RESOLVED FIXED153553
AX: Crash in AccessibilityTableColumn::headerObject 
https://bugs.webkit.org/show_bug.cgi?id=153553
Summary AX: Crash in AccessibilityTableColumn::headerObject
Nan Wang
Reported 2016-01-27 11:18:52 PST
0 com.apple.WebCore 0x7fff913b9a21 WebCore::AccessibilityTableColumn::headerObject() + 17 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7601.3.4/accessibility/AccessibilityTableColumn.cpp:72) 1 com.apple.WebCore 0x7fff913b80c8 WebCore::AccessibilityTable::columnHeaders(WTF::Vector<WTF::RefPtr<WebCore::AccessibilityObject>, 0ul, WTF::CrashOnOverflow, 16ul>&) + 72 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7601.3.4/accessibility/AccessibilityTable.cpp:521) 2 com.apple.WebCore 0x7fff913b9fc9 WebCore::AccessibilityTableHeaderContainer::addChildren() + 73 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7601.3.4/accessibility/AccessibilityTableHeaderContainer.cpp:80) 3 com.apple.WebCore 0x7fff913a2052 WebCore::AccessibilityObject::updateChildrenIfNecessary() + 66 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7601.3.4/accessibility/AccessibilityObject.cpp:1650)
Attachments
patch (4.42 KB, patch)
2016-01-27 11:43 PST, Nan Wang 		no flags
DetailsFormatted DiffDiff
patch (4.31 KB, patch)
2016-01-27 12:10 PST, Nan Wang 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews116 for mac-yosemite (772.10 KB, application/zip)
2016-01-27 13:03 PST, Build Bot 		no flags
Details
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Nan Wang
Comment 1 2016-01-27 11:19:03 PST
<rdar://problem/23196278>
Nan Wang
Comment 2 2016-01-27 11:43:57 PST
Created attachment 270016 [details] patch Still have some difficulties reproducing the crash in a layout test. Will dig into it more later.
chris fleizach
Comment 3 2016-01-27 12:02:25 PST
Comment on attachment 270016 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=270016&action=review > Source/WebCore/ChangeLog:12 > + function calls elementRect() for each child cell and that sometimes cause sometimes "causes" > Source/WebCore/accessibility/AccessibilityTable.cpp:506 > + AccessibilityChildrenVector columnsCopy = m_columns; bad spacing. > Source/WebCore/accessibility/AccessibilityTable.cpp:522 > + AccessibilityChildrenVector rowsCopy = m_rows; bad spacing > Source/WebCore/accessibility/AccessibilityTableColumn.cpp:66 > + // This was calculated and cached in addChildren() previously, however sometimes elementRect() change comment to something like "This used to be cached during the call to addChildren(), but calling elementRect() can invalidate elements, so its better to ask for this on demand" > Source/WebCore/accessibility/AccessibilityTableColumn.cpp:71 > + for (const auto& cell : m_children) should we make a copy of m_children here in case it invalidates something
Nan Wang
Comment 4 2016-01-27 12:10:04 PST
Created attachment 270021 [details] patch
Build Bot
Comment 5 2016-01-27 13:03:07 PST
Comment on attachment 270021 [details] patch Attachment 270021 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/746751 New failing tests: imported/w3c/web-platform-tests/streams-api/readable-streams/garbage-collection-1.html
Build Bot
Comment 6 2016-01-27 13:03:11 PST
Created attachment 270029 [details] Archive of layout-test-results from ews116 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews116 Port: mac-yosemite Platform: Mac OS X 10.10.5
Nan Wang
Comment 7 2016-01-27 13:53:00 PST
(In reply to comment #5) > Comment on attachment 270021 [details] > patch > > Attachment 270021 [details] did not pass mac-debug-ews (mac): > Output: http://webkit-queues.webkit.org/results/746751 > > New failing tests: > imported/w3c/web-platform-tests/streams-api/readable-streams/garbage- > collection-1.html The test failure might relate to https://bugs.webkit.org/show_bug.cgi?id=152436
WebKit Commit Bot
Comment 8 2016-01-27 16:17:28 PST
Comment on attachment 270021 [details] patch Clearing flags on attachment: 270021 Committed r195705: <http://trac.webkit.org/changeset/195705>
WebKit Commit Bot
Comment 9 2016-01-27 16:17:33 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.