Hidden aria table crashing. Crashing test: <html> <body> <ul aria-hidden="true"> <table> <theader> <td> <span aria-live="assertive"></span> </td> </theader> <caption></caption> </table> </ul> <svg onerror="logPass()"></svg> </body> </html>
<rdar://problem/19320881>
Created attachment 243614 [details] proposed fix
Comment on attachment 243614 [details] proposed fix Clearing flags on attachment: 243614 Committed r177627: <http://trac.webkit.org/changeset/177627>
All reviewed patches have been landed. Closing bug.
A test added in r177824 crashes on Mac with a RELEASE_ASSERT: https://build.webkit.org/results/Apple%20Yosemite%20Release%20WK2%20(Tests)/r177825%20(1624)/plugins/large-plugin-crash-crash-log.txt Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010867bc32 bmalloc::Heap::allocateXLarge(std::__1::lock_guard<bmalloc::StaticMutex>&, unsigned long) + 98 1 com.apple.JavaScriptCore 0x000000010867a7e7 bmalloc::Allocator::allocateXLarge(unsigned long) + 71 2 com.apple.JavaScriptCore 0x000000010865a537 WTF::fastMalloc(unsigned long) + 151 3 com.apple.JavaScriptCore 0x000000010865a5b1 WTF::tryFastMalloc(unsigned long) + 17
Is this the wrong bug though? This is the one referenced in ChangeLog.
(In reply to comment #6) > Is this the wrong bug though? This is the one referenced in ChangeLog. Nope, sorry I mixed bug number. The right one is https://bugs.webkit.org/show_bug.cgi?id=139868
Re-opened since this is blocked by bug 140011
Looks like a regression from r176706. <http://trac.webkit.org/changeset/176706>
Reopening to attach new patch.
Created attachment 248315 [details] Patch
We should be able to re-land this test now.
I just rolled out the bmalloc patch, so we can't land this yet.
I think there is a missunderstanding here. These are two different bugs: AX: Hidden aria table crash: https://bugs.webkit.org/show_bug.cgi?id=139856 Too large plugins are crashing (tryFastMalloc is broken with bmalloc): https://bugs.webkit.org/show_bug.cgi?id=139868 Unfortunately when I created the fix for the second one I copy/pasted the first one bugnumber as I wrote above. Sorry for that. To make the situation more complicated the second one failed on Mac because of bmalloc and the commit bot complained on this bug not the other one.
Comment on attachment 248315 [details] Patch Clearing flags on attachment: 248315 Committed r181330: <http://trac.webkit.org/changeset/181330>