Title: [127466] trunk
- Revision
- 127466
- Author
- [email protected]
- Date
- 2012-09-04 06:36:10 -0700 (Tue, 04 Sep 2012)
Log Message
[Stable] [GTK] Crash in WebCore::HTMLSelectElement::selectedIndex
https://bugs.webkit.org/show_bug.cgi?id=95618
Patch by Mario Sanchez Prada <[email protected]> on 2012-09-04
Reviewed by Martin Robinson.
Source/WebCore:
Make sure we only emit the the signal for menu lists and list
boxes rendered from actual HTML select elements.
* accessibility/gtk/AXObjectCacheAtk.cpp:
(WebCore::notifyChildrenSelectionChange): We support accessibility
ListBoxes and MenuLists only here, assuming they represent HTML
select elements, which might be not always true (e.g. ARIA). Thus,
check if that condition is true, early returning in other case.
LayoutTests:
New layout test to ensure we don't crash with ATK notifications
anymore when changing the selection in an ARIA listbox.
* platform/gtk/accessibility/aria-listbox-crash-expected.txt: Added.
* platform/gtk/accessibility/aria-listbox-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (127465 => 127466)
--- trunk/LayoutTests/ChangeLog 2012-09-04 13:34:10 UTC (rev 127465)
+++ trunk/LayoutTests/ChangeLog 2012-09-04 13:36:10 UTC (rev 127466)
@@ -1,3 +1,16 @@
+2012-09-04 Mario Sanchez Prada <[email protected]>
+
+ [Stable] [GTK] Crash in WebCore::HTMLSelectElement::selectedIndex
+ https://bugs.webkit.org/show_bug.cgi?id=95618
+
+ Reviewed by Martin Robinson.
+
+ New layout test to ensure we don't crash with ATK notifications
+ anymore when changing the selection in an ARIA listbox.
+
+ * platform/gtk/accessibility/aria-listbox-crash-expected.txt: Added.
+ * platform/gtk/accessibility/aria-listbox-crash.html: Added.
+
2012-09-04 Alexander Shalamov <[email protected]>
[EFL] Check if ecore_x is initialised before calling ecore_x_bell to avoid crash
Added: trunk/LayoutTests/platform/gtk/accessibility/aria-listbox-crash-expected.txt (0 => 127466)
--- trunk/LayoutTests/platform/gtk/accessibility/aria-listbox-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/gtk/accessibility/aria-listbox-crash-expected.txt 2012-09-04 13:36:10 UTC (rev 127466)
@@ -0,0 +1,11 @@
+foo
+bar
+This tests that selecting an option in an ARIA listbox doesn't crash.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/platform/gtk/accessibility/aria-listbox-crash.html (0 => 127466)
--- trunk/LayoutTests/platform/gtk/accessibility/aria-listbox-crash.html (rev 0)
+++ trunk/LayoutTests/platform/gtk/accessibility/aria-listbox-crash.html 2012-09-04 13:36:10 UTC (rev 127466)
@@ -0,0 +1,49 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src=""
+<script>
+function test()
+{
+ description("This tests that selecting an option in an ARIA listbox doesn't crash.");
+
+ if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+
+ // We focus on the body and get the associated accessibility
+ // object to force the creation of the accessibility hierarchy.
+ if (window.accessibilityController)
+ document.getElementById("body").focus();
+ accessibilityController.focusedElement;
+ }
+
+ // Get references to the list and the items, and change selection.
+ list = document.getElementById('list');
+ preSelectedItem = document.getElementById('list_item_1');
+ targetItem = document.getElementById('list_item_2');
+
+ list.setAttribute('aria-activedescendant', targetItem.id);
+ preSelectedItem.setAttribute('aria-selected', false);
+ targetItem.setAttribute('aria-selected', true);
+
+ // We need to finish on idle to give room for the crash to happen,
+ // since it's supposed to crash because of a notification about the
+ // selection changing and so if we notifyDone() now it would be too
+ // soon and we would skip such emission, not crashing at all.
+ window.setTimeout("testRunner.notifyDone()",0);
+}
+</script>
+</head>
+<body id="body" _onload_="test();">
+<ul id="list" role="listbox" aria-activedescendant="list_item_1">
+ <li id="list_item_1" role="option" aria-selected="false">foo</li>
+ <li id="list_item_2" role="option" aria-selected="false">bar</li>
+</ul>
+
+<p id="description"></p>
+<div id="console"></div>
+
+<script src=""
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (127465 => 127466)
--- trunk/Source/WebCore/ChangeLog 2012-09-04 13:34:10 UTC (rev 127465)
+++ trunk/Source/WebCore/ChangeLog 2012-09-04 13:36:10 UTC (rev 127466)
@@ -1,3 +1,19 @@
+2012-09-04 Mario Sanchez Prada <[email protected]>
+
+ [Stable] [GTK] Crash in WebCore::HTMLSelectElement::selectedIndex
+ https://bugs.webkit.org/show_bug.cgi?id=95618
+
+ Reviewed by Martin Robinson.
+
+ Make sure we only emit the the signal for menu lists and list
+ boxes rendered from actual HTML select elements.
+
+ * accessibility/gtk/AXObjectCacheAtk.cpp:
+ (WebCore::notifyChildrenSelectionChange): We support accessibility
+ ListBoxes and MenuLists only here, assuming they represent HTML
+ select elements, which might be not always true (e.g. ARIA). Thus,
+ check if that condition is true, early returning in other case.
+
2012-09-04 Martin Robinson <[email protected]>
[Cairo] [TextureMapper] Assertion failure in TextureMapperGL
@@ -30,6 +46,19 @@
2012-09-04 Alexander Shalamov <[email protected]>
+ [EFL] Check if ecore_x is initialised before calling ecore_x_bell to avoid crash
+ https://bugs.webkit.org/show_bug.cgi?id=86961
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ Add ecore_x initialisation check before calling ecore_x_bell
+ to avoid crashes when X server is not running.
+
+ * platform/efl/SoundEfl.cpp:
+ (WebCore::systemBeep):
+
+2012-09-04 Alexander Shalamov <[email protected]>
+
[EFL][WK2] CSS3 Media Queries functionality is broken
https://bugs.webkit.org/show_bug.cgi?id=95680
Modified: trunk/Source/WebCore/accessibility/gtk/AXObjectCacheAtk.cpp (127465 => 127466)
--- trunk/Source/WebCore/accessibility/gtk/AXObjectCacheAtk.cpp 2012-09-04 13:34:10 UTC (rev 127465)
+++ trunk/Source/WebCore/accessibility/gtk/AXObjectCacheAtk.cpp 2012-09-04 13:36:10 UTC (rev 127466)
@@ -81,11 +81,16 @@
if (!object || !(object->isListBox() || object->isMenuList()))
return;
+ // Only support HTML select elements so far (ARIA selectors not supported).
+ Node* node = object->node();
+ if (!node || !node->hasTagName(HTMLNames::selectTag))
+ return;
+
// Emit signal from the listbox's point of view first.
g_signal_emit_by_name(object->wrapper(), "selection-changed");
// Find the item where the selection change was triggered from.
- HTMLSelectElement* select = toHTMLSelectElement(object->node());
+ HTMLSelectElement* select = toHTMLSelectElement(node);
if (!select)
return;
int changedItemIndex = select->activeSelectionStartListIndex();
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
