Bug 128310

Summary: AX: Crash in WebCore::AXObjectCache::computedObjectAttributeCache
Product: WebKit Reporter: chris fleizach <cfleizach>
Component: AccessibilityAssignee: chris fleizach <cfleizach>
Status: RESOLVED FIXED    
Severity: Normal CC: aboxhall, apinheiro, ap, commit-queue, dmazzoni, jcraig, jdiggs, mario, samuel_white, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
patch none

Description chris fleizach 2014-02-06 09:24:28 PST 
From comments in
  https://bugs.webkit.org/show_bug.cgi?id=127439


#0  0x00007ffff052c95a in std::unique_ptr<WebCore::AXComputedObjectAttributeCache, std::default_delete<WebCore::AXComputedObjectAttributeCache> >::get (this=0xd0) at /usr/include/c++/4.7/bits/unique_ptr.h:223
#1  0x00007ffff055b056 in WebCore::AXObjectCache::computedObjectAttributeCache (this=0x0) at /home/michal/source/WebKit/Source/WebCore/accessibility/AXObjectCache.h:211
#2  0x00007ffff0559b22 in WebCore::AccessibilityObject::accessibilityIsIgnored (this=0x776e80) at /home/michal/source/WebKit/Source/WebCore/accessibility/AccessibilityObject.cpp:2105
#3  0x00007ffff0559820 in WebCore::AccessibilityObject::notifyIfIgnoredValueChanged (this=0x776e80) at /home/michal/source/WebKit/Source/WebCore/accessibility/AccessibilityObject.cpp:2018
#4  0x00007ffff052a3f4 in WebCore::AXObjectCache::recomputeIsIgnored (this=0x813b20, renderer=0x82ebb0) at /home/michal/source/WebKit/Source/WebCore/accessibility/AXObjectCache.cpp:905
#5  0x00007ffff0fab3da in WebCore::RenderBlock::deleteLines (this=0x82ebb0) at /home/michal/source/WebKit/Source/WebCore/rendering/RenderBlock.cpp:920
#6  0x00007ffff0fe2795 in WebCore::RenderBlockFlow::deleteLines (this=0x82ebb0) at /home/michal/source/WebKit/Source/WebCore/rendering/RenderBlockFlow.cpp:1906
#7  0x00007ffff0fabce6 in WebCore::RenderBlock::collapseAnonymousBoxChild (parent=0xa1cba0, child=0x82ebb0) at /home/michal/source/WebKit/Source/WebCore/rendering/RenderBlock.cpp:1084
#8  0x00007ffff0fac171 in WebCore::RenderBlock::removeChild (this=0xa1cba0, oldChild=...) at /home/michal/source/WebKit/Source/WebCore/rendering/RenderBlock.cpp:1160
Comment 1 Radar WebKit Bug Importer 2014-02-06 09:24:54 PST 
<rdar://problem/16002078>
Comment 2 chris fleizach 2014-02-06 09:26:03 PST 
In frame 1, the cache has become null, which means asking axObjectCache() in frame 3 either found no document, or no axObjectCache at that document, which can happen when the render tree is no longer living

we need to be more careful about using the axObjectCache() in ax code
Comment 3 Radar WebKit Bug Importer 2014-02-06 09:26:23 PST 
<rdar://problem/16002095>
Comment 4 chris fleizach 2014-02-06 09:46:37 PST 
Created attachment 223342 [details]
patch
Comment 5 Alexey Proskuryakov 2014-02-06 09:54:25 PST 
Comment on attachment 223342 [details]
patch 

r=me

Please wait for EWS testers to become green.
Comment 6 WebKit Commit Bot 2014-02-06 17:24:40 PST 
Comment on attachment 223342 [details]
patch 

Clearing flags on attachment: 223342

Committed r163586: <http://trac.webkit.org/changeset/163586>
Comment 7 WebKit Commit Bot 2014-02-06 17:24:43 PST 
All reviewed patches have been landed.  Closing bug.