RESOLVED FIXED 125042
AX: Crash at WebCore::commonTreeScope 
https://bugs.webkit.org/show_bug.cgi?id=125042
Summary AX: Crash at WebCore::commonTreeScope
chris fleizach
Reported 2013-11-30 23:11:13 PST
It's possible to crash at * thread #1: tid = 0x1fd7d3, 0x0000000108e0101a JavaScriptCore`WTFCrash + 42 at Assertions.cpp:341, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef) frame #0: 0x0000000108e0101a JavaScriptCore`WTFCrash + 42 at Assertions.cpp:341 frame #1: 0x0000000109c74999 WebCore`WTF::CrashOnOverflow::overflowed() + 9 at CheckedArithmetic.h:80 frame #2: 0x000000010b7595ff WebCore`WTF::Vector<WebCore::TreeScope*, 5ul, WTF::CrashOnOverflow>::at(this=0x00007fff5ca13a10, i=1) + 79 at Vector.h:584 frame #3: 0x000000010b75956d WebCore`WTF::Vector<WebCore::TreeScope*, 5ul, WTF::CrashOnOverflow>::operator[](this=0x00007fff5ca13a10, i=1) + 29 at Vector.h:604 frame #4: 0x000000010b758983 WebCore`WebCore::commonTreeScope(nodeA=0x00007f8168ed9c30, nodeB=0x00007f816ba594f0) + 419 at TreeScope.cpp:428 frame #5: 0x000000010a5b6d45 WebCore`WebCore::comparePositions(a=0x00007fff5ca13d00, b=0x00007fff5ca13d10) + 53 at htmlediting.cpp:71 frame #6: 0x000000010b773c10 WebCore`WebCore::VisibleSelection::setBaseAndExtentToDeepEquivalents(this=0x00007fff5ca13d00) + 560 at VisibleSelection.cpp:268 frame #7: 0x000000010b77286c WebCore`WebCore::VisibleSelection::validate(this=0x00007fff5ca13d00, granularity=CharacterGranularity) + 28 at VisibleSelection.cpp:413 frame #8: 0x000000010b772c24 WebCore`WebCore::VisibleSelection::VisibleSelection(this=0x00007fff5ca13d00, base=0x00007fff5ca15068, extent=0x00007fff5ca15050, isDirectional=false) + 164 at VisibleSelection.cpp:83 frame #9: 0x000000010b772b74 WebCore`WebCore::VisibleSelection::VisibleSelection(this=0x00007fff5ca13d00, base=0x00007fff5ca15068, extent=0x00007fff5ca15050, isDirectional=false) + 52 at VisibleSelection.cpp:84 frame #10: 0x0000000109c45e85 WebCore`WebCore::AccessibilityObject::visiblePositionRangeForUnorderedPositions(this=0x00007f816bc015b0, visiblePos1=0x00007fff5ca15068, visiblePos2=0x00007fff5ca15050) const + 197 at AccessibilityObject.cpp:662 frame #11: 0x000000010b797278 WebCore`-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:](self=0x00007f8168a5aed0, _cmd=0x00007fff8cb8a788, attribute=0x00007f816af52a80, parameter=0x00007f816c804030) + 11192 at WebAccessibilityObjectWrapperMac.mm:3389 when text markers from detached frames are used that do not have common tree scopes.
Attachments
patch (5.59 KB, patch)
2013-11-30 23:40 PST, chris fleizach 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
chris fleizach
Comment 1 2013-11-30 23:11:25 PST
<rdar://problem/14275055>
chris fleizach
Comment 2 2013-11-30 23:40:42 PST
Created attachment 218109 [details] patch
WebKit Commit Bot
Comment 3 2013-12-02 06:16:24 PST
Comment on attachment 218109 [details] patch Clearing flags on attachment: 218109 Committed r159932: <http://trac.webkit.org/changeset/159932>
WebKit Commit Bot
Comment 4 2013-12-02 06:16:26 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.