158685 2016-06-12 23:10:33 -0700 AX: CrashTracer: com.apple.WebKit.WebContent at WebCore::AccessibilityRenderObject::remoteSVGRootElement const + 227 2016-06-13 16:03:49 -0700 1 1 1 Unclassified WebKit Accessibility Safari 9 All All RESOLVED FIXED InRadar P2 Normal --- 1 cfleizach cfleizach aboxhall apinheiro commit-queue dmazzoni jcraig jdiggs mario samuel_white webkit-bug-importer oldest_to_newest 1201795 0 cfleizach 2016-06-12 23:10:33 -0700 Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000 Thread 0 Crashed ↩:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x1102ec6d3 WebCore::AccessibilityRenderObject::remoteSVGRootElement(WebCore::AccessibilityRenderObject::CreationChoice) const + 227 (/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7602.1.35/accessibility/AccessibilitySVGRoot.h:55) 1 com.apple.WebCore 0x1102e427b WebCore::AccessibilityRenderObject::detach(WebCore::AccessibilityDetachmentType, WebCore::AXObjectCache*) + 27 (/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7602.1.35/accessibility/AccessibilityRenderObject.cpp:2976) 2 com.apple.WebCore 0x11035bfb9 WebCore::AXObjectCache::~AXObjectCache() + 153 (/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7602.1.35/accessibility/AXObjectCache.cpp:193) 3 com.apple.WebCore 0x1104dc4d4 WebCore::Document::destroyRenderTree() + 116 (/Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.11.xctoolchain/usr/bin/../include/c++/v1/memory:2459) 4 com.apple.WebCore 0x1100a4a06 WebCore::Document::prepareForDestruction() + 358 (/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7602.1.35/dom/Document.cpp:2325) --- Smoking gun if (!is<AccessibilitySVGRoot>(*rootSVGObject)) Trying to take nil ptr rootSVGObject and dereference it <rdar://problem/26755269> 1201796 1 281159 cfleizach 2016-06-12 23:12:55 -0700 Created attachment 281159 Patch 1201952 2 281159 ddkilzer 2016-06-13 14:00:30 -0700 Comment on attachment 281159 Patch r=me 1201999 3 281159 commit-queue 2016-06-13 16:03:44 -0700 Comment on attachment 281159 Patch Clearing flags on attachment: 281159 Committed r202014: <http://trac.webkit.org/changeset/202014> 1202000 4 commit-queue 2016-06-13 16:03:49 -0700 All reviewed patches have been landed. Closing bug. 281159 2016-06-12 23:12:55 -0700 2016-06-13 16:03:44 -0700 Patch patch text/plain 1664 cfleizach SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDIwMTk4NikKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE2IEBACisyMDE2LTA2LTEyICBDaHJpcyBG bGVpemFjaCAgPGNmbGVpemFjaEBhcHBsZS5jb20+CisKKyAgICAgICAgQVg6IENyYXNoVHJhY2Vy OiBjb20uYXBwbGUuV2ViS2l0LldlYkNvbnRlbnQgYXQgV2ViQ29yZTo6QWNjZXNzaWJpbGl0eVJl bmRlck9iamVjdDo6cmVtb3RlU1ZHUm9vdEVsZW1lbnQgY29uc3QgKyAyMjcKKyAgICAgICAgaHR0 cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE1ODY4NQorCisgICAgICAgIFJl dmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIENyYXNoIHJlcG9ydHMgc2hvdyBh IG51bGwgYWNjZXNzIGF0IGEgbGluZSB0aGF0IHRyaWVzIHRvIGRlcmVmZXJlbmNlIGEgcG9pbnRl ci4gCisgICAgICAgIEkgc3RpbGwgZG9uJ3QgaGF2ZSBhIHdheSB0byBsYXlvdXQgdGVzdCB0aGlz LCBhcyBpdCBzZWVtcyB0aWVkIHRvIHRlYXIgZG93biBvZiB0aGUgbWFpbiBkb2N1bWVudC4KKwor ICAgICAgICAqIGFjY2Vzc2liaWxpdHkvQWNjZXNzaWJpbGl0eVJlbmRlck9iamVjdC5jcHA6Cisg ICAgICAgIChXZWJDb3JlOjpBY2Nlc3NpYmlsaXR5UmVuZGVyT2JqZWN0OjpyZW1vdGVTVkdSb290 RWxlbWVudCk6CisKIDIwMTYtMDYtMTIgIFphbGFuIEJ1anRhcyAgPHphbGFuQGFwcGxlLmNvbT4K IAogICAgICAgICBDbGVhbnVwIFJlbmRlckJsb2NrOjpyZW1vdmVQb3NpdGlvbmVkT2JqZWN0cwpJ bmRleDogU291cmNlL1dlYkNvcmUvYWNjZXNzaWJpbGl0eS9BY2Nlc3NpYmlsaXR5UmVuZGVyT2Jq ZWN0LmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9hY2Nlc3NpYmlsaXR5L0FjY2Vz c2liaWxpdHlSZW5kZXJPYmplY3QuY3BwCShyZXZpc2lvbiAyMDE5MjUpCisrKyBTb3VyY2UvV2Vi Q29yZS9hY2Nlc3NpYmlsaXR5L0FjY2Vzc2liaWxpdHlSZW5kZXJPYmplY3QuY3BwCSh3b3JraW5n IGNvcHkpCkBAIC0zMDE0LDcgKzMwMTQsNyBAQAogICAgIC8vIEluIG9yZGVyIHRvIGNvbm5lY3Qg dGhlIEFYIGhpZXJhcmNoeSBmcm9tIHRoZSBTVkcgcm9vdCBlbGVtZW50IGZyb20gdGhlIGxvYWRl ZCByZXNvdXJjZQogICAgIC8vIHRoZSBwYXJlbnQgbXVzdCBiZSBzZXQsIGJlY2F1c2UgdGhlcmUn cyBubyBvdGhlciB3YXkgdG8gZ2V0IGJhY2sgdG8gd2hvIGNyZWF0ZWQgdGhlIGltYWdlLgogICAg IEFTU0VSVCghY3JlYXRlSWZOZWNlc3NhcnkgfHwgcm9vdFNWR09iamVjdCk7Ci0gICAgaWYgKCFp czxBY2Nlc3NpYmlsaXR5U1ZHUm9vdD4oKnJvb3RTVkdPYmplY3QpKQorICAgIGlmICghaXM8QWNj ZXNzaWJpbGl0eVNWR1Jvb3Q+KHJvb3RTVkdPYmplY3QpKQogICAgICAgICByZXR1cm4gbnVsbHB0 cjsKICAgICAKICAgICByZXR1cm4gZG93bmNhc3Q8QWNjZXNzaWJpbGl0eVNWR1Jvb3Q+KHJvb3RT VkdPYmplY3QpOwo=