215521 2020-08-14 13:30:38 -0700 Crash in WebCore::AXObjectCache::rangeMatchesTextNearRange. 2020-08-15 10:16:25 -0700 1 1 1 Unclassified WebKit New Bugs WebKit Nightly Build Unspecified Unspecified RESOLVED DUPLICATE 214882 InRadar P2 Normal --- 1 andresg_22 andresg_22 aboxhall apinheiro cfleizach darin dmazzoni ews-watchlist jcraig jdiggs samuel_white oldest_to_newest 1680416 0 andresg_22 2020-08-14 13:30:38 -0700 Crash in WebCore::AXObjectCache::rangeMatchesTextNearRange. 1680418 1 andresg_22 2020-08-14 13:40:06 -0700 <rdar://problem/64773177> 1680421 2 andresg_22 2020-08-14 13:42:49 -0700 49 WebCore: WebCore::AXObjectCache::rangeMatchesTextNearRange(WebCore::SimpleRange const&, WTF::String const&) <== 49 WebCore: WebCore::AXObjectCache::rangeMatchesTextNearRange(WebCore::SimpleRange const&, WTF::String const&) 49 WebCore: -[WebAccessibilityObjectWrapper rangeFromMarkers:withText:] 49 WebCore: -[WebAccessibilityObjectWrapper textRectsFromMarkers:withText:] 49 WebCore: __107-[UIKitWebAccessibilityObjectWrapper _accessibilityTextRectsForSpeakThisStringRange:string:wantsSentences:]_block_invoke 49 AccessibilityUtilities: AXPerformSafeBlock 49 WebCore: -[UIKitWebAccessibilityObjectWrapper _accessibilityTextRectsForSpeakThisStringRange:string:wantsSentences:] 49 UIAccessibility: -[NSObject(AXPrivCategory) _iosAccessibilityAttributeValue:forParameter:] 27 WebProcess: __40+[AXWebProcessGlue _initializeAXRuntime]_block_invoke.175 | 27 AXRuntime: _copyParameterizedAttributeValueCallback | 27 AXRuntime: ___AXXMIGCopyParameterizedAttributeValue_block_invoke | 27 AXRuntime: _handleNonMainThreadCallback | 27 AXRuntime: _AXXMIGCopyParameterizedAttributeValue | 27 AXRuntime: _XCopyParameterizedAttributeValue | 27 AXRuntime: mshMIGPerform | 27 CoreFoundation: __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ | 27 CoreFoundation: __CFRunLoopDoSource1 | 27 CoreFoundation: __CFRunLoopRun | 27 CoreFoundation: CFRunLoopRunSpecific | 27 Foundation: -[NSRunLoop(NSRunLoop) runMode:beforeDate:] | 27 Foundation: -[NSRunLoop(NSRunLoop) run] | 27 libxpc.dylib: _xpc_objc_main | 27 libxpc.dylib: xpc_main | 27 WebKit: WebKit::XPCServiceMain(int, char const**) | 27 libdyld.dylib: 22 WebProcess: __40+[AXWebProcessGlue _initializeAXRuntime]_block_invoke.128 22 AXRuntime: _copyParameterizedAttributeValueCallback 22 AXRuntime: ___AXXMIGCopyParameterizedAttributeValue_block_invoke 22 AXRuntime: _handleNonMainThreadCallback 22 AXRuntime: _AXXMIGCopyParameterizedAttributeValue 22 AXRuntime: _XCopyParameterizedAttributeValue 22 AXRuntime: mshMIGPerform 22 CoreFoundation: __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ 22 CoreFoundation: __CFRunLoopDoSource1 22 CoreFoundation: __CFRunLoopRun 22 CoreFoundation: CFRunLoopRunSpecific 22 Foundation: -[NSRunLoop(NSRunLoop) runMode:beforeDate:] 22 Foundation: -[NSRunLoop(NSRunLoop) run] 22 libxpc.dylib: _xpc_objc_main 22 libxpc.dylib: xpc_main 22 WebKit: WebKit::XPCServiceMain(int, char const**) 22 libdyld.dylib: 1680422 3 406617 andresg_22 2020-08-14 13:43:59 -0700 Created attachment 406617 Patch 1680439 4 406617 darin 2020-08-14 14:45:26 -0700 Comment on attachment 406617 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=406617&action=review > Source/WebCore/accessibility/AXObjectCache.cpp:2009 > + if (startPosition.isNull() || endPosition.isNull()) > + return WTF::nullopt; > > auto searchRange = makeSimpleRange(startPosition, endPosition); > if (!searchRange || searchRange->collapsed()) This can’t be correct; it has no effect. When we call makeSimpleRange on start and end, if either is null, then the range returned is nullopt. So the check below this takes care of this case. So this change should have no effect, unless there is something further going on. 1680442 5 darin 2020-08-14 14:54:02 -0700 I am pretty sure this change won’t fix this bug, or any bug. 1680443 6 ews-feeder 2020-08-14 14:55:35 -0700 Committed r265705: <https://trac.webkit.org/changeset/265705> All reviewed patches have been landed. Closing bug and clearing flags on attachment 406617. 1680452 7 cfleizach 2020-08-14 15:04:47 -0700 (In reply to Darin Adler from comment #5) > I am pretty sure this change won’t fix this bug, or any bug. Any other ideas based on crash tracer? 1680456 8 andresg_22 2020-08-14 15:13:14 -0700 Reopening for further investigation based on Darin Adler’s comment. 1680459 9 darin 2020-08-14 15:15:41 -0700 Based on our Apple internal CrashTracer data it looks like this was indeed on a crash on this line of code in this version of the file: https://trac.webkit.org/browser/webkit/tags/Safari-610.1.15.50.3/Source/WebCore/accessibility/AXObjectCache.cpp auto searchRange = SimpleRange { *makeBoundaryPoint(startPosition), *makeBoundaryPoint(endPosition) }; That code assumes startPosition and endPosition can't be null. I fixed the crash in <https://trac.webkit.org/changeset/265044> where I moved to the new null-checking version of makeSimpleRange and added a null check. So this additional change is unnecessary, since the bug was fixed 2 weeks ago. The CrashTracer reports are from before that point. 1680463 10 darin 2020-08-14 15:18:27 -0700 So that means that this patch was harmless, but unnecessary. And I suggest reverting it. Unless there is some branch that diverged before r260544; that branch might benefit form this fix. 1680477 11 darin 2020-08-14 15:35:11 -0700 So ... no rush, but please do revert these unnecessary additional checks at some point. 