219168 2020-11-19 11:03:13 -0800 Fix for crash in Accessibility::performFunctionOnMainThread. 2020-11-19 11:53:17 -0800 1 1 1 Unclassified WebKit New Bugs WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 andresg_22 andresg_22 aboxhall apinheiro cfleizach dmazzoni ews-watchlist jcraig jdiggs samuel_white webkit-bug-importer oldest_to_newest 1709183 0 andresg_22 2020-11-19 11:03:13 -0800 Fix for crash in Accessibility::performFunctionOnMainThread. 1709187 1 414602 andresg_22 2020-11-19 11:13:32 -0800 Created attachment 414602 Patch 1709195 2 andresg_22 2020-11-19 11:21:29 -0800 Crash stack trace: (lldb) bt * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) * frame #0: 0x00000001d8df58af WebCore`WTF::KeyValuePair<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > >* WTF::HashTable<unsigned long, WTF::KeyValuePair<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >, WTF::DefaultHash<unsigned long>, WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::KeyValuePairTraits, WTF::HashTraits<unsigned long> >::inlineLookup<WTF::HashMapTranslatorAdapter<WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::KeyValuePairTraits, WTF::IdentityHashTranslator<WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::KeyValuePairTraits, WTF::DefaultHash<unsigned long> > >, unsigned long>(this=0x88c4ec9000008017, key=0x00007ffee37d86f0) at HashTable.h:673:28 frame #1: 0x00000001d8df582d WebCore`WTF::KeyValuePair<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > >* WTF::HashTable<unsigned long, WTF::KeyValuePair<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >, WTF::DefaultHash<unsigned long>, WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::KeyValuePairTraits, WTF::HashTraits<unsigned long> >::lookup<WTF::HashMapTranslatorAdapter<WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::KeyValuePairTraits, WTF::IdentityHashTranslator<WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::KeyValuePairTraits, WTF::DefaultHash<unsigned long> > >, unsigned long>(this=0x88c4ec9000008017, key=0x00007ffee37d86f0) at HashTable.h:663:16 frame #2: 0x00000001d8df57bd WebCore`WebCore::AccessibilityObject* WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::get<WTF::IdentityHashTranslator<WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::KeyValuePairTraits, WTF::DefaultHash<unsigned long> >, unsigned long>(this=0x88c4ec9000008017, value=0x00007ffee37d86f0) const at HashMap.h:321:63 frame #3: 0x00000001d8dcfa6d WebCore`WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::get(this=0x88c4ec9000008017, key=0x00007ffee37d86f0) const at HashMap.h:436:12 frame #4: 0x00000001d8e17ba6 WebCore`WebCore::AXObjectCache::objectFromAXID(this=0x88c4ec9000007fff, id=140735487809992) const at AXObjectCache.h:222:75 frame #5: 0x00000001d8e99c7d WebCore`WebCore::AXIsolatedObject::associatedAXObject(this=0x00007fff886293a0) const at AXIsolatedObject.h:87:55 frame #6: 0x00000001d8ed4bd8 WebCore`WebCore::AXIsolatedObject::scrollToMakeVisible(this=0x00007000032efe00) const::$_17::operator()() const at AXIsolatedObject.cpp:659:29 frame #7: 0x00000001d8ed4f28 WebCore`void WebCore::Accessibility::performFunctionOnMainThread<WebCore::AXIsolatedObject::scrollToMakeVisible() const::$_17>(this=0x0000000203f60698) const::$_17&&)::'lambda'()::operator()() const at AccessibilityObjectInterface.h:1563:9 frame #8: 0x00000001d8ed4ede WebCore`WTF::Detail::CallableWrapper<void WebCore::Accessibility::performFunctionOnMainThread<WebCore::AXIsolatedObject::scrollToMakeVisible() const::$_17>(WebCore::AXIsolatedObject::scrollToMakeVisible() const::$_17&&)::'lambda'(), void>::call(this=0x0000000203f60690) at Function.h:52:39 frame #9: 0x00000001f51b8f82 JavaScriptCore`WTF::Function<void ()>::operator(this=0x00007ffee37d87e8)() const at Function.h:83:35 frame #10: 0x00000001f522dd75 JavaScriptCore`WTF::RunLoop::performWork(this=0x00000001fc6fb080) at RunLoop.cpp:123:9 frame #11: 0x00000001f5231561 JavaScriptCore`WTF::RunLoop::performWork(context=0x00000001fc6fb080) at RunLoopCF.cpp:46:37 frame #12: 0x00007fff205ea9fc CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 frame #13: 0x00007fff205ea964 CoreFoundation`__CFRunLoopDoSource0 + 180 frame #14: 0x00007fff205ea6df CoreFoundation`__CFRunLoopDoSources0 + 248 frame #15: 0x00007fff205e9111 CoreFoundation`__CFRunLoopRun + 890 frame #16: 0x00007fff205e86be CoreFoundation`CFRunLoopRunSpecific + 563 frame #17: 0x00007fff21372fa1 Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 frame #18: 0x00007fff21401384 Foundation`-[NSRunLoop(NSRunLoop) run] + 76 frame #19: 0x00007fff202413dd libxpc.dylib`_xpc_objc_main + 825 frame #20: 0x00007fff20240e65 libxpc.dylib`xpc_main + 437 frame #21: 0x00000001c8ae636c WebKit`WebKit::XPCServiceMain(argc=1, argv=0x00007ffee37d99c8) at XPCServiceMain.mm:208:5 frame #22: 0x00000001c9f3de3b WebKit`WKXPCServiceMain(argc=1, argv=0x00007ffee37d99c8) at WKMain.mm:33:12 frame #23: 0x000000010c429ea2 com.apple.WebKit.WebContent.Development`main(argc=1, argv=0x00007ffee37d99c8) at AuxiliaryProcessMain.cpp:30:12 frame #24: 0x00007fff2050d591 libdyld.dylib`start + 1 frame #25: 0x00007fff2050d591 libdyld.dylib`start + 1 (lldb) 1709214 3 ews-feeder 2020-11-19 11:52:21 -0800 Committed r270041: <https://trac.webkit.org/changeset/270041> All reviewed patches have been landed. Closing bug and clearing flags on attachment 414602. 1709215 4 webkit-bug-importer 2020-11-19 11:53:17 -0800 <rdar://problem/71595779> 414602 2020-11-19 11:13:32 -0800 2020-11-19 11:52:22 -0800 Patch bug-219168-20201119141330.patch text/plain 1734 andresg_22 U3VidmVyc2lvbiBSZXZpc2lvbjogMjY5OTM2CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggY2FiZmQ2YzZlYjU2ZmU2 OTYzZjE3NTJlY2I1ZTIxYmE1OTUwMzY2ZS4uOGRhNmQ5NTE4YTE1MzI5NDIzZmIwOTllM2FhNDk2 YzhiYzIyOGFmMSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE4IEBACisyMDIwLTExLTE5ICBBbmRy ZXMgR29uemFsZXogIDxhbmRyZXNnXzIyQGFwcGxlLmNvbT4KKworICAgICAgICBGaXggZm9yIGNy YXNoIGluIEFjY2Vzc2liaWxpdHk6OnBlcmZvcm1GdW5jdGlvbk9uTWFpblRocmVhZC4KKyAgICAg ICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIxOTE2OAorCisgICAg ICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEFYSXNvbGF0ZWRPYmpl Y3Q6OnBlcmZvcm1GdW5jdGlvbk9uTWFpblRocmVhZCBjYXB0dXJlcyB0aGUgdGhpcyBwb2ludGVy CisgICAgICAgIHRvIGJlIGFjY2Vzc2VkIG9uIHRoZSBtYWluIHRocmVhZC4gQnV0IHNpbmNlIHRo ZSBzYW1lIG9iamVjdCBjYW4gYmUKKyAgICAgICAgYWNjZXNzZWQgY29uY3VycmVudGx5IG9uIHRo ZSBBWCB0aHJlYWQsIEFjY2Vzc2liaWxpdHk6OnBlcmZvcm1GdW5jdGlvbk9uTWFpblRocmVhZAor ICAgICAgICBtdXN0IGJlIGJsb2NraW5nIGV2ZW4gdGhvdWdoIHRoZSBjYWxsZXIgZG9lc24ndCBl eHBlY3QgYSByZXR1cm4gdmFsdWUuCisKKyAgICAgICAgKiBhY2Nlc3NpYmlsaXR5L0FjY2Vzc2li aWxpdHlPYmplY3RJbnRlcmZhY2UuaDoKKyAgICAgICAgKFdlYkNvcmU6OkFjY2Vzc2liaWxpdHk6 OnBlcmZvcm1GdW5jdGlvbk9uTWFpblRocmVhZCk6CisKIDIwMjAtMTEtMTcgIEZ1amlpIEhpcm9u b3JpICA8SGlyb25vcmkuRnVqaWlAc29ueS5jb20+CiAKICAgICAgICAgVXNlIFNldEZvclNjb3Bl IHRvIHRlbXBvcmFyaWx5IGNoYW5nZSBtZW1iZXJzIG9mIFRleHR1cmVNYXBwZXJQYWludE9wdGlv bnMgaW5zdGVhZCBvZiBjb3B5aW5nIGFsbCBtZW1iZXJzCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2Vi Q29yZS9hY2Nlc3NpYmlsaXR5L0FjY2Vzc2liaWxpdHlPYmplY3RJbnRlcmZhY2UuaCBiL1NvdXJj ZS9XZWJDb3JlL2FjY2Vzc2liaWxpdHkvQWNjZXNzaWJpbGl0eU9iamVjdEludGVyZmFjZS5oCmlu ZGV4IDI0MTE2YTg3YzJiZmRhYjI2ZWIwOTZmOWI0M2QyMzQ5ZDIzN2RiN2MuLmYwY2Q0ZjU3YjQx NzhlNTQxYzgyOWJkNGU1YTNjNDk3ODg1ZWM2M2IgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3Jl L2FjY2Vzc2liaWxpdHkvQWNjZXNzaWJpbGl0eU9iamVjdEludGVyZmFjZS5oCisrKyBiL1NvdXJj ZS9XZWJDb3JlL2FjY2Vzc2liaWxpdHkvQWNjZXNzaWJpbGl0eU9iamVjdEludGVyZmFjZS5oCkBA IC0xNTU5LDcgKzE1NTksNyBAQCB0ZW1wbGF0ZTx0eXBlbmFtZSBVPiBpbmxpbmUgdm9pZCBwZXJm b3JtRnVuY3Rpb25Pbk1haW5UaHJlYWQoVSYmIGxhbWJkYSkKICAgICBpZiAoaXNNYWluVGhyZWFk KCkpCiAgICAgICAgIHJldHVybiBsYW1iZGEoKTsKIAotICAgIGNhbGxPbk1haW5UaHJlYWQoWyZs YW1iZGFdIHsKKyAgICBjYWxsT25NYWluVGhyZWFkQW5kV2FpdChbJmxhbWJkYV0gewogICAgICAg ICBsYW1iZGEoKTsKICAgICB9KTsKIH0K