RESOLVED FIXED 161878
AX: Crash at WebCore::Range::compareBoundaryPoints(WebCore::Range::CompareHow, WebCore::Range const&, int&) const + 23 
https://bugs.webkit.org/show_bug.cgi?id=161878
Summary AX: Crash at WebCore::Range::compareBoundaryPoints(WebCore::Range::CompareHow...
Nan Wang
Reported 2016-09-12 15:35:35 PDT
0 com.apple.WebCore 0x00007fffc9e29fe7 WebCore::Range::compareBoundaryPoints(WebCore::Range::CompareHow, WebCore::Range const&, int&) const + 23 1 com.apple.WebCore 0x00007fffc9507830 WebCore::AXObjectCache::rangeForUnorderedCharacterOffsets(WebCore::CharacterOffset const&, WebCore::CharacterOffset const&) + 400 2 com.apple.WebCore 0x00007fffca2002e0 -[WebAccessibilityObjectWrapper rangeForTextMarkerRange:] + 224 3 com.apple.WebCore 0x00007fffca2129e8 -[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:] + 15464 <rdar://problem/27821325>
Attachments
patch (6.42 KB, patch)
2016-09-12 15:44 PDT, Nan Wang 		no flags
DetailsFormatted DiffDiff
patch (6.02 KB, patch)
2016-09-12 15:59 PDT, Nan Wang 		no flags
DetailsFormatted DiffDiff
patch (6.02 KB, patch)
2016-09-12 16:14 PDT, Nan Wang 		cfleizach: review+
n_wang: commit-queue-
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Nan Wang
Comment 1 2016-09-12 15:37:03 PDT
In static bool characterOffsetsInOrder(const CharacterOffset& characterOffset1, const CharacterOffset& characterOffset2) We are getting an NULL range because characterOffset1 is associated with a doctype node.
Nan Wang
Comment 2 2016-09-12 15:44:24 PDT
Created attachment 288625 [details] patch
Nan Wang
Comment 3 2016-09-12 15:59:18 PDT
Created attachment 288629 [details] patch Fixed the build failure.
chris fleizach
Comment 4 2016-09-12 16:10:10 PDT
Comment on attachment 288629 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=288629&action=review > Source/WebCore/ChangeLog:9 > + ranges based on the nodes that associated to the passed in CharacterOffsets. When the first node is a doctype that are associated > Source/WebCore/ChangeLog:10 > + node, the first range will be a nullptr. And dereferencing it leads to a crash. Fixed this by adding a one sentence e a nullptr, and der
Nan Wang
Comment 5 2016-09-12 16:14:42 PDT
Created attachment 288632 [details] patch updated from review.
Nan Wang
Comment 6 2016-09-12 18:00:26 PDT
Committed r205845: <http://trac.webkit.org/changeset/205845>
Note You need to log in before you can comment on or make changes to this bug.