Bug 125042

Summary: AX: Crash at WebCore::commonTreeScope
Product: WebKit Reporter: chris fleizach <cfleizach>
Component: AccessibilityAssignee: chris fleizach <cfleizach>
Status: RESOLVED FIXED    
Severity: Normal CC: aboxhall, apinheiro, commit-queue, dmazzoni, esprehn+autocc, jcraig, jdiggs, kangil.han, mario, samuel_white, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
patch none

Description chris fleizach 2013-11-30 23:11:13 PST 
It's possible to crash at

* thread #1: tid = 0x1fd7d3, 0x0000000108e0101a JavaScriptCore`WTFCrash + 42 at Assertions.cpp:341, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef)
    frame #0: 0x0000000108e0101a JavaScriptCore`WTFCrash + 42 at Assertions.cpp:341
    frame #1: 0x0000000109c74999 WebCore`WTF::CrashOnOverflow::overflowed() + 9 at CheckedArithmetic.h:80
    frame #2: 0x000000010b7595ff WebCore`WTF::Vector<WebCore::TreeScope*, 5ul, WTF::CrashOnOverflow>::at(this=0x00007fff5ca13a10, i=1) + 79 at Vector.h:584
    frame #3: 0x000000010b75956d WebCore`WTF::Vector<WebCore::TreeScope*, 5ul, WTF::CrashOnOverflow>::operator[](this=0x00007fff5ca13a10, i=1) + 29 at Vector.h:604
    frame #4: 0x000000010b758983 WebCore`WebCore::commonTreeScope(nodeA=0x00007f8168ed9c30, nodeB=0x00007f816ba594f0) + 419 at TreeScope.cpp:428
    frame #5: 0x000000010a5b6d45 WebCore`WebCore::comparePositions(a=0x00007fff5ca13d00, b=0x00007fff5ca13d10) + 53 at htmlediting.cpp:71
    frame #6: 0x000000010b773c10 WebCore`WebCore::VisibleSelection::setBaseAndExtentToDeepEquivalents(this=0x00007fff5ca13d00) + 560 at VisibleSelection.cpp:268
    frame #7: 0x000000010b77286c WebCore`WebCore::VisibleSelection::validate(this=0x00007fff5ca13d00, granularity=CharacterGranularity) + 28 at VisibleSelection.cpp:413
    frame #8: 0x000000010b772c24 WebCore`WebCore::VisibleSelection::VisibleSelection(this=0x00007fff5ca13d00, base=0x00007fff5ca15068, extent=0x00007fff5ca15050, isDirectional=false) + 164 at VisibleSelection.cpp:83
    frame #9: 0x000000010b772b74 WebCore`WebCore::VisibleSelection::VisibleSelection(this=0x00007fff5ca13d00, base=0x00007fff5ca15068, extent=0x00007fff5ca15050, isDirectional=false) + 52 at VisibleSelection.cpp:84
    frame #10: 0x0000000109c45e85 WebCore`WebCore::AccessibilityObject::visiblePositionRangeForUnorderedPositions(this=0x00007f816bc015b0, visiblePos1=0x00007fff5ca15068, visiblePos2=0x00007fff5ca15050) const + 197 at AccessibilityObject.cpp:662
    frame #11: 0x000000010b797278 WebCore`-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:](self=0x00007f8168a5aed0, _cmd=0x00007fff8cb8a788, attribute=0x00007f816af52a80, parameter=0x00007f816c804030) + 11192 at WebAccessibilityObjectWrapperMac.mm:3389


when text markers from detached frames are used that do not have common tree scopes.
Comment 1 chris fleizach 2013-11-30 23:11:25 PST 
<rdar://problem/14275055>
Comment 2 chris fleizach 2013-11-30 23:40:42 PST 
Created attachment 218109 [details]
patch
Comment 3 WebKit Commit Bot 2013-12-02 06:16:24 PST 
Comment on attachment 218109 [details]
patch

Clearing flags on attachment: 218109

Committed r159932: <http://trac.webkit.org/changeset/159932>
Comment 4 WebKit Commit Bot 2013-12-02 06:16:26 PST 
All reviewed patches have been landed.  Closing bug.