In accessible-cache.c, in add_pending_items(), it's assumed that the call to atk_object_ref_state_set() is always gonna return a valid state set, since right after that there's a call to atk_state_set_contains_state() without even checking if 'set' is NULL.
However, if I check the implementation of socket's ref_state_set function (in bridge.c), it can return NULL in a variety of situations: plug still not embedded, no valid path, no reply got from DBus...
Checking the default implementation in AtkObject's ref_state_set function, I saw that, instead of returning NULL in those invalid cases, it just return an empty state set, which I think it's a better approach.
So I think we should change the only redefinition of ref_state_set in at-spi2-atk, which is socket_ref_state_set() in bridge.c, to return an empty state set instead of NULL in the cases that not a valid state set could be returned.
Another option would be to add a null-check in add_pending_items to ensure that the set is a valid one after calling to atk_object_ref_state_set, but that could hide some real bugs so I don't think that's a so good approach.
Created attachment 52864 [details] [review]
Looks fine. Go ahead and commit (and update the gnome-3-2 branch too if you'd like). Thanks for the patch.
Fyi, we've been using BGO for AT-SPI2 bugs lately (we decided a while ago that it made sense to add at-spi2 components there, since the code is on git.gnome.org now and people were filing bugs on BGO anyway...)
(In reply to comment #2)
> Looks fine. Go ahead and commit (and update the gnome-3-2 branch too if you'd
> like). Thanks for the patch.
Done (updated gnome-3-2 too)
> Fyi, we've been using BGO for AT-SPI2 bugs lately (we decided a while ago that
> it made sense to add at-spi2 components there, since the code is on
> git.gnome.org now and people were filing bugs on BGO anyway...)
Sure, sorry about that. Next bugs will be filed in bgo, with at-spi2-atk as component.