216309 – AccessibilityMenuList and MenuListPopup notifications need to be posted asynchronously.

RESOLVED FIXED 216309

AccessibilityMenuList and MenuListPopup notifications need to be posted asynchronously.

https://bugs.webkit.org/show_bug.cgi?id=216309

Summary AccessibilityMenuList and MenuListPopup notifications need to be posted async...

Andres Gonzalez

Reported 2020-09-09 07:32:20 PDT

AccessibilityMenuList and MenuListPopup notifications need to be posted asynchronously.

Attachments
Patch (3.68 KB, patch) 2020-09-09 07:50 PDT, Andres Gonzalez	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Andres Gonzalez

Comment 1 2020-09-09 07:50:50 PDT

Created attachment 408326 [details] Patch

Andres Gonzalez

Comment 2 2020-09-09 07:56:27 PDT

Crash trace: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00007fff39896673 WTFCrashWithInfo(int, char const*, char const*, int) + 19 1 com.apple.WebCore 0x00007fff396f7dc4 WebCore::Document::updateLayout() + 660 2 com.apple.WebCore 0x00007fff3a79b4a2 WebCore::AccessibilityObject::updateBackingStore() + 226 3 com.apple.WebCore 0x00007fff3b7ff3db -[WebAccessibilityObjectWrapperBase updateObjectBackingStore] + 59 4 com.apple.WebCore 0x00007fff3b80c157 -[WebAccessibilityObjectWrapper accessibilityIsIgnored] + 23 5 com.apple.AppKit 0x00007fff283094d6 __NSAccessibilityEntryPointIsAccessibilityElement_block_invoke + 286 6 com.apple.AppKit 0x00007fff2830937a NSAccessibilityPerformEntryPointBOOL + 16 7 com.apple.AppKit 0x00007fff27d723bd NSAccessibilityEntryPointIsAccessibilityElement + 93 8 com.apple.AppKit 0x00007fff27fd22c2 NSAccessibilityPostNotificationForObservedElementWithUserInfo + 217 9 com.apple.WebCore 0x00007fff3a7882cd WebCore::AccessibilityMenuList::didUpdateActiveOption(int) + 189 10 com.apple.WebCore 0x00007fff398453cb WebCore::RenderMenuList::setTextFromOption(int) + 1419 11 com.apple.WebCore 0x00007fff39762fbf WebCore::HTMLSelectElement::selectOption(int, unsigned int) + 511 12 com.apple.WebCore 0x00007fff3ad2c49d WebCore::HTMLOptionElement::insertedIntoAncestor(WebCore::Node::InsertionType, WebCore::ContainerNode&) + 157 13 com.apple.WebCore 0x00007fff3aa84b9a WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WebCore::TreeScopeChange, WTF::Vector<WTF::Ref<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, 11ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&) + 58 14 com.apple.WebCore 0x00007fff3aa84a32 WebCore::notifyChildNodeInserted(WebCore::ContainerNode&, WebCore::Node&) + 130 15 com.apple.WebCore 0x00007fff3aa7e70e WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck(WebCore::Node&) + 990 16 com.apple.WebCore 0x00007fff3ab175cd WebCore::Node::appendChild(WebCore::Node&) + 93 17 com.apple.WebCore 0x00007fff39f1bd72 WebCore::jsNodePrototypeFunctionAppendChild(JSC::JSGlobalObject*, JSC::CallFrame*) + 482 18 ??? 0x00003e021dc011d8 0 + 68178809983448 19 com.apple.JavaScriptCore 0x00007fff2edaca4f llint_entry + 104267 20 com.apple.JavaScriptCore 0x00007fff2edacacf llint_entry + 104395 21 com.apple.JavaScriptCore 0x00007fff2edaca4f llint_entry + 104267 22 com.apple.JavaScriptCore 0x00007fff2edacacf llint_entry + 104395 23 ??? 0x00003e021e1cdccb 0 + 68178816064715 24 com.apple.JavaScriptCore 0x00007fff2edacacf llint_entry + 104395 25 com.apple.JavaScriptCore 0x00007fff2edacacf llint_entry + 104395 26 com.apple.JavaScriptCore 0x00007fff2edacacf llint_entry + 104395 27 com.apple.JavaScriptCore 0x00007fff2edacacf llint_entry + 104395 28 com.apple.JavaScriptCore 0x00007fff2edad77e llint_entry + 107642 29 ??? 