| Summary: | AX: crash at WebCore::Range::selectNodeContents(WebCore::Node*, int&) | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Nan Wang <n_wang> | ||||||||||
| Component: | Accessibility | Assignee: | Nobody <webkit-unassigned> | ||||||||||
| Status: | RESOLVED FIXED | ||||||||||||
| Severity: | Normal | CC: | aboxhall, apinheiro, cfleizach, commit-queue, dmazzoni, jcraig, jdiggs, mario, n_wang, ryanhaddad, samuel_white, webkit-bug-importer | ||||||||||
| Priority: | P2 | Keywords: | InRadar | ||||||||||
| Version: | WebKit Nightly Build | ||||||||||||
| Hardware: | All | ||||||||||||
| OS: | All | ||||||||||||
| Attachments: |
|
||||||||||||
|
Description
Nan Wang
2016-02-08 16:30:15 PST
Created attachment 270894 [details]
patch
Comment on attachment 270894 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=270894&action=review > Source/WebCore/accessibility/AXObjectCache.cpp:1586 > + if (nodeIsDerefed(characterOffset1.node) || nodeIsDerefed(characterOffset2.node)) can we use our nodeInUse cache to handle this case? seems like we should be doing that when creating the CharacterOffsets too Comment on attachment 270894 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=270894&action=review >> Source/WebCore/accessibility/AXObjectCache.cpp:1586 >> + if (nodeIsDerefed(characterOffset1.node) || nodeIsDerefed(characterOffset2.node)) > > can we use our nodeInUse cache to handle this case? seems like we should be doing that when creating the CharacterOffsets too Good point, will do. Created attachment 270899 [details]
patch
review comments.
Comment on attachment 270899 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=270899&action=review > Source/WebCore/ChangeLog:5 > + <rdar://problem/24559206> don't include rdar numbers (unless there is some new dictate to include them) > LayoutTests/ChangeLog:5 > + <rdar://problem/24559206> don't include rdar numbers > LayoutTests/accessibility/text-marker/text-marker-range-stale-node-crash.html:29 > + textElement.innerHTML=""; textElement.innerHTML = ""; Created attachment 270901 [details]
patch
Addressed minor issues.
Comment on attachment 270901 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=270901&action=review > LayoutTests/accessibility/text-marker/text-marker-range-stale-node-crash.html:29 > + textElement.innerHTML= ""; still need another space before HTML= Comment on attachment 270901 [details] patch Rejecting attachment 270901 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-02', 'validate-changelog', '--check-oops', '--non-interactive', 270901, '--port=mac']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit ChangeLog entry in LayoutTests/ChangeLog contains OOPS!. Full output: http://webkit-queues.webkit.org/results/802367 Created attachment 270902 [details]
patch
This one should be good.
Comment on attachment 270902 [details] patch Clearing flags on attachment: 270902 Committed r196287: <http://trac.webkit.org/changeset/196287> All reviewed patches have been landed. Closing bug. The test added with this change seems to be crashing on ios-simulator: <https://build.webkit.org/results/Apple%20iOS%209%20Simulator%20Release%20WK2%20(Tests)/r196313%20(2965)/results.html> <http://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=accessibility%2Ftext-marker%2Ftext-marker-range-stale-node-crash.html> Filed: <https://bugs.webkit.org/show_bug.cgi?id=154039> |