1680629 12 andresg_22 2020-08-15 10:16:25 -0700 *** This bug has been marked as a duplicate of bug 214882 *** 406617 2020-08-14 13:43:59 -0700 2020-08-14 14:55:35 -0700 Patch bug-215521-20200814164358.patch text/plain 1836 andresg_22 U3VidmVyc2lvbiBSZXZpc2lvbjogMjY1NjY2CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNTBkNzc1MDhiODQwMTIy NmRjZWVlMmI3YTIzODI3NDBiOTVjNWQzZi4uMzRjMzVjMmQzOWVmY2UxMjNiNTFiNjEwOGI1ZWY3 NTBmZWY2N2ZlMiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIwIEBACisyMDIwLTA4LTE0ICBBbmRy ZXMgR29uemFsZXogIDxhbmRyZXNnXzIyQGFwcGxlLmNvbT4KKworICAgICAgICBDcmFzaCBpbiBX ZWJDb3JlOjpBWE9iamVjdENhY2hlOjpyYW5nZU1hdGNoZXNUZXh0TmVhclJhbmdlLgorICAgICAg ICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjE1NTIxCisgICAgICAg IDxyZGFyOi8vcHJvYmxlbS82NDc3MzE3Nz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkg KE9PUFMhKS4KKworICAgICAgICBUaGUgdGVzdCBhY2Nlc3NpYmlsaXR5L2lvcy1zaW11bGF0b3Iv dGV4dC1tYXJrZXItcmFuZ2UtbWF0Y2hlcy10ZXh0Lmh0bWwKKyAgICAgICAgZXhlcmNpc2VzIHRo aXMgY29kZSBwYXRoLCBidXQgZG9lc24ndCByZXByb2R1Y2UgdGhpcyBjcmFzaC4KKworICAgICAg ICBBZGRlZCBhIGNoZWNrIGZvciBudWxsaXR5IG9mIHRoZSBWaXNpYmxlUG9zaXRpb25zIGJlZm9y ZSBjcmVhdGluZyB0aGUKKyAgICAgICAgU2ltcGxlUmFuZ2UuCisKKyAgICAgICAgKiBhY2Nlc3Np YmlsaXR5L0FYT2JqZWN0Q2FjaGUuY3BwOgorICAgICAgICAoV2ViQ29yZTo6QVhPYmplY3RDYWNo ZTo6cmFuZ2VNYXRjaGVzVGV4dE5lYXJSYW5nZSk6CisKIDIwMjAtMDgtMTMgIFNlcmdpbyBWaWxs YXIgU2VuaW4gIDxzdmlsbGFyQGlnYWxpYS5jb20+CiAKICAgICAgICAgW1dlYlhSXSBJbXBsZW1l bnQgV2ViWFJTZXNzaW9uOjp1cGRhdGVSZW5kZXJTdGF0ZSgpCmRpZmYgLS1naXQgYS9Tb3VyY2Uv V2ViQ29yZS9hY2Nlc3NpYmlsaXR5L0FYT2JqZWN0Q2FjaGUuY3BwIGIvU291cmNlL1dlYkNvcmUv YWNjZXNzaWJpbGl0eS9BWE9iamVjdENhY2hlLmNwcAppbmRleCBiMDNjMzAwOTRkMWIyYjJjM2Zk NTAyNDBlNTI2NjU0ZGU1NmU3ZDc3Li40MWI3NGExNzdiZmY3YmU5OGFkMGI1N2E1OTQyOTU3NGIz YWNlNTIzIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9hY2Nlc3NpYmlsaXR5L0FYT2JqZWN0 Q2FjaGUuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL2FjY2Vzc2liaWxpdHkvQVhPYmplY3RDYWNo ZS5jcHAKQEAgLTIwMDIsNiArMjAwMiw4IEBAIE9wdGlvbmFsPFNpbXBsZVJhbmdlPiBBWE9iamVj dENhY2hlOjpyYW5nZU1hdGNoZXNUZXh0TmVhclJhbmdlKGNvbnN0IFNpbXBsZVJhbmdlCiAgICAg ICAgIHN0YXJ0UG9zaXRpb24gPSBmaXJzdFBvc2l0aW9uSW5PckJlZm9yZU5vZGUob3JpZ2luYWxS YW5nZS5zdGFydC5jb250YWluZXIucHRyKCkpOwogICAgIGlmIChlbmRQb3NpdGlvbi5pc051bGwo KSkKICAgICAgICAgZW5kUG9zaXRpb24gPSBsYXN0UG9zaXRpb25Jbk9yQWZ0ZXJOb2RlKG9yaWdp bmFsUmFuZ2UuZW5kLmNvbnRhaW5lci5wdHIoKSk7CisgICAgaWYgKHN0YXJ0UG9zaXRpb24uaXNO dWxsKCkgfHwgZW5kUG9zaXRpb24uaXNOdWxsKCkpCisgICAgICAgIHJldHVybiBXVEY6Om51bGxv cHQ7CiAKICAgICBhdXRvIHNlYXJjaFJhbmdlID0gbWFrZVNpbXBsZVJhbmdlKHN0YXJ0UG9zaXRp b24sIGVuZFBvc2l0aW9uKTsKICAgICBpZiAoIXNlYXJjaFJhbmdlIHx8IHNlYXJjaFJhbmdlLT5j b2xsYXBzZWQoKSkK