Bug 128310 - AX: Crash in WebCore::AXObjectCache::computedObjectAttributeCache
Summary: AX: Crash in WebCore::AXObjectCache::computedObjectAttributeCache
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Accessibility (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: chris fleizach
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2014-02-06 09:24 PST by chris fleizach
Modified: 2014-02-06 17:24 PST (History)
10 users (show)

See Also:

Attachments
patch (14.41 KB, patch)
2014-02-06 09:46 PST, chris fleizach 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description chris fleizach 2014-02-06 09:24:28 PST 
From comments in
  https://bugs.webkit.org/show_bug.cgi?id=127439


#0  0x00007ffff052c95a in std::unique_ptr<WebCore::AXComputedObjectAttributeCache, std::default_delete<WebCore::AXComputedObjectAttributeCache> >::get (this=0xd0) at /usr/include/c++/4.7/bits/unique_ptr.h:223
#1  0x00007ffff055b056 in WebCore::AXObjectCache::computedObjectAttributeCache (this=0x0) at /home/michal/source/WebKit/Source/WebCore/accessibility/AXObjectCache.h:211
#2  0x00007ffff0559b22 in WebCore::AccessibilityObject::accessibilityIsIgnored (this=0x776e80) at /home/michal/source/WebKit/Source/WebCore/accessibility/AccessibilityObject.cpp:2105
#3  0x00007ffff0559820 in WebCore::AccessibilityObject::notifyIfIgnoredValueChanged (this=0x776e80) at /home/michal/source/WebKit/Source/WebCore/accessibility/AccessibilityObject.cpp:2018
#4  0x00007ffff052a3f4 in WebCore::AXObjectCache::recomputeIsIgnored (this=0x813b20, renderer=0x82ebb0) at /home/michal/source/WebKit/Source/WebCore/accessibility/AXObjectCache.cpp:905
#5  0x00007ffff0fab3da in WebCore::RenderBlock::deleteLines (this=0x82ebb0) at /home/michal/source/WebKit/Source/WebCore/rendering/RenderBlock.cpp:920
#6  0x00007ffff0fe2795 in WebCore::RenderBlockFlow::deleteLines (this=0x82ebb0) at /home/michal/source/WebKit/Source/WebCore/rendering/RenderBlockFlow.cpp:1906
#7  0x00007ffff0fabce6 in WebCore::RenderBlock::collapseAnonymousBoxChild (parent=0xa1cba0, child=0x82ebb0) at /home/michal/source/WebKit/Source/WebCore/rendering/RenderBlock.cpp:1084
#8  0x00007ffff0fac171 in WebCore::RenderBlock::removeChild (this=0xa1cba0, oldChild=...) at /home/michal/source/WebKit/Source/WebCore/rendering/RenderBlock.cpp:1160
Comment 1 Radar WebKit Bug Importer 2014-02-06 09:24:54 PST 
<rdar://problem/16002078>
Comment 2 chris fleizach 2014-02-06 09:26:03 PST 
In frame 1, the cache has become null, which means asking axObjectCache() in frame 3 either found no document, or no axObjectCache at that document, which can happen when the render tree is no longer living

we need to be more careful about using the axObjectCache() in ax code
Comment 3 Radar WebKit Bug Importer 2014-02-06 09:26:23 PST 
<rdar://problem/16002095>
Comment 4 chris fleizach 2014-02-06 09:46:37 PST 
Created attachment 223342 [details]
patch
Comment 5 Alexey Proskuryakov 2014-02-06 09:54:25 PST 
Comment on attachment 223342 [details]
patch 

r=me

Please wait for EWS testers to become green.
Comment 6 WebKit Commit Bot 2014-02-06 17:24:40 PST 
Comment on attachment 223342 [details]
patch 

Clearing flags on attachment: 223342

Committed r163586: <http://trac.webkit.org/changeset/163586>
Comment 7 WebKit Commit Bot 2014-02-06 17:24:43 PST 
All reviewed patches have been landed.  Closing bug.