RESOLVED FIXED 112396
AX: Crash when removing aria-menu item from DOM 
https://bugs.webkit.org/show_bug.cgi?id=112396
Summary AX: Crash when removing aria-menu item from DOM
chris fleizach
Reported 2013-03-14 17:58:29 PDT
If you have a aria menu in the tree, then removing it from the DOM leads to a crash NULL access crash > 1 com.apple.WebCore 0x7fff8ee43c4d WebCore::AccessibilityRenderObject::parentObject() const + 0x7d 2 com.apple.WebCore 0x7fff8ee43bb6 WebCore::AccessibilityRenderObject::ariaIsHidden() const + 0x86 3 com.apple.WebCore 0x7fff8f2291e2 WebCore::AccessibilityRenderObject::accessibilityIsIgnoredBase() const + 0x52 4 com.apple.WebCore 0x7fff8f234d07 WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored() const + 0x17 5 com.apple.WebCore 0x7fff8f234264 WebCore::AccessibilityObject::accessibilityIsIgnored() const + 0x84 6 com.apple.WebCore 0x7fff8f228600 WebCore::AXObjectCache::recomputeIsIgnored(WebCore::RenderObject*) + 0x20 7 com.apple.WebCore 0x7fff8ee02e02 WebCore::RenderBlock::removeChild(WebCore::RenderObject*) + 0x3d2 8 com.apple.WebCore 0x7fff8f94691d WebCore::RenderObject::willBeDestroyed() + 0xcd 9 com.apple.WebCore 0x7fff8f996e2e WebCore::RenderText::willBeDestroyed() + 0xae 10 com.apple.WebCore 0x7fff8ee02992 WebCore::RenderObject::destroy() + 0x12 11 com.apple.WebCore 0x7fff8ede5890 WebCore::Node::detach() + 0x40 12 com.apple.WebCore 0x7fff8ede582c WebCore::ContainerNode::detach() + 0x1c 13 com.apple.WebCore 0x7fff8ede57dd WebCore::Element::detach() + 0x1ed 14 com.apple.WebCore 0x7fff8ede582c WebCore::ContainerNode::detach() + 0x1c 15 com.apple.WebCore 0x7fff8ede57dd WebCore::Element::detach() + 0x1ed 16 com.apple.WebCore 0x7fff8ede582c WebCore::ContainerNode::detach() + 0x1c 17 com.apple.WebCore 0x7fff8ede57dd WebCore::Element::detach() + 0x1ed 18 com.apple.WebCore 0x7fff8ede582c WebCore::ContainerNode::detach() + 0x1c 19 com.apple.WebCore 0x7fff8ede57dd WebCore::Element::detach() + 0x1ed 20 com.apple.WebCore 0x7fff8ede582c WebCore::ContainerNode::detach() + 0x1c
Attachments
patch (4.32 KB, patch)
2013-03-14 18:01 PDT, chris fleizach 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
chris fleizach
Comment 1 2013-03-14 18:01:51 PDT
Created attachment 193212 [details] patch
chris fleizach
Comment 2 2013-03-14 18:02:34 PDT
Adding Tim to help with review
WebKit Review Bot
Comment 3 2013-03-14 19:10:53 PDT
Comment on attachment 193212 [details] patch Clearing flags on attachment: 193212 Committed r145866: <http://trac.webkit.org/changeset/145866>
WebKit Review Bot
Comment 4 2013-03-14 19:10:56 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.