WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
136333
AX: Safari at com.apple.WebCore: WebCore::AXObjectCache::clearTextMarkerNodesInUse
https://bugs.webkit.org/show_bug.cgi?id=136333
Summary
AX: Safari at com.apple.WebCore: WebCore::AXObjectCache::clearTextMarkerNodes...
chris fleizach
Reported
2014-08-27 23:28:33 PDT
(lldb) bt * thread #1: tid = 0x12d68, 0x000000010adae22a JavaScriptCore`WTFCrash + 42 at Assertions.cpp:329, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef) * frame #0: 0x000000010adae22a JavaScriptCore`WTFCrash + 42 at Assertions.cpp:329 frame #1: 0x000000010eb5f586 WebCore`WebCore::Node::treeScope(this=0x00007f9e4afcded0) const + 70 at Node.h:401 frame #2: 0x000000010eb5a603 WebCore`WebCore::Node::document(this=0x00007f9e4afcded0) const + 83 at Node.h:396 frame #3: 0x000000010eb2ebb5 WebCore`WebCore::AXObjectCache::clearTextMarkerNodesInUse(this=0x00007f9e3bc20b30, document=0x0000000000000000) + 149 at AXObjectCache.cpp:1051 frame #4: 0x000000010f3f2fa2 WebCore`WebCore::Frame::disconnectOwnerElement(this=0x00007f9e4b7af2f0) + 114 at Frame.cpp:814 frame #5: 0x000000010f3f2745 WebCore`WebCore::Frame::~Frame(this=0x00007f9e4b7af2f0) + 149 at Frame.cpp:224 frame #6: 0x000000010f3f3005 WebCore`WebCore::Frame::~Frame(this=0x00007f9e4b7af2f0) + 21 at Frame.cpp:214 frame #7: 0x000000010f3f3029 WebCore`WebCore::Frame::~Frame(this=0x00007f9e4b7af2f0) + 25 at Frame.cpp:214 frame #8: 0x000000010ebbd1f3 WebCore`WTF::RefCounted<WebCore::Frame>::deref(this=0x00007f9e4b7af2f8) + 83 at RefCounted.h:146 frame #9: 0x000000010ebbd18f WebCore`WTF::Ref<WebCore::Frame>::~Ref(this=0x00007fff556c6e58) + 31 at Ref.h:41 frame #10: 0x000000010ebb5fc5 WebCore`WTF::Ref<WebCore::Frame>::~Ref(this=0x00007fff556c6e58) + 21 at Ref.h:41 frame #11: 0x000000010f417e1f WebCore`WTF::VectorDestructor<true, WTF::Ref<WebCore::Frame> >::destruct(begin=0x00007fff556c6e58, end=0x00007fff556c6e70) + 47 at Vector.h:56 frame #12: 0x000000010f417ddd WebCore`WTF::VectorTypeOperations<WTF::Ref<WebCore::Frame> >::destruct(begin=0x00007fff556c6e58, end=0x00007fff556c6e70) + 29 at Vector.h:220 frame #13: 0x000000010f417d50 WebCore`WTF::Vector<WTF::Ref<WebCore::Frame>, 16ul, WTF::CrashOnOverflow>::shrink(this=0x00007fff556c6e48, size=0) + 128 at Vector.h:957 frame #14: 0x000000010f417cb4 WebCore`WTF::Vector<WTF::Ref<WebCore::Frame>, 16ul, WTF::CrashOnOverflow>::~Vector(this=0x00007fff556c6e48) + 52 at Vector.h:596 frame #15: 0x000000010f416535 WebCore`WTF::Vector<WTF::Ref<WebCore::Frame>, 16ul, WTF::CrashOnOverflow>::~Vector(this=0x00007fff556c6e48) + 21 at Vector.h:594 frame #16: 0x000000010f402055 WebCore`WebCore::FrameLoader::detachChildren(this=0x00007f9e435b0ff0) + 309 at FrameLoader.cpp:2415 <
rdar://problem/17030054
>
Attachments
patch
(2.07 KB, patch)
2014-08-27 23:33 PDT
,
chris fleizach
ddkilzer
: review+
ddkilzer
: commit-queue-
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
chris fleizach
Comment 1
2014-08-27 23:33:16 PDT
Created
attachment 237294
[details]
patch
David Kilzer (:ddkilzer)
Comment 2
2014-08-28 04:10:10 PDT
Comment on
attachment 237294
[details]
patch View in context:
https://bugs.webkit.org/attachment.cgi?id=237294&action=review
r=me but please consider the comment below.
> Source/WebCore/accessibility/AXObjectCache.cpp:1051 > + if (node->inDocument() && &(node)->document() == document)
Is there a reason to keep nodes not in a document in m_textMarkerNodes? Just wondering if this condition should be || instead of && (and negated) since we might build up document-less nodes in the cache over time with the !document early return above: If (!node->inDocument() || &node->document() == document)
chris fleizach
Comment 3
2014-08-28 10:51:21 PDT
Comment on
attachment 237294
[details]
patch View in context:
https://bugs.webkit.org/attachment.cgi?id=237294&action=review
>> Source/WebCore/accessibility/AXObjectCache.cpp:1051 >> + if (node->inDocument() && &(node)->document() == document) > > Is there a reason to keep nodes not in a document in m_textMarkerNodes? Just wondering if this condition should be || instead of && (and negated) since we might build up document-less nodes in the cache over time with the !document early return above: > > If (!node->inDocument() || &node->document() == document)
I think your logic makes sense here. I'm gonna go in that direction
chris fleizach
Comment 4
2014-08-28 11:01:15 PDT
http://trac.webkit.org/changeset/173067
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug