If you have a aria menu in the tree, then removing it from the DOM leads to a crash NULL access crash > 1 com.apple.WebCore 0x7fff8ee43c4d WebCore::AccessibilityRenderObject::parentObject() const + 0x7d 2 com.apple.WebCore 0x7fff8ee43bb6 WebCore::AccessibilityRenderObject::ariaIsHidden() const + 0x86 3 com.apple.WebCore 0x7fff8f2291e2 WebCore::AccessibilityRenderObject::accessibilityIsIgnoredBase() const + 0x52 4 com.apple.WebCore 0x7fff8f234d07 WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored() const + 0x17 5 com.apple.WebCore 0x7fff8f234264 WebCore::AccessibilityObject::accessibilityIsIgnored() const + 0x84 6 com.apple.WebCore 0x7fff8f228600 WebCore::AXObjectCache::recomputeIsIgnored(WebCore::RenderObject*) + 0x20 7 com.apple.WebCore 0x7fff8ee02e02 WebCore::RenderBlock::removeChild(WebCore::RenderObject*) + 0x3d2 8 com.apple.WebCore 0x7fff8f94691d WebCore::RenderObject::willBeDestroyed() + 0xcd 9 com.apple.WebCore 0x7fff8f996e2e WebCore::RenderText::willBeDestroyed() + 0xae 10 com.apple.WebCore 0x7fff8ee02992 WebCore::RenderObject::destroy() + 0x12 11 com.apple.WebCore 0x7fff8ede5890 WebCore::Node::detach() + 0x40 12 com.apple.WebCore 0x7fff8ede582c WebCore::ContainerNode::detach() + 0x1c 13 com.apple.WebCore 0x7fff8ede57dd WebCore::Element::detach() + 0x1ed 14 com.apple.WebCore 0x7fff8ede582c WebCore::ContainerNode::detach() + 0x1c 15 com.apple.WebCore 0x7fff8ede57dd WebCore::Element::detach() + 0x1ed 16 com.apple.WebCore 0x7fff8ede582c WebCore::ContainerNode::detach() + 0x1c 17 com.apple.WebCore 0x7fff8ede57dd WebCore::Element::detach() + 0x1ed 18 com.apple.WebCore 0x7fff8ede582c WebCore::ContainerNode::detach() + 0x1c 19 com.apple.WebCore 0x7fff8ede57dd WebCore::Element::detach() + 0x1ed 20 com.apple.WebCore 0x7fff8ede582c WebCore::ContainerNode::detach() + 0x1c
Created attachment 193212 [details] patch
Adding Tim to help with review
Comment on attachment 193212 [details] patch Clearing flags on attachment: 193212 Committed r145866: <http://trac.webkit.org/changeset/145866>
All reviewed patches have been landed. Closing bug.