Bug 208942

Summary: AX: Isolated tree: Crash in URL retrieval
Product: WebKit Reporter: chris fleizach <cfleizach>
Component: AccessibilityAssignee: Andres Gonzalez <andresg_22>
Status: RESOLVED FIXED    
Severity: Normal CC: aboxhall, apinheiro, commit-queue, dmazzoni, ews-watchlist, jcraig, jdiggs, samuel_white, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch
none
Patch
none
Patch none

chris fleizach
Reported 2020-03-11 13:13:31 PDT
hread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001103095ae WebCore::AccessibilityRenderObject::url() const + 62 (AccessibilityRenderObject.cpp:1644) 1 com.apple.WebCore 0x0000000110321a69 WebCore::AXIsolatedObject::initializeAttributeData(WebCore::AXCoreObject&, bool) + 12233 (AXIsolatedObject.cpp:194) 2 com.apple.WebCore 0x00000001103252a8 WebCore::AXIsolatedObject::create(WebCore::AXCoreObject&, unsigned int, unsigned int) + 56 (AXIsolatedObject.cpp:48) 3 com.apple.WebCore 0x00000001102df2f5 WebCore::createIsolatedTreeHierarchy(WebCore::AXCoreObject&, unsigned int, unsigned int, bool, WTF::Vector<WebCore::AXIsolatedTree::NodeChange, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&) + 37 (AXObjectCache.cpp:3101) 4 com.apple.WebCore 0x00000001102df3f7 WebCore::createIsolatedTreeHierarchy(WebCore::AXCoreObject&, unsigned int, unsigned int, bool, WTF::Vector<WebCore::AXIsolatedTree::NodeChange, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&) + 295 (AXObjectCache.cpp:3113) 5 com.apple.WebCore 0x00000001102d6ce0 WebCore::AXObjectCache::updateIsolatedTree(WebCore::AXCoreObject*, WebCore::AXObjectCache::AXNotification) + 176 (AXObjectCache.cpp:3166) 6 com.apple.WebCore 0x00000001102d5f0d WebCore::AXObjectCache::postNotification(WebCore::AXCoreObject*, WebCore::Document*, WebCore::AXObjectCache::AXNotification, WebCore::PostTarget, WebCore::PostType) + 157 (AXObjectCache.cpp:1142) 7 com.apple.WebCore 0x00000001102ec243 WebCore::AccessibilityNodeObject::childrenChanged() + 115 (AccessibilityNodeObject.cpp:128) 8 com.apple.WebCore 0x00000001102dec3c WebCore::AXObjectCache::performDeferredCacheUpdate() + 220
Attachments
Patch (8.31 KB, patch)
2020-03-11 17:50 PDT, Andres Gonzalez 		no flags
DetailsFormatted DiffDiff
Patch (8.21 KB, patch)
2020-03-11 20:33 PDT, Andres Gonzalez 		no flags
DetailsFormatted DiffDiff
Patch (9.00 KB, patch)
2020-03-12 05:34 PDT, Andres Gonzalez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2020-03-11 13:13:42 PDT
<rdar://problem/60337547>
Radar WebKit Bug Importer
Comment 2 2020-03-11 13:14:41 PDT
<rdar://problem/60337588>
Andres Gonzalez
Comment 3 2020-03-11 17:50:14 PDT
Created attachment 393317 [details] Patch
Andres Gonzalez
Comment 4 2020-03-11 20:33:27 PDT
Created attachment 393334 [details] Patch
chris fleizach
Comment 5 2020-03-11 21:29:47 PDT
Test fail on win We might want to skip that platform
Andres Gonzalez
Comment 6 2020-03-12 05:34:18 PDT
Created attachment 393359 [details] Patch
Andres Gonzalez
Comment 7 2020-03-12 05:40:41 PDT
Test skipped in win.
WebKit Commit Bot
Comment 8 2020-03-12 11:43:07 PDT
Comment on attachment 393359 [details] Patch Clearing flags on attachment: 393359 Committed r258346: <https://trac.webkit.org/changeset/258346>
WebKit Commit Bot
Comment 9 2020-03-12 11:43:09 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.