Bug 235827

Summary: AX: AccessibilitySlider::inputElement should check if the renderer has become null
Product: WebKit Reporter: Tyler Wilcock <tyler_w>
Component: AccessibilityAssignee: Tyler Wilcock <tyler_w>
Status: RESOLVED FIXED    
Severity: Normal CC: aboxhall, andresg_22, apinheiro, cfleizach, dmazzoni, ews-watchlist, jcraig, jdiggs, samuel_white, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch
none
Patch
ews-feeder: commit-queue-
Patch ews-feeder: commit-queue-

Description Tyler Wilcock 2022-01-28 09:01:17 PST 
After https://bugs.webkit.org/show_bug.cgi?id=235715, we no longer call the update version of children from logging. This has made accessibility/mac/spinbutton-valuedescription.html a constant failure in debug mode only, since the logging is trying to print an AX tree that is out of sync with the DOM. This test uses JS to remove an <input> renderer + node.

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x000000000000003c

0   com.apple.WebCore             	0x00000001af545e0c WebCore::RenderObject::RenderObjectBitfields::isAnonymous() const + 12 (RenderObject.h:888)
1   com.apple.WebCore             	0x00000001af545dee WebCore::RenderObject::isAnonymous() const + 30 (RenderObject.h:391)
2   com.apple.WebCore             	0x00000001af530f0c WebCore::RenderObject::node() const + 28 (RenderObject.h:465)
3   com.apple.WebCore             	0x00000001afa53186 WebCore::AccessibilitySlider::inputElement() const + 38 (AccessibilitySlider.cpp:150)
4   com.apple.WebCore             	0x00000001afa53149 WebCore::AccessibilitySlider::getAttribute(WebCore::QualifiedName const&) const + 25 (AccessibilitySlider.cpp:108)
5   com.apple.WebCore             	0x00000001afa0e958 WebCore::AccessibilityObject::identifierAttribute() const + 72 (AccessibilityObject.cpp:2984)
6   com.apple.WebCore             	0x00000001af988ac1 WebCore::operator<<(WTF::TextStream&, WebCore::AXCoreObject const&) + 145 (AXLogger.cpp:487)
7   com.apple.WebCore             	0x00000001af9890af WebCore::AXLogger::add(WTF::TextStream&, WTF::RefPtr<WebCore::AXCoreObject, WTF::RawPtrTraits<WebCore::AXCoreObject>, WTF::DefaultRefDerefTraits<WebCore::AXCoreObject> > const&, bool) + 95 (AXLogger.cpp:100)
8   com.apple.WebCore             	0x00000001af989116 WebCore::AXLogger::add(WTF::TextStream&, WTF::RefPtr<WebCore::AXCoreObject, WTF::RawPtrTraits<WebCore::AXCoreObject>, WTF::DefaultRefDerefTraits<WebCore::AXCoreObject> > const&, bool) + 198 (AXLogger.cpp:104)
9   com.apple.WebCore             	0x00000001af989116 WebCore::AXLogger::add(WTF::TextStream&, WTF::RefPtr<WebCore::AXCoreObject, WTF::RawPtrTraits<WebCore::AXCoreObject>, WTF::DefaultRefDerefTraits<WebCore::AXCoreObject> > const&, bool) + 198 (AXLogger.cpp:104)
10  com.apple.WebCore             	0x00000001af989116 WebCore::AXLogger::add(WTF::TextStream&, WTF::RefPtr<WebCore::AXCoreObject, WTF::RawPtrTraits<WebCore::AXCoreObject>, WTF::DefaultRefDerefTraits<WebCore::AXCoreObject> > const&, bool) + 198 (AXLogger.cpp:104)
11  com.apple.WebCore             	0x00000001af98a044 WebCore::operator<<(WTF::TextStream&, WebCore::AXObjectCache&) + 164 (AXLogger.cpp:528)
12  com.apple.WebCore             	0x00000001af989f40 WebCore::AXLogger::log(WebCore::AXObjectCache&) + 80 (AXLogger.cpp:146)
13  com.apple.WebCore             	0x00000001af994ce0 WebCore::AXObjectCache::updateIsolatedTree(WTF::Vector<std::__1::pair<WTF::RefPtr<WebCore::AXCoreObject, WTF::RawPtrTraits<WebCore::AXCoreObject>, WTF::DefaultRefDerefTraits<WebCore::AXCoreObject> >, WebCore::AXObjectCache::AXNotification>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) + 80 (AXObjectCache.cpp:3327)
14  com.apple.WebCore             	0x00000001af98d138 WebCore::AXObjectCache::notificationPostTimerFired() + 1032 (AXObjectCache.cpp:1150)


This logging is not enabled in release, so it's not a problem there.
Comment 1 Radar WebKit Bug Importer 2022-01-28 09:01:31 PST 
<rdar://problem/88188151>
Comment 2 Tyler Wilcock 2022-01-28 09:04:27 PST 
Created attachment 450238 [details]
Patch
Comment 3 Tyler Wilcock 2022-01-28 12:17:46 PST 
Created attachment 450265 [details]
Patch
Comment 4 Tyler Wilcock 2022-01-28 12:21:28 PST 
Created attachment 450266 [details]
Patch
Comment 5 EWS 2022-01-28 18:13:22 PST 
Committed r288774 (246555@main): <https://commits.webkit.org/246555@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 450266 [details].