0x00003e021dc9dd90 0 + 68178810625424 30 com.apple.JavaScriptCore 0x00007fff2edaca4f llint_entry + 104267 31 com.apple.JavaScriptCore 0x00007fff2edacacf llint_entry + 104395 32 com.apple.JavaScriptCore 0x00007fff2edacacf llint_entry + 104395 33 com.apple.JavaScriptCore 0x00007fff2ed9310f vmEntryToJavaScript + 216 34 com.apple.JavaScriptCore 0x00007fff2f3d1696 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 518 35 com.apple.JavaScriptCore 0x00007fff2f69b465 JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) + 837 36 ??? 0x00003e021dc01a97 0 + 68178809985687 37 ??? 0x00003e021dc8e4f5 0 + 68178810561781 38 com.apple.JavaScriptCore 0x00007fff2ed9310f vmEntryToJavaScript + 216 39 com.apple.JavaScriptCore 0x00007fff2f3d1696 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 518 40 com.apple.JavaScriptCore 0x00007fff2f5fb0c4 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 164 41 com.apple.JavaScriptCore 0x00007fff2f6e40ef JSC::JSMicrotask::run(JSC::JSGlobalObject*) + 415 42 com.apple.WebCore 0x00007fff3a83af68 WebCore::JSMicrotaskCallback::call() + 104 43 com.apple.WebCore 0x00007fff3a83aecc WTF::Detail::CallableWrapper<WebCore::JSDOMWindowBase::queueMicrotaskToEventLoop(JSC::JSGlobalObject&, WTF::Ref<JSC::Microtask, WTF::DumbPtrTraits<JSC::Microtask> >&&)::$_36, void>::call() + 76 44 com.apple.WebCore 0x00007fff3ab0b3c6 WebCore::MicrotaskQueue::performMicrotaskCheckpoint() + 134 45 com.apple.WebCore 0x00007fff3a82ef0d WebCore::JSExecState::didLeaveScriptContext(JSC::JSGlobalObject*) + 173 46 com.apple.WebCore 0x00007fff3a85956f WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 127 47 com.apple.WebCore 0x00007fff3a859272 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) + 178 48 com.apple.WebCore 0x00007fff3a8595c8 WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&) + 40 49 com.apple.WebCore 0x00007fff3ab3b950 WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) + 528 50 com.apple.WebCore 0x00007fff3ab064f8 WebCore::LoadableClassicScript::execute(WebCore::ScriptElement&) + 168 51 com.apple.WebCore 0x00007fff3ab3c07d WebCore::ScriptElement::executePendingScript(WebCore::PendingScript&) + 445 52 com.apple.WebCore 0x00007fff3ab3e571 WebCore::ScriptRunner::timerFired() + 1249 53 com.apple.WebCore 0x00007fff3b15c526 WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call() + 198 54 com.apple.WebCore 0x00007fff3965b01f WebCore::timerFired(__CFRunLoopTimer*, void*) + 31 ...

Andres Gonzalez

Comment 3 2020-09-09 07:57:12 PDT

<rdar://problem/68108824>

chris fleizach

Comment 4 2020-09-09 09:50:57 PDT

Comment on attachment 408326 [details] Patch these are the last 3 PostSychrnously methods. Can we remove this argument now since it causes issues?

Andres Gonzalez

Comment 5 2020-09-09 10:21:58 PDT

(In reply to chris fleizach from comment #4) > Comment on attachment 408326 [details] > Patch > > these are the last 3 PostSychrnously methods. Can we remove this argument > now since it causes issues? Yes! doing that in a separate patch since we typically don't want to mix the cleanup work with the actual fix for this crash. Will submit the cleanup soon.

EWS

Comment 6 2020-09-09 10:42:06 PDT

Committed r266787: <https://trac.webkit.org/changeset/266787> All reviewed patches have been landed. Closing bug and clearing flags on attachment 408326 [details].

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Andres Gonzalez

Reported

2020-09-09 07:32 PDT

Modified

2020-09-09 10:42 PDT History

CC List

8 users Show

URL

Keywords InRadar

Depends on

Blocks