WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
139616
AX: Recursive crash at WebCore::accessibleNameForNode
https://bugs.webkit.org/show_bug.cgi?id=139616
Summary
AX: Recursive crash at WebCore::accessibleNameForNode
chris fleizach
Reported
2014-12-13 00:00:29 PST
> 1 com.apple.WebCore 0x7fff8d7e90fc WebCore::AXObjectCache::get(WebCore::Node*) + 0xc
2 com.apple.WebCore 0x7fff8d7e8b6f WebCore::AXObjectCache::getOrCreate(WebCore::Node*) + 0x2f 3 com.apple.WebCore 0x7fff8d7f7a0a WebCore::accessibleNameForNode(WebCore::Node*) + 0x16a 4 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 5 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 6 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 7 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 8 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 9 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 10 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 11 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 12 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 13 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 14 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 15 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 16 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 17 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 18 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 19 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 20 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 21 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 22 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 23 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 24 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 25 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 26 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 27 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 28 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 29 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 30 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 31 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 32 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 33 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 34 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 35 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 36 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 37 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 38 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 39 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 40 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 41 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 42 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 43 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 44 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 45 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 46 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 47 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 48 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 49 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 50 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 51 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 52 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 53 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 54 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 55 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 56 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 57 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 58 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 59 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 60 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 61 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 62 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 63 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 64 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 65 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 66 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 67 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 68 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 69 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 70 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 71 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 72 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 73 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 74 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 75 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 76 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 77 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 78 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 79 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407
Attachments
patch
(7.33 KB, patch)
2014-12-13 00:03 PST
,
chris fleizach
no flags
Details
Formatted Diff
Diff
patch
(7.44 KB, patch)
2014-12-13 00:07 PST
,
chris fleizach
mario
: review+
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
chris fleizach
Comment 1
2014-12-13 00:00:40 PST
<
rdar://problem/19064918
>
chris fleizach
Comment 2
2014-12-13 00:03:08 PST
Created
attachment 243249
[details]
patch
WebKit Commit Bot
Comment 3
2014-12-13 00:05:10 PST
Attachment 243249
[details]
did not pass style-queue: ERROR: Source/WebCore/accessibility/AccessibilityObject.h:264: Wrong number of spaces before statement. (expected: 8) [whitespace/indent] [4] Total errors found: 1 in 6 files If any of these errors are false positives, please file a bug against check-webkit-style.
chris fleizach
Comment 4
2014-12-13 00:07:56 PST
Created
attachment 243250
[details]
patch
Mario Sanchez Prada
Comment 5
2014-12-18 13:12:39 PST
Comment on
attachment 243250
[details]
patch View in context:
https://bugs.webkit.org/attachment.cgi?id=243250&action=review
Looks good to me, just one minor comment for consideration before landing.
> Source/WebCore/accessibility/AccessibilityNodeObject.cpp:1846 > +static String accessibleNameForNode(Node* node, Node* labelledbyNode)
If you declare a default value for the new parameter (as in Node* labelledbyNode == nullptr), you can get rid of the calls to accessibleNameForObject passing nullptr explicitly.
chris fleizach
Comment 6
2014-12-18 15:01:11 PST
(In reply to
comment #5
)
> Comment on
attachment 243250
[details]
> patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=243250&action=review
> > Looks good to me, just one minor comment for consideration before landing. > > > Source/WebCore/accessibility/AccessibilityNodeObject.cpp:1846 > > +static String accessibleNameForNode(Node* node, Node* labelledbyNode) > > If you declare a default value for the new parameter (as in Node* > labelledbyNode == nullptr), you can get rid of the calls to > accessibleNameForObject passing nullptr explicitly.
Will do. thanks
chris fleizach
Comment 7
2014-12-18 15:52:27 PST
http://trac.webkit.org/changeset/177537
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug