atspi: gengrid removes item from atspi_children

The gengrid appends an item to the atspi_children list when the item is
created. But the gengrid does not remove an item from atspi_children list when
the item is removed. So there is a crash issue in the _sort_items function of
eina_list_sort, because this function tries to compare using removed data.

For more information, the cbhm-service has following stack.

(1) when genlist removes item
_item_del at elm_gengrid.c:4290
_elm_gengrid_item_elm_widget_item_del_pre at elm_gengrid.c:4433
elm_wdg_item_del_pre at elm_widget_item.eo.c:236
_elm_widget_item_del at elm_widget.c:4921
elm_wdg_item_del at elm_widget_item.eo.c:128
elm_object_item_del at elm_widget_item.eo.c:653
_drawer_item_del at /usr/src/debug/cbhm-1.0.0/daemon/cbhmd_drawer.c:420
_cbhmd_item_free at /usr/src/debug/cbhm-1.0.0/daemon/cbhmd_item.c:47
cbhmd_item_delete_by_cnp_item at /usr/src/debug/cbhm-1.0.0/daemon/cbhmd_item.c:443
_drawer_item_add at /usr/src/debug/cbhm-1.0.0/daemon/cbhmd_drawer.c:396
cbhmd_item_add_by_cnp_item at /usr/src/debug/cbhm-1.0.0/daemon/cbhmd_item.c:94
cbhmd_storage_init at /usr/src/debug/cbhm-1.0.0/daemon/cbhmd_storage.c:212
app_create at /usr/src/debug/cbhm-1.0.0/daemon/cbhmd.c:134
?? () from target:/lib/libappcore-efl.so.1
appcore_base_init () from target:/lib/libappcore-common.so.1
appcore_ui_base_init () from target:/lib/libappcore-ui.so.1
appcore_efl_base_init () from target:/lib/libappcore-efl.so.1
appcore_efl_init () from target:/lib/libappcore-efl.so.1
appcore_efl_main () from target:/lib/libappcore-efl.so.1
main at /usr/src/debug/cbhm-1.0.0/daemon/cbhmd.c:296

(2) when genlist sorts item
_sort_items at elm_gengrid.c:6429
eina_list_sort at lib/eina/eina_list.c:1082
_elm_gengrid_elm_widget_screen_reader at elm_gengrid.c:4864
elm_obj_widget_screen_reader at elm_widget.eo.c:405
elm_widget_screen_reader at elm_widget.c:970
elm_widget_screen_reader at elm_widget.c:968
elm_widget_screen_reader at elm_widget.c:968
_elm_win_screen_reader at elm_win.c:3074
_screen_reader_enabled_get at elm_atspi_bridge.c:6455
?? () from /lib/libeldbus.so.1
?? () from /lib/libdbus-1.so.3
dbus_connection_dispatch () from /lib/libdbus-1.so.3
?? () from /lib/libeldbus.so.1
?? () from /lib/libecore.so.1
?? () from /lib/libecore.so.1
?? () from /lib/libecore.so.1
ecore_main_loop_begin () from /lib/libecore.so.1
appcore_base_init () from /lib/libappcore-common.so.1
appcore_ui_base_init () from /lib/libappcore-ui.so.1
appcore_efl_base_init () from /lib/libappcore-efl.so.1
appcore_efl_init () from /lib/libappcore-efl.so.1
appcore_efl_main () from /lib/libappcore-efl.so.1
?? ()
__libc_start_main () from /lib/libc.so.6
_start ()

Change-Id: I3db7042316f3ef6aee4b7e4bbe3e24fa292cdce6

diff --git a/src/lib/elm_gengrid.c b/src/lib/elm_gengrid.c
index 454709f..1560dbc 100644 (file)
--- a/src/lib/elm_gengrid.c
+++ b/src/lib/elm_gengrid.c
@@ -4291,6 +4291,9 @@ _item_del(Elm_Gen_Item *it)
    ELM_GENGRID_DATA_GET_FROM_ITEM(it, sd);
 
    evas_event_freeze(evas_object_evas_get(obj));
+   //TIZEN_ONLY(20180104): remove item from atspi_children
+   sd->atspi_children = eina_list_remove(sd->atspi_children, EO_OBJ(it));
+   //
    sd->selected = eina_list_remove(sd->selected, it);
    if (it->realized) _elm_gengrid_item_unrealize(it, EINA_FALSE);
    _elm_gengrid_item_del_serious(it);