96443 2012-09-11 16:04:16 -0700 AX: Crashes in WebProcess at com.apple.WebCore: -[AccessibilityObjectWrapper remoteAccessibilityParentObject] + 78 2012-10-18 18:06:18 -0700 1 1 1 Unclassified WebKit Accessibility 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 cfleizach cfleizach bdakin dmazzoni webkit.review.bot oldest_to_newest 717665 0 cfleizach 2012-09-11 16:04:16 -0700 > 1 com.apple.WebCore 0x7fff900a5e6e -[AccessibilityObjectWrapper remoteAccessibilityParentObject] + 0x4e 2 com.apple.WebCore 0x7fff9005f9af -[AccessibilityObjectWrapper scrollViewParent] + 0x7f 3 com.apple.WebCore 0x7fff9003023d -[AccessibilityObjectWrapper accessibilityAttributeValue:] + 0xcd 4 com.apple.AppKit 0x7fff8ec7b26d -[NSObject(NSRemoteUIElementAccessibility) accessibilityPresenterProcessIdentifier] + 0x7a 5 com.apple.AppKit 0x7fff8e6b5bb9 NSAccessibilityCreateAXUIElementRef + 0x36a 6 com.apple.AppKit 0x7fff8e6b611b ConvertOutgoingValue + 0x50e 7 com.apple.AppKit 0x7fff8e6b5caf ConvertOutgoingValue + 0xa2 8 com.apple.AppKit 0x7fff8e6b630d ConvertOutgoingValueForAttribute + 0x1bd 9 com.apple.AppKit 0x7fff8e6b6360 CopyAppKitUIElementAttributeValueNoCatch + 0x48 10 com.apple.AppKit 0x7fff8e6b3d51 CopyAttributeValue + 0x13c 11 com.apple.HIServices 0x7fff8b0c956f _AXXMIGCopyAttributeValue + 0xe1 12 com.apple.HIServices 0x7fff8b0d2876 _XCopyAttributeValue + 0x26b 13 com.apple.HIServices 0x7fff8b0ae182 mshMIGPerform + 0x234 14 com.apple.CoreFoundation 0x7fff887e3abc __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ + 0x2c 15 com.apple.CoreFoundation 0x7fff887e37eb __CFRunLoopDoSource1 + 0x9b 16 com.apple.CoreFoundation 0x7fff88819f27 __CFRunLoopRun + 0x767 17 com.apple.CoreFoundation 0x7fff88819486 CFRunLoopRunSpecific + 0xe6 18 com.apple.HIToolbox 0x7fff876c44d3 RunCurrentEventLoopInMode + 0x115 19 com.apple.HIToolbox 0x7fff876cb781 ReceiveNextEventCommon + 0x163 20 com.apple.HIToolbox 0x7fff876cb60e BlockUntilNextEventMatchingListInMode + 0x3e 21 com.apple.AppKit 0x7fff8e41be31 _DPSNextEvent + 0x293 22 com.apple.AppKit 0x7fff8e41b735 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 0x87 23 com.apple.AppKit 0x7fff8e418071 -[NSApplication run] + 0x1d6 24 com.apple.WebKit2 0x7fff84b5963b WebKit::WebProcessMain(WebKit::CommandLine const&) + 0x229 25 com.apple.WebKit2 0x7fff84b3fc30 WebKitMain + 0x110 26 com.apple.WebProcess 0x109d9ce56 main + 0x0 (/SourceCache/WebKit2/WebKit2-7534.53.1/mac/MainMac.cpp:68) 27 com.apple.WebProcess 0x109d9cd64 start + 0x0 717669 1 cfleizach 2012-09-11 16:05:08 -0700 It appears that in RemoteAXObjectRef WebFrameLoaderClient::accessibilityRemoteObject() we are not checking whether the page is nil 717683 2 163471 cfleizach 2012-09-11 16:10:11 -0700 Created attachment 163471 patch for landing 717684 3 163471 cfleizach 2012-09-11 16:11:02 -0700 Comment on attachment 163471 patch for landing View in context: https://bugs.webkit.org/attachment.cgi?id=163471&action=review > Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapper.mm:1393 > + Document* document = m_object->document(); I wanted to separate these calls out so 1) we don't end up calling document() three times. 2) If the crash is actually in this method (which I don't think is the case), it will be easier to determine which line 717688 4 cfleizach 2012-09-11 16:13:25 -0700 rdar://11638298 745810 5 163471 cfleizach 2012-10-18 17:55:33 -0700 Comment on attachment 163471 patch for landing thanks! 745823 6 163471 webkit.review.bot 2012-10-18 18:06:15 -0700 Comment on attachment 163471 patch for landing Clearing flags on attachment: 163471 Committed r131834: <http://trac.webkit.org/changeset/131834> 745824 7 webkit.review.bot 2012-10-18 18:06:18 -0700 All reviewed patches have been landed. Closing bug. 163471 2012-09-11 16:10:11 -0700 2012-10-18 18:06:15 -0700 patch for landing p text/plain 3361 cfleizach SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDEyODIzNCkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE2IEBACisyMDEyLTA5LTExICBDaHJpcyBG bGVpemFjaCAgPGNmbGVpemFjaEBhcHBsZS5jb20+CisKKyAgICAgICAgQVg6IENyYXNoZXMgaW4g V2ViUHJvY2VzcyBhdCBjb20uYXBwbGUuV2ViQ29yZTogLVtBY2Nlc3NpYmlsaXR5T2JqZWN0V3Jh cHBlciByZW1vdGVBY2Nlc3NpYmlsaXR5UGFyZW50T2JqZWN0XSArIDc4CisgICAgICAgIGh0dHBz Oi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD05NjQ0MworCisgICAgICAgIFJldmll d2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFNlcGFyYXRlIG91dCB0aGUgY2hhaW4g b2YgY2FsbHMgc28gdGhhdCB0aGUgbnVtYmVyIG9mIHRpbWVzIGRvY3VtZW50KCkgaXMgY2FsbGVk IGlzIHJlZHVjZWQgYW5kIGl0IHdpbGwgYmUgZWFzaWVyCisgICAgICAgIHRvIGRldGVybWluZSB3 aGljaCBsaW5lIHRoaXMgY3Jhc2ggaXMgaGFwcGVuaW5nIG9uLgorCisgICAgICAgICogYWNjZXNz aWJpbGl0eS9tYWMvV2ViQWNjZXNzaWJpbGl0eU9iamVjdFdyYXBwZXIubW06CisgICAgICAgICgt W1dlYkFjY2Vzc2liaWxpdHlPYmplY3RXcmFwcGVyIHJlbW90ZUFjY2Vzc2liaWxpdHlQYXJlbnRP YmplY3RdKToKKwogMjAxMi0wOS0xMSAgTWF0dCBMaWxlayAgPG1ybEBhcHBsZS5jb20+CiAKICAg ICAgICAgT1MgWCBwb3J0IHNob3VsZCBjb21waWxlIHdpdGggbmV3ZXIgdmVyc2lvbnMgb2YgY2xh bmcKSW5kZXg6IFNvdXJjZS9XZWJDb3JlL2FjY2Vzc2liaWxpdHkvbWFjL1dlYkFjY2Vzc2liaWxp dHlPYmplY3RXcmFwcGVyLm1tCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL2FjY2Vzc2li aWxpdHkvbWFjL1dlYkFjY2Vzc2liaWxpdHlPYmplY3RXcmFwcGVyLm1tCShyZXZpc2lvbiAxMjgy MjYpCisrKyBTb3VyY2UvV2ViQ29yZS9hY2Nlc3NpYmlsaXR5L21hYy9XZWJBY2Nlc3NpYmlsaXR5 T2JqZWN0V3JhcHBlci5tbQkod29ya2luZyBjb3B5KQpAQCAtMTM4NywxMCArMTM4NywxOCBAQAog CiAtIChpZClyZW1vdGVBY2Nlc3NpYmlsaXR5UGFyZW50T2JqZWN0CiB7Ci0gICAgaWYgKCFtX29i amVjdCB8fCAhbV9vYmplY3QtPmRvY3VtZW50KCkgfHwgIW1fb2JqZWN0LT5kb2N1bWVudCgpLT5m cmFtZSgpKQorICAgIGlmICghbV9vYmplY3QpCiAgICAgICAgIHJldHVybiBuaWw7CiAgICAgCi0g ICAgcmV0dXJuIG1fb2JqZWN0LT5kb2N1bWVudCgpLT5mcmFtZSgpLT5sb2FkZXIoKS0+Y2xpZW50 KCktPmFjY2Vzc2liaWxpdHlSZW1vdGVPYmplY3QoKTsKKyAgICBEb2N1bWVudCogZG9jdW1lbnQg PSBtX29iamVjdC0+ZG9jdW1lbnQoKTsKKyAgICBpZiAoIWRvY3VtZW50KQorICAgICAgICByZXR1 cm4gbmlsOworICAgIAorICAgIEZyYW1lKiBmcmFtZSA9IGRvY3VtZW50LT5mcmFtZSgpOworICAg IGlmICghZnJhbWUpCisgICAgICAgIHJldHVybiBuaWw7CisgICAgCisgICAgcmV0dXJuIGZyYW1l LT5sb2FkZXIoKS0+Y2xpZW50KCktPmFjY2Vzc2liaWxpdHlSZW1vdGVPYmplY3QoKTsKIH0KIAog c3RhdGljIHZvaWQgY29udmVydFRvVmVjdG9yKE5TQXJyYXkqIGFycmF5LCBBY2Nlc3NpYmlsaXR5 T2JqZWN0OjpBY2Nlc3NpYmlsaXR5Q2hpbGRyZW5WZWN0b3ImIHZlY3RvcikKSW5kZXg6IFNvdXJj ZS9XZWJLaXQyL1dlYlByb2Nlc3MvV2ViQ29yZVN1cHBvcnQvV2ViRnJhbWVMb2FkZXJDbGllbnQu Y3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvV2ViQ29yZVN1cHBv cnQvV2ViRnJhbWVMb2FkZXJDbGllbnQuY3BwCShyZXZpc2lvbiAxMjgxOTkpCisrKyBTb3VyY2Uv V2ViS2l0Mi9XZWJQcm9jZXNzL1dlYkNvcmVTdXBwb3J0L1dlYkZyYW1lTG9hZGVyQ2xpZW50LmNw cAkod29ya2luZyBjb3B5KQpAQCAtMTUyMyw3ICsxNTIzLDExIEBACiAgICAgCiBSZW1vdGVBWE9i amVjdFJlZiBXZWJGcmFtZUxvYWRlckNsaWVudDo6YWNjZXNzaWJpbGl0eVJlbW90ZU9iamVjdCgp IAogewotICAgIHJldHVybiBtX2ZyYW1lLT5wYWdlKCktPmFjY2Vzc2liaWxpdHlSZW1vdGVPYmpl Y3QoKTsKKyAgICBXZWJQYWdlKiB3ZWJQYWdlID0gbV9mcmFtZS0+cGFnZSgpOworICAgIGlmICgh d2ViUGFnZSkKKyAgICAgICAgcmV0dXJuIDA7CisgICAgCisgICAgcmV0dXJuIHdlYlBhZ2UtPmFj Y2Vzc2liaWxpdHlSZW1vdGVPYmplY3QoKTsKIH0KICAgICAKICNpZiBFTkFCTEUoTUFDX0pBVkFf QlJJREdFKQpJbmRleDogU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwkocmV2aXNpb24gMTI4MjM0KQorKysgU291cmNlL1dlYktp dDIvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTUgQEAKKzIwMTItMDktMTEg IENocmlzIEZsZWl6YWNoICA8Y2ZsZWl6YWNoQGFwcGxlLmNvbT4KKworICAgICAgICBBWDogQ3Jh c2hlcyBpbiBXZWJQcm9jZXNzIGF0IGNvbS5hcHBsZS5XZWJDb3JlOiAtW0FjY2Vzc2liaWxpdHlP YmplY3RXcmFwcGVyIHJlbW90ZUFjY2Vzc2liaWxpdHlQYXJlbnRPYmplY3RdICsgNzgKKyAgICAg ICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTk2NDQzCisKKyAgICAg ICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgSXQgYXBwZWFycyB0aGF0 IHRoZSBjcmFzaCBpcyBkdWUgdG8gbm90IGNoZWNraW5nIHdoZXRoZXIgdGhlIHBhZ2Ugb2JqZWN0 IGlzIG51bGwuIAorCisgICAgICAgICogV2ViUHJvY2Vzcy9XZWJDb3JlU3VwcG9ydC9XZWJGcmFt ZUxvYWRlckNsaWVudC5jcHA6CisgICAgICAgIChXZWJLaXQ6OldlYkZyYW1lTG9hZGVyQ2xpZW50 OjphY2Nlc3NpYmlsaXR5UmVtb3RlT2JqZWN0KToKKwogMjAxMi0wOS0xMSAgTWFyY2VsbyBMaXJh ICA8bWFyY2Vsby5saXJhQG9wZW5ib3NzYS5vcmc+CiAKICAgICAgICAgUmVzdG9yZSBvcmlnaW5h bCB2YWx1ZSBvZiBtb2NrIHNjcm9sbGJhcnMgZW5hYmxlZCBpbiBJbnRlcm5hbFNldHRpbmdzCg==