RESOLVED FIXED 199435
AX: CrashTracer: com.apple.WebKit.WebContent at WebKit: WebKit::WebSpeechSynthesisClient::speak 
https://bugs.webkit.org/show_bug.cgi?id=199435
Summary AX: CrashTracer: com.apple.WebKit.WebContent at WebKit: WebKit::WebSpeechSynt...
chris fleizach
Reported 2019-07-03 00:37:17 PDT
Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed ↩: 0 WebCore 0x000000019a80adc4 non-virtual thunk to WebCore::SpeechSynthesis::didStartSpeaking() + 20 (DumbPtrTraits.h:43) 1 WebKit 0x0000000199ae8ab8 WebKit::WebSpeechSynthesisClient::speak(WTF::RefPtr<WebCore::PlatformSpeechSynthesisUtterance, WTF::DumbPtrTraits<WebCore::PlatformSpeechSynthesisUtterance> >) + 424 (WebSpeechSynthesisClient.cpp:69) 2 WebCore 0x000000019a80a49c WebCore::SpeechSynthesis::startSpeakingImmediately(WebCore::SpeechSynthesisUtterance&) + 124 (SpeechSynthesis.cpp:125) 3 WebCore 0x000000019a4b7064 WebCore::jsSpeechSynthesisPrototypeFunctionSpeakBody(JSC::ExecState*, WebCore::JSSpeechSynthesis*, JSC::ThrowScope&) + 248 (JSSpeechSynthesis.cpp:202) 4 WebCore 0x000000019a4a88a8 WebCore::jsSpeechSynthesisPrototypeFunctionSpeak(JSC::ExecState*) + 152 (JSDOMOperation.h:53) 5 ??? 0x0000000c038d9098 0 + 51599216792 <rdar://problem/52563665>
Attachments
patch (5.42 KB, patch)
2019-07-03 10:06 PDT, chris fleizach 		rniwa: review+
DetailsFormatted DiffDiff
patch (6.51 KB, patch)
2019-07-05 18:06 PDT, chris fleizach 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
chris fleizach
Comment 1 2019-07-03 10:06:38 PDT
Created attachment 373396 [details] patch
Per Arne Vollan
Comment 2 2019-07-03 10:23:15 PDT
Comment on attachment 373396 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=373396&action=review > Source/WebKit/WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp:57 > + if (auto observer = m_page.corePage()->speechSynthesisClient()->observer()) > + observer->didFinishSpeaking(); Could speechSynthesisClient() also possibly return nullptr?
chris fleizach
Comment 3 2019-07-03 10:35:27 PDT
(In reply to Per Arne Vollan from comment #2) > Comment on attachment 373396 [details] > patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=373396&action=review > > > Source/WebKit/WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp:57 > > + if (auto observer = m_page.corePage()->speechSynthesisClient()->observer()) > > + observer->didFinishSpeaking(); > > Could speechSynthesisClient() also possibly return nullptr? I looked into it and to my eyes it did not seem so. It looks like it's set unconditionally
Per Arne Vollan
Comment 4 2019-07-03 10:42:21 PDT
Comment on attachment 373396 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=373396&action=review >>> Source/WebKit/WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp:57 >>> + observer->didFinishSpeaking(); >> >> Could speechSynthesisClient() also possibly return nullptr? > > I looked into it and to my eyes it did not seem so. It looks like it's set unconditionally Perhaps it could return a reference, then? I don't think this is required in this patch, though. It can be done in a follow-up patch.
chris fleizach
Comment 5 2019-07-03 10:42:51 PDT
Comment on attachment 373396 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=373396&action=review >>>> Source/WebKit/WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp:57 >>>> + observer->didFinishSpeaking(); >>> >>> Could speechSynthesisClient() also possibly return nullptr? >> >> I looked into it and to my eyes it did not seem so. It looks like it's set unconditionally > > Perhaps it could return a reference, then? I don't think this is required in this patch, though. It can be done in a follow-up patch. let me look into that
Ryosuke Niwa
Comment 6 2019-07-03 15:14:57 PDT
Comment on attachment 373396 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=373396&action=review >>>>> Source/WebKit/WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp:57 >>>>> + observer->didFinishSpeaking(); >>>> >>>> Could speechSynthesisClient() also possibly return nullptr? >>> >>> I looked into it and to my eyes it did not seem so. It looks like it's set unconditionally >> >> Perhaps it could return a reference, then? I don't think this is required in this patch, though. It can be done in a follow-up patch. > > let me look into that m_speechSynthesisClient(WTFMove(pageConfiguration.speechSynthesisClient)) so if pageConfiguration.speechSynthesisClient is null, it could be null. I think we should add an extra null check for now. We can turn it to a reference in the future.
Ryosuke Niwa
Comment 7 2019-07-03 15:15:31 PDT
r=me with an extra null check for speechSynthesisClient() everywhere.
chris fleizach
Comment 8 2019-07-05 18:06:53 PDT
Created attachment 373557 [details] patch
WebKit Commit Bot
Comment 9 2019-07-06 01:14:22 PDT
Comment on attachment 373557 [details] patch Clearing flags on attachment: 373557 Committed r247192: <https://trac.webkit.org/changeset/247192>
WebKit Commit Bot
Comment 10 2019-07-06 01:14:24 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.