234377 2021-12-15 18:28:37 -0800 Fix for crash in AXIsolatedObject::textMarkerRangeForNSRange. 2021-12-15 23:09:34 -0800 1 1 1 Unclassified WebKit Accessibility WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 andresg_22 andresg_22 aboxhall andresg_22 apinheiro cfleizach dmazzoni ews-watchlist jcraig jdiggs samuel_white webkit-bug-importer oldest_to_newest 1824633 0 andresg_22 2021-12-15 18:28:37 -0800 Fix for crash in AXIsolatedObject::textMarkerRangeForNSRange. 1824634 1 webkit-bug-importer 2021-12-15 18:28:49 -0800 <rdar://problem/86553198> 1824637 2 447310 andresg_22 2021-12-15 18:38:46 -0800 Created attachment 447310 Patch 1824644 3 andresg_22 2021-12-15 19:01:01 -0800 This is the relevant stack trace: {"symbol":"WTF::RetainPtr<objc_object*>::RetainPtr(objc_object*)","inline":true,"imageIndex":3,"imageOffset":74867,"symbolLocation":13,"sourceLine":181,"sourceFile":"RetainPtr.h"},{"symbol":"WTF::RetainPtr<objc_object*>::operator=(objc_object*)","inline":true,"imageIndex":3,"imageOffset":74867,"symbolLocation":13,"sourceLine":245,"sourceFile":"RetainPtr.h"},{"symbol":"WTR::AccessibilityUIElement::attributeValueForParameter(NSString*, objc_object*) const::$_3::operator()() const","inline":true,"imageIndex":3,"imageOffset":74867,"symbolLocation":51,"sourceLine":329,"sourceFile":"AccessibilityUIElementMac.mm"},{"imageOffset":74867,"sourceLine":53,"sourceFile":"Function.h","symbol":"WTF::Detail::CallableWrapper<WTR::AccessibilityUIElement::attributeValueForParameter(NSString*, objc_object*) const::$_3, void>::call()","imageIndex":3,"symbolLocation":65},{"symbol":"WTF::Function<void ()>::operator()() const","inline":true,"imageIndex":3,"imageOffset":21002,"symbolLocation":9,"sourceLine":82,"sourceFile":"Function.h"},{"symbol":"WTR::AccessibilityController::executeOnAXThreadAndWait(WTF::Function<void ()>&&)::$_0::operator()() const","inline":true,"imageIndex":3,"imageOffset":21002,"symbolLocation":13,"sourceLine":107,"sourceFile":"AccessibilityController.cpp"},{"imageOffset":21002,"sourceLine":53,"sourceFile":"Function.h","symbol":"WTF::Detail::CallableWrapper<WTR::AccessibilityController::executeOnAXThreadAndWait(WTF::Function<void ()>&&)::$_0, void>::call()","imageIndex":3,"symbolLocation":22},{"symbol":"WTF::Function<void ()>::operator()() const","inline":true,"imageIndex":3,"imageOffset":20914,"symbolLocation":10,"sourceLine":82,"sourceFile":"Function.h"},{"imageOffset":20914,"sourceLine":234,"sourceFile":"AccessibilityController.cpp","symbol":"WTR::AXThread::dispatchFunctionsFromAXThread()","imageIndex":3,"symbolLocation":118},{"symbol":"WTR::AXThread::threadRunLoopSourceCallback()","inline":true,"imageIndex":3,"imageOffset":23562,"symbolLocation":16,"sourceLine":178,"sourceFile":"AccessibilityControllerMac.mm"},{"imageOffset":23562,"sourceLine":172,"sourceFile":"AccessibilityControllerMac.mm","symbol":"WTR::AXThread::threadRunLoopSourceCallback(void*)","imageIndex":3,"symbolLocation":26},{"imageOffset":524123,"symbol":"__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__","symbolLocation":17,"imageIndex":2},{"imageOffset":523971,"symbol":"__CFRunLoopDoSource0","symbolLocation":180,"imageIndex":2},{"imageOffset":523325,"symbol":"__CFRunLoopDoSources0","symbolLocation":242,"imageIndex":2},{"imageOffset":517720,"symbol":"__CFRunLoopRun","symbolLocation":892,"imageIndex":2},{"imageOffset":515100,"symbol":"CFRunLoopRunSpecific","symbolLocation":562,"imageIndex":2},{"imageOffset":1072395,"symbol":"CFRunLoopRun","symbolLocation":40,"imageIndex":2},{"imageOffset":23466,"sourceLine":161,"sourceFile":"AccessibilityControllerMac.mm","symbol":"WTR::AXThread::initializeRunLoop()","imageIndex":3,"symbolLocation":212},{"symbol":"WTF::Function<void ()>::operator()() const","inline":true,"imageIndex":4,"imageOffset":388829,"symbolLocation":9,"sourceLine":82,"sourceFile":"Function.h"},{"imageOffset":388829,"sourceLine":191,"sourceFile":"Threading.cpp","symbol":"WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*)","imageIndex":4,"symbolLocation":125},{"imageOffset":398297,"sourceLine":244,"sourceFile":"ThreadingPOSIX.cpp","symbol":"WTF::wtfThreadEntryPoint(void*)","imageIndex":4,"symbolLocation":9},{"imageOffset":25788,"symbol":"_pthread_start","symbolLocation":120,"imageIndex":10},{"imageOffset":7871,"symbol":"thread_start","symbolLocation":15,"imageIndex":10}]}], 1824694 4 ews-feeder 2021-12-15 23:09:31 -0800 Committed r287126 (245310@main): <https://commits.webkit.org/245310@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 447310. 447310 2021-12-15 18:38:46 -0800 2021-12-15 23:09:32 -0800 Patch bug-234377-20211215213844.patch text/plain 2086 andresg_22 U3VidmVyc2lvbiBSZXZpc2lvbjogMjg2ODQ5CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggYzBjOTg2ZDgyNjE5Y2I4 MjlkNmUyYjY4NTI4ZWZkZWY5YTliZjZhYi4uODkwNjI1NTNhOTQyN2IxNjQ1OWYxMWQyMDI5Zjcw YzkzMjFkYTNhNyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIwIEBACisyMDIxLTEyLTE1ICBBbmRy ZXMgR29uemFsZXogIDxhbmRyZXNnXzIyQGFwcGxlLmNvbT4KKworICAgICAgICBGaXggZm9yIGNy YXNoIGluIEFYSXNvbGF0ZWRPYmplY3Q6OnRleHRNYXJrZXJSYW5nZUZvck5TUmFuZ2UuCisgICAg ICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0yMzQzNzcKKyAgICAg ICAgPHJkYXI6Ly9wcm9ibGVtLzg2NTUzMTk4PgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9E WSAoT09QUyEpLgorCisgICAgICAgIENvdmVyZWQgYnkgYWNjZXNzaWJpbGl0eS9tYWMvdGV4dG1h cmtlci1yYW5nZS1mb3ItcmFuZ2UuaHRtbC4KKworICAgICAgICBBWElzb2xhdGVkT2JqZWN0Ojp0 ZXh0TWFya2VyUmFuZ2VGb3JOU1JhbmdlIG5lZWRzIHRvIGF1dG9yZWxlYXNlIHRoZQorICAgICAg ICBvYmplY3QgcmV0cmlldmVkIGZyb20gdGhlIG1haW4gdGhyZWFkLiBUaGlzIHdhcyBjYXVzaW5n IGludGVybWl0dGVudAorICAgICAgICBjcmFzaGVzIHdoZW4gYWNjZXNzaW5nIHRoZSByZXR1cm4g dmFsdWUgb2ZmIG9mIHRoZSBtYWluIHRocmVhZC4KKworICAgICAgICAqIGFjY2Vzc2liaWxpdHkv aXNvbGF0ZWR0cmVlL21hYy9BWElzb2xhdGVkT2JqZWN0TWFjLm1tOgorICAgICAgICAoV2ViQ29y ZTo6QVhJc29sYXRlZE9iamVjdDo6dGV4dE1hcmtlclJhbmdlRm9yTlNSYW5nZSBjb25zdCk6CisK IDIwMjEtMTItMTAgIEFsYW4gQnVqdGFzICA8emFsYW5AYXBwbGUuY29tPgogCiAgICAgICAgIFtM RkNdW0lGQ10gRW5hYmxlIGJpZGkgaGFuZGxpbmcgZm9yIGNvbnRlbnQgd2l0aCBpbmxpbmUgYm94 ZXMKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL2FjY2Vzc2liaWxpdHkvaXNvbGF0ZWR0cmVl L21hYy9BWElzb2xhdGVkT2JqZWN0TWFjLm1tIGIvU291cmNlL1dlYkNvcmUvYWNjZXNzaWJpbGl0 eS9pc29sYXRlZHRyZWUvbWFjL0FYSXNvbGF0ZWRPYmplY3RNYWMubW0KaW5kZXggMzFkMjczNjQ1 NjhiYTYyYzFhMzc1ZjU1YTQ4MTc2MGY0M2M3Y2ZjMy4uMmUyYjFlMDQ4YjYwNzEzZTc4OTRmNjU3 NTM3OGExNWU5MmYzNTE4ZSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvYWNjZXNzaWJpbGl0 eS9pc29sYXRlZHRyZWUvbWFjL0FYSXNvbGF0ZWRPYmplY3RNYWMubW0KKysrIGIvU291cmNlL1dl YkNvcmUvYWNjZXNzaWJpbGl0eS9pc29sYXRlZHRyZWUvbWFjL0FYSXNvbGF0ZWRPYmplY3RNYWMu bW0KQEAgLTgwLDcgKzgwLDcgQEAgdm9pZCBBWElzb2xhdGVkT2JqZWN0OjpkZXRhY2hQbGF0Zm9y bVdyYXBwZXIoQWNjZXNzaWJpbGl0eURldGFjaG1lbnRUeXBlIGRldGFjaG0KIAogQVhUZXh0TWFy a2VyUmFuZ2VSZWYgQVhJc29sYXRlZE9iamVjdDo6dGV4dE1hcmtlclJhbmdlRm9yTlNSYW5nZShj b25zdCBOU1JhbmdlJiByYW5nZSkgY29uc3QKIHsKLSAgICByZXR1cm4gQWNjZXNzaWJpbGl0eTo6 cmV0cmlldmVWYWx1ZUZyb21NYWluVGhyZWFkPEFYVGV4dE1hcmtlclJhbmdlUmVmPihbJnJhbmdl LCB0aGlzXSAoKSAtPiBBWFRleHRNYXJrZXJSYW5nZVJlZiB7CisgICAgcmV0dXJuIEFjY2Vzc2li aWxpdHk6OnJldHJpZXZlQXV0b3JlbGVhc2VkVmFsdWVGcm9tTWFpblRocmVhZDxBWFRleHRNYXJr ZXJSYW5nZVJlZj4oWyZyYW5nZSwgdGhpc10gKCkgLT4gUmV0YWluUHRyPEFYVGV4dE1hcmtlclJh bmdlUmVmPiB7CiAgICAgICAgIGF1dG8qIGF4T2JqZWN0ID0gYXNzb2NpYXRlZEFYT2JqZWN0KCk7 CiAgICAgICAgIHJldHVybiBheE9iamVjdCA/IGF4T2JqZWN0LT50ZXh0TWFya2VyUmFuZ2VGb3JO U1JhbmdlKHJhbmdlKSA6IG51bGxwdHI7CiAgICAgfSk7Cg==