Bug 219238

Summary: AccessibilityObject::FocusedUIElement should not call AXObjectCache::focusedUIElementForPage that can return an isolated object.
Product: WebKit Reporter: Andres Gonzalez <andresg_22>
Component: New BugsAssignee: Andres Gonzalez <andresg_22>
Status: RESOLVED FIXED    
Severity: Normal CC: aboxhall, apinheiro, cfleizach, dmazzoni, ews-watchlist, jcraig, jdiggs, samuel_white, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=219290
Attachments:
Description Flags
Patch none

Andres Gonzalez
Reported 2020-11-21 13:59:16 PST
AccessibilityObject::FocusedUIElement should not call AXObjectCache::focusedUIElementForPage that can return an isolated object.
Attachments
Patch (6.09 KB, patch)
2020-11-21 14:11 PST, Andres Gonzalez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Andres Gonzalez
Comment 1 2020-11-21 14:11:07 PST
Created attachment 414770 [details] Patch
Andres Gonzalez
Comment 2 2020-11-21 14:13:28 PST
This is the infinite recursion this problem causes when building the isolated tree: frame #9263: 0x0000000302678948 WebCore`WebCore::AXIsolatedTree::create(axObjectCache=0x0000000325e59400) at AXIsolatedTree.cpp:102:15 frame #9264: 0x00000003025ba23c WebCore`WebCore::AXObjectCache::generateIsolatedTree(this=0x0000000325e59400) const at AXObjectCache.cpp:3168:12 frame #9265: 0x00000003025e6cf1 WebCore`WebCore::AXObjectCache::getOrCreateIsolatedTree(this=0x00007ffee8f07ce0) const::$_4::operator()() const at AXObjectCache.cpp:792:20 frame #9266: 0x00000003025abc7d WebCore`WTF::RefPtr<WebCore::AXIsolatedTree, WTF::RawPtrTraits<WebCore::AXIsolatedTree>, WTF::DefaultRefDerefTraits<WebCore::AXIsolatedTree> > WebCore::Accessibility::retrieveValueFromMainThread<WTF::RefPtr<WebCore::AXIsolatedTree, WTF::RawPtrTraits<WebCore::AXIsolatedTree>, WTF::DefaultRefDerefTraits<WebCore::AXIsolatedTree> >, WebCore::AXObjectCache::getOrCreateIsolatedTree(lambda=0x00007ffee8f07ce0) const::$_4>(WebCore::AXObjectCache::getOrCreateIsolatedTree() const::$_4&&) at AccessibilityObjectInterface.h:1570:16 frame #9267: 0x00000003025a93e3 WebCore`WebCore::AXObjectCache::getOrCreateIsolatedTree(this=0x0000000325e59400) const at AXObjectCache.cpp:791:16 frame #9268: 0x00000003025a9279 WebCore`WebCore::AXObjectCache::isolatedTreeFocusedObject(this=0x0000000325e59400) at AXObjectCache.cpp:401:21 frame #9269: 0x00000003025a96e6 WebCore`WebCore::AXObjectCache::focusedUIElementForPage(this=0x0000000325e59400, page=0x0000000325ff8000) at AXObjectCache.cpp:438:16 frame #9270: 0x0000000302620d9b WebCore`WebCore::AccessibilityObject::focusedUIElement(this=0x000000032b147f00) const at AccessibilityObject.cpp:2552:51 frame #9271: 0x000000030262ff2e WebCore`WebCore::AccessibilityRenderObject::isTabItemSelected(this=0x000000032b147f00) const at AccessibilityRenderObject.cpp:1798:77 frame #9272: 0x000000030262fdd8 WebCore`WebCore::AccessibilityRenderObject::isSelected(this=0x000000032b147f00) const at AccessibilityRenderObject.cpp:1776:24 frame #9273: 0x000000030260e4d2 WebCore`WebCore::AccessibilityNodeObject::selectedTabItem(this=0x000000032b1d3f80) at AccessibilityNodeObject.cpp:938:65 frame #9274: 0x000000030266ada9 WebCore`WebCore::AXIsolatedObject::initializeAttributeData(this=0x000000032b137690, object=0x000000032b1d3f80, isRoot=false) at AXIsolatedObject.cpp:158:63 frame #9275: 0x0000000302668797 WebCore`WebCore::AXIsolatedObject::AXIsolatedObject(this=0x000000032b137690, object=0x000000032b1d3f80, tree=0x0000000325ec7578, parentID=4) at AXIsolatedObject.cpp:46:9 frame #9276: 0x000000030266e9fd WebCore`WebCore::AXIsolatedObject::AXIsolatedObject(this=0x000000032b137690, object=0x000000032b1d3f80, tree=0x0000000325ec7578, parentID=4) at AXIsolatedObject.cpp:43:1 frame #9277: 0x000000030266ea5b WebCore`WebCore::AXIsolatedObject::create(object=0x000000032b1d3f80, tree=0x0000000325ec7578, parentID=4) at AXIsolatedObject.cpp:55:26 frame #9278: 0x0000000302679bf7 WebCore`WebCore::AXIsolatedTree::createSubtree(this=0x0000000325ec7578, axObject=0x000000032b1d3f80, parentID=4, attachWrapper=true) at AXIsolatedTree.cpp:202:19 frame #9279: 0x0000000302679dbd WebCore`WebCore::AXIsolatedTree::createSubtree(this=0x0000000325ec7578, axObject=0x000000032b19b400, parentID=3, attachWrapper=true) at AXIsolatedTree.cpp:221:22 frame #9280: 0x0000000302679dbd WebCore`WebCore::AXIsolatedTree::createSubtree(this=0x0000000325ec7578, axObject=0x0000000325e65e10, parentID=0, attachWrapper=true) at AXIsolatedTree.cpp:221:22 frame #9281: 0x0000000302678db1 WebCore`WebCore::AXIsolatedTree::generateSubtree(this=0x0000000325ec7578, axObject=0x0000000325e65e10, axParent=0x0000000000000000, attachWrapper=true) at AXIsolatedTree.cpp:189:19 frame #9282: 0x0000000302678948 WebCore`WebCore::AXIsolatedTree::create(axObjectCache=0x0000000325e59400) at AXIsolatedTree.cpp:102:15 frame #9283: 0x00000003025ba23c WebCore`WebCore::AXObjectCache::generateIsolatedTree(this=0x0000000325e59400) const at AXObjectCache.cpp:3168:12 frame #9284: 0x00000003025e6cf1 WebCore`WebCore::AXObjectCache::getOrCreateIsolatedTree(this=0x00007ffee8f0bfc0) const::$_4::operator()() const at AXObjectCache.cpp:792:20 frame #9285: 0x00000003025abc7d WebCore`WTF::RefPtr<WebCore::AXIsolatedTree, WTF::RawPtrTraits<WebCore::AXIsolatedTree>, WTF::DefaultRefDerefTraits<WebCore::AXIsolatedTree> > WebCore::Accessibility::retrieveValueFromMainThread<WTF::RefPtr<WebCore::AXIsolatedTree, WTF::RawPtrTraits<WebCore::AXIsolatedTree>, WTF::DefaultRefDerefTraits<WebCore::AXIsolatedTree> >, WebCore::AXObjectCache::getOrCreateIsolatedTree(lambda=0x00007ffee8f0bfc0) const::$_4>(WebCore::AXObjectCache::getOrCreateIsolatedTree() const::$_4&&) at AccessibilityObjectInterface.h:1570:16 frame #9286: 0x00000003025a93e3 WebCore`WebCore::AXObjectCache::getOrCreateIsolatedTree(this=0x0000000325e59400) const at AXObjectCache.cpp:791:16
EWS
Comment 3 2020-11-21 15:03:51 PST
Committed r270154: <https://trac.webkit.org/changeset/270154> All reviewed patches have been landed. Closing bug and clearing flags on attachment 414770 [details].
Radar WebKit Bug Importer
Comment 4 2020-11-21 15:04:17 PST
<rdar://problem/71658631>
Note You need to log in before you can comment on or make changes to this bug.