007f36023470a4 in dbus_connection_dispatch () from /lib64/libdbus-1.so.3
#11 0x00007f3600f8bef5 in message_queue_dispatch ()
at /home/jd/checkout/WebKitGtk/WebKitBuild/DependenciesGTK/Source/at-spi2-core-2.15.4/atspi/atspi-gmain.c:89
#12 0x00007f360f7ea777 in g_main_dispatch ()
at /home/jd/checkout/WebKitGtk/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3122
#13 g_main_context_dispatch () at /home/jd/checkout/WebKitGtk/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3737
#14 0x00007f360f7ea9a8 in g_main_context_iterate ()
at /home/jd/checkout/WebKitGtk/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3808
#15 0x00007f360f7eacc2 in g_main_loop_run ()
at /home/jd/checkout/WebKitGtk/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:4002
#16 0x00007f3617fa01ea in WTF::RunLoop::run () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:94
#17 0x00007f361e844680 in (anonymous namespace)::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2,
argv=0x7ffcc03eebe8) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#18 0x00007f361e84452e in (anonymous namespace)::WebProcessMainUnix (argc=2, argv=0x7ffcc03eebe8)
at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:69
#19 0x0000000000400c3a in main (argc=2, argv=0x7ffcc03eebe8)
at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161102/e60ad757/attachment.html>
More information about the webkit-unassigned
mailing list