RESOLVED FIXED 139616
AX: Recursive crash at WebCore::accessibleNameForNode
https://bugs.webkit.org/show_bug.cgi?id=139616
Summary AX: Recursive crash at WebCore::accessibleNameForNode
chris fleizach
Reported 2014-12-13 00:00:29 PST
> 1 com.apple.WebCore 0x7fff8d7e90fc WebCore::AXObjectCache::get(WebCore::Node*) + 0xc 2 com.apple.WebCore 0x7fff8d7e8b6f WebCore::AXObjectCache::getOrCreate(WebCore::Node*) + 0x2f 3 com.apple.WebCore 0x7fff8d7f7a0a WebCore::accessibleNameForNode(WebCore::Node*) + 0x16a 4 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 5 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 6 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 7 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 8 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 9 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 10 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 11 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 12 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 13 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 14 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 15 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 16 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 17 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 18 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 19 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 20 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 21 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 22 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 23 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 24 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 25 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 26 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 27 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 28 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 29 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 30 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 31 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 32 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 33 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 34 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 35 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 36 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 37 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 38 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 39 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 40 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 41 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 42 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 43 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 44 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 45 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 46 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 47 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 48 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 49 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 50 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 51 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 52 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 53 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 54 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 55 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 56 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 57 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 58 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 59 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 60 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 61 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 62 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 63 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 64 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 65 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 66 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 67 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 68 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 69 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 70 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 71 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 72 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407 73 com.apple.WebCore 0x7fff8d7f7ace WebCore::accessibleNameForNode(WebCore::Node*) + 0x22e 74 com.apple.WebCore 0x7fff8d7fa5ab WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow>&) const + 0x7b 75 com.apple.WebCore 0x7fff8d7fa94f WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const + 0x3f 76 com.apple.WebCore 0x7fff8d7f72a1 WebCore::AccessibilityNodeObject::ariaLabeledByText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0x31 77 com.apple.WebCore 0x7fff8d7f5ab2 WebCore::AccessibilityNodeObject::alternativeText(WTF::Vector<WebCore::AccessibilityText, 0ul, WTF::CrashOnOverflow>&) const + 0xf2 78 com.apple.WebCore 0x7fff8d7f9b00 WebCore::AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x300 79 com.apple.WebCore 0x7fff8d804b17 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 0x407
Attachments
patch (7.33 KB, patch)
2014-12-13 00:03 PST, chris fleizach
no flags
patch (7.44 KB, patch)
2014-12-13 00:07 PST, chris fleizach
mario: review+
chris fleizach
Comment 1 2014-12-13 00:00:40 PST
chris fleizach
Comment 2 2014-12-13 00:03:08 PST
WebKit Commit Bot
Comment 3 2014-12-13 00:05:10 PST
Attachment 243249 [details] did not pass style-queue: ERROR: Source/WebCore/accessibility/AccessibilityObject.h:264: Wrong number of spaces before statement. (expected: 8) [whitespace/indent] [4] Total errors found: 1 in 6 files If any of these errors are false positives, please file a bug against check-webkit-style.
chris fleizach
Comment 4 2014-12-13 00:07:56 PST
Mario Sanchez Prada
Comment 5 2014-12-18 13:12:39 PST
Comment on attachment 243250 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=243250&action=review Looks good to me, just one minor comment for consideration before landing. > Source/WebCore/accessibility/AccessibilityNodeObject.cpp:1846 > +static String accessibleNameForNode(Node* node, Node* labelledbyNode) If you declare a default value for the new parameter (as in Node* labelledbyNode == nullptr), you can get rid of the calls to accessibleNameForObject passing nullptr explicitly.
chris fleizach
Comment 6 2014-12-18 15:01:11 PST
(In reply to comment #5) > Comment on attachment 243250 [details] > patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=243250&action=review > > Looks good to me, just one minor comment for consideration before landing. > > > Source/WebCore/accessibility/AccessibilityNodeObject.cpp:1846 > > +static String accessibleNameForNode(Node* node, Node* labelledbyNode) > > If you declare a default value for the new parameter (as in Node* > labelledbyNode == nullptr), you can get rid of the calls to > accessibleNameForObject passing nullptr explicitly. Will do. thanks
chris fleizach
Comment 7 2014-12-18 15:52:27 PST
Note You need to log in before you can comment on or make changes to this bug.