Bug 219168 - Fix for crash in Accessibility::performFunctionOnMainThread.
Summary: Fix for crash in Accessibility::performFunctionOnMainThread.
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Andres Gonzalez
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-11-19 11:03 PST by Andres Gonzalez
Modified: 2020-11-19 11:53 PST (History)
9 users (show)

See Also:

Attachments
Patch (1.69 KB, patch)
2020-11-19 11:13 PST, Andres Gonzalez 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andres Gonzalez 2020-11-19 11:03:13 PST 
Fix for crash in Accessibility::performFunctionOnMainThread