158685 – AX: CrashTracer: com.apple.WebKit.WebContent at WebCore::AccessibilityRenderObject::remoteSVGRootElement const + 227

RESOLVED FIXED Bug 158685

AX: CrashTracer: com.apple.WebKit.WebContent at WebCore::AccessibilityRenderObject::remoteSVGRootElement const + 227

https://bugs.webkit.org/show_bug.cgi?id=158685

Summary AX: CrashTracer: com.apple.WebKit.WebContent at WebCore::AccessibilityRenderO...

chris fleizach

Reported 2016-06-12 23:10:33 PDT

Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000 Thread 0 Crashed ↩:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x1102ec6d3 WebCore::AccessibilityRenderObject::remoteSVGRootElement(WebCore::AccessibilityRenderObject::CreationChoice) const + 227 (/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7602.1.35/accessibility/AccessibilitySVGRoot.h:55) 1 com.apple.WebCore 0x1102e427b WebCore::AccessibilityRenderObject::detach(WebCore::AccessibilityDetachmentType, WebCore::AXObjectCache*) + 27 (/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7602.1.35/accessibility/AccessibilityRenderObject.cpp:2976) 2 com.apple.WebCore 0x11035bfb9 WebCore::AXObjectCache::~AXObjectCache() + 153 (/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7602.1.35/accessibility/AXObjectCache.cpp:193) 3 com.apple.WebCore 0x1104dc4d4 WebCore::Document::destroyRenderTree() + 116 (/Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.11.xctoolchain/usr/bin/../include/c++/v1/memory:2459) 4 com.apple.WebCore 0x1100a4a06 WebCore::Document::prepareForDestruction() + 358 (/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7602.1.35/dom/Document.cpp:2325) --- Smoking gun if (!is<AccessibilitySVGRoot>(*rootSVGObject)) Trying to take nil ptr rootSVGObject and dereference it <rdar://problem/26755269>

Attachments
Patch (1.62 KB, patch) 2016-06-12 23:12 PDT, chris fleizach	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

chris fleizach

Comment 1 2016-06-12 23:12:55 PDT

Created attachment 281159 [details] Patch

David Kilzer (:ddkilzer)

Comment 2 2016-06-13 14:00:30 PDT

Comment on attachment 281159 [details] Patch r=me

WebKit Commit Bot

Comment 3 2016-06-13 16:03:44 PDT

Comment on attachment 281159 [details] Patch Clearing flags on attachment: 281159 Committed r202014: <http://trac.webkit.org/changeset/202014>

WebKit Commit Bot

Comment 4 2016-06-13 16:03:49 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version Safari 9

Hardware All

OS All

Product WebKit

Component Accessibility

Assignee

chris fleizach

Reported

2016-06-12 23:10 PDT

Modified

2016-06-13 16:03 PDT History

CC List

9 users Show

URL

Keywords InRadar

Depends on

Blocks