RESOLVED FIXED Bug 139856
AX: Hidden aria table crash 
https://bugs.webkit.org/show_bug.cgi?id=139856
Summary AX: Hidden aria table crash
Gabor Rapcsanyi
Reported 2014-12-21 10:47:53 PST
Hidden aria table crashing. Crashing test: <html> <body> <ul aria-hidden="true"> <table> <theader> <td> <span aria-live="assertive"></span> </td> </theader> <caption></caption> </table> </ul> <svg onerror="logPass()"></svg> </body> </html>
Attachments
proposed fix (3.73 KB, patch)
2014-12-21 13:30 PST, Gabor Rapcsanyi 		no flags
DetailsFormatted DiffDiff
Patch (1.74 KB, patch)
2015-03-09 21:19 PDT, Geoffrey Garen 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2014-12-21 10:48:07 PST
<rdar://problem/19320881>
Gabor Rapcsanyi
Comment 2 2014-12-21 13:30:10 PST
Created attachment 243614 [details] proposed fix
WebKit Commit Bot
Comment 3 2014-12-21 15:57:04 PST
Comment on attachment 243614 [details] proposed fix Clearing flags on attachment: 243614 Committed r177627: <http://trac.webkit.org/changeset/177627>
WebKit Commit Bot
Comment 4 2014-12-21 15:57:08 PST
All reviewed patches have been landed. Closing bug.
Alexey Proskuryakov
Comment 5 2014-12-30 13:23:58 PST
A test added in r177824 crashes on Mac with a RELEASE_ASSERT: https://build.webkit.org/results/Apple%20Yosemite%20Release%20WK2%20(Tests)/r177825%20(1624)/plugins/large-plugin-crash-crash-log.txt Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010867bc32 bmalloc::Heap::allocateXLarge(std::__1::lock_guard<bmalloc::StaticMutex>&, unsigned long) + 98 1 com.apple.JavaScriptCore 0x000000010867a7e7 bmalloc::Allocator::allocateXLarge(unsigned long) + 71 2 com.apple.JavaScriptCore 0x000000010865a537 WTF::fastMalloc(unsigned long) + 151 3 com.apple.JavaScriptCore 0x000000010865a5b1 WTF::tryFastMalloc(unsigned long) + 17
Alexey Proskuryakov
Comment 6 2014-12-30 13:27:28 PST
Is this the wrong bug though? This is the one referenced in ChangeLog.
Gabor Rapcsanyi
Comment 7 2014-12-30 13:44:26 PST
(In reply to comment #6) > Is this the wrong bug though? This is the one referenced in ChangeLog. Nope, sorry I mixed bug number. The right one is https://bugs.webkit.org/show_bug.cgi?id=139868
WebKit Commit Bot
Comment 8 2014-12-31 00:38:26 PST
Re-opened since this is blocked by bug 140011
David Kilzer (:ddkilzer)
Comment 9 2015-01-05 11:54:23 PST
Looks like a regression from r176706. <http://trac.webkit.org/changeset/176706>
Geoffrey Garen
Comment 10 2015-03-09 21:19:13 PDT
Reopening to attach new patch.
Geoffrey Garen
Comment 11 2015-03-09 21:19:16 PDT
Created attachment 248315 [details] Patch
Geoffrey Garen
Comment 12 2015-03-09 21:20:09 PDT
We should be able to re-land this test now.
Alexey Proskuryakov
Comment 13 2015-03-09 23:57:59 PDT
I just rolled out the bmalloc patch, so we can't land this yet.
Gabor Rapcsanyi
Comment 14 2015-03-10 02:17:37 PDT
I think there is a missunderstanding here. These are two different bugs: AX: Hidden aria table crash: https://bugs.webkit.org/show_bug.cgi?id=139856 Too large plugins are crashing (tryFastMalloc is broken with bmalloc): https://bugs.webkit.org/show_bug.cgi?id=139868 Unfortunately when I created the fix for the second one I copy/pasted the first one bugnumber as I wrote above. Sorry for that. To make the situation more complicated the second one failed on Mac because of bmalloc and the commit bot complained on this bug not the other one.
WebKit Commit Bot
Comment 15 2015-03-10 11:17:48 PDT
Comment on attachment 248315 [details] Patch Clearing flags on attachment: 248315 Committed r181330: <http://trac.webkit.org/changeset/181330>
WebKit Commit Bot
Comment 16 2015-03-10 11:17:54 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.