Bug 139616 - AX: Recursive crash at WebCore::accessibleNameForNode
Summary: AX: Recursive crash at WebCore::accessibleNameForNode
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Accessibility (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: chris fleizach
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2014-12-13 00:00 PST by chris fleizach
Modified: 2014-12-18 15:52 PST (History)
9 users (show)

See Also:


Attachments
patch (7.33 KB, patch)
2014-12-13 00:03 PST, chris fleizach
no flags Details | Formatted Diff | Diff
patch (7.44 KB, patch)
2014-12-13 00:07 PST, chris fleizach
mario: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description chris fleizach 2014-12-13 00:00:29 PST
>  1 com.apple.WebCore              0x7fff8d7e90fc WebCore::AXObjectCache::get(WebCore::Node*) + 0xc
   2 com.apple.WebCore              0x7fff8d7e8b6f WebCore::AXObjectCache::getOrCreate(WebCore::Node*) + 0x2f
   3 com.apple.WebCore              0x7fff8d7f7a0a WebCore::accessibleNameForNode(WebCore::Node*) + 0x16a
   4 com.apple.WebCore              0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b
   5 com.apple.WebCore              0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f
   6 com.apple.WebCore              0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31
   7 com.apple.WebCore              0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2
   8 com.apple.WebCore              0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300
   9 com.apple.WebCore              0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407
  10 com.apple.WebCore              0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e
  11 com.apple.WebCore              0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b
  12 com.apple.WebCore              0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f
  13 com.apple.WebCore              0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31
  14 com.apple.WebCore              0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2
  15 com.apple.WebCore              0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300
  16 com.apple.WebCore              0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407
  17 com.apple.WebCore              0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e
  18 com.apple.WebCore              0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b
  19 com.apple.WebCore              0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f
  20 com.apple.WebCore              0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31
  21 com.apple.WebCore              0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2
  22 com.apple.WebCore              0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300
  23 com.apple.WebCore              0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407
  24 com.apple.WebCore              0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e
  25 com.apple.WebCore              0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b
  26 com.apple.WebCore              0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f
  27 com.apple.WebCore              0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31
  28 com.apple.WebCore              0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2
  29 com.apple.WebCore              0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300
  30 com.apple.WebCore              0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407
  31 com.apple.WebCore              0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e
  32 com.apple.WebCore              0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b
  33 com.apple.WebCore              0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f
  34 com.apple.WebCore              0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31
  35 com.apple.WebCore              0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2
  36 com.apple.WebCore              0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300
  37 com.apple.WebCore              0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407
  38 com.apple.WebCore              0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e
  39 com.apple.WebCore              0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b
  40 com.apple.WebCore              0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f
  41 com.apple.WebCore              0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31
  42 com.apple.WebCore              0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2
  43 com.apple.WebCore              0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300
  44 com.apple.WebCore              0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407
  45 com.apple.WebCore              0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e
  46 com.apple.WebCore              0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b
  47 com.apple.WebCore              0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f
  48 com.apple.WebCore              0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31
  49 com.apple.WebCore              0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2
  50 com.apple.WebCore              0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300
  51 com.apple.WebCore              0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407
  52 com.apple.WebCore              0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e
  53 com.apple.WebCore              0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b
  54 com.apple.WebCore              0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f
  55 com.apple.WebCore              0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31
  56 com.apple.WebCore              0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2
  57 com.apple.WebCore              0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300
  58 com.apple.WebCore              0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407
  59 com.apple.WebCore              0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e
  60 com.apple.WebCore              0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b
  61 com.apple.WebCore              0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f
  62 com.apple.WebCore              0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31
  63 com.apple.WebCore              0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2
  64 com.apple.WebCore              0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300
  65 com.apple.WebCore              0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407
  66 com.apple.WebCore              0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e
  67 com.apple.WebCore              0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b
  68 com.apple.WebCore              0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f
  69 com.apple.WebCore              0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31
  70 com.apple.WebCore              0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2
  71 com.apple.WebCore              0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300
  72 com.apple.WebCore              0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407
  73 com.apple.WebCore              0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e
  74 com.apple.WebCore              0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b
  75 com.apple.WebCore              0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f
  76 com.apple.WebCore              0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31
  77 com.apple.WebCore              0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2
  78 com.apple.WebCore              0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300
  79 com.apple.WebCore              0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407
Comment 1 chris fleizach 2014-12-13 00:00:40 PST
<rdar://problem/19064918>
Comment 2 chris fleizach 2014-12-13 00:03:08 PST
Created attachment 243249 [details]
patch
Comment 3 WebKit Commit Bot 2014-12-13 00:05:10 PST
Attachment 243249 [details] did not pass style-queue:


ERROR: Source/WebCore/accessibility/AccessibilityObject.h:264:  Wrong number of spaces before statement. (expected: 8)  [whitespace/indent] [4]
Total errors found: 1 in 6 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 4 chris fleizach 2014-12-13 00:07:56 PST
Created attachment 243250 [details]
patch
Comment 5 Mario Sanchez Prada 2014-12-18 13:12:39 PST
Comment on attachment 243250 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=243250&action=review

Looks good to me, just one minor comment for consideration before landing.

> Source/WebCore/accessibility/AccessibilityNodeObject.cpp:1846
> +static String accessibleNameForNode(Node* node, Node* labelledbyNode)

If you declare a default value for the new parameter (as in Node* labelledbyNode == nullptr), you can get rid of the calls to accessibleNameForObject passing nullptr explicitly.
Comment 6 chris fleizach 2014-12-18 15:01:11 PST
(In reply to comment #5)
> Comment on attachment 243250 [details]
> patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=243250&action=review
> 
> Looks good to me, just one minor comment for consideration before landing.
> 
> > Source/WebCore/accessibility/AccessibilityNodeObject.cpp:1846
> > +static String accessibleNameForNode(Node* node, Node* labelledbyNode)
> 
> If you declare a default value for the new parameter (as in Node*
> labelledbyNode == nullptr), you can get rid of the calls to
> accessibleNameForObject passing nullptr explicitly.

Will do. thanks
Comment 7 chris fleizach 2014-12-18 15:52:27 PST
http://trac.webkit.org/changeset/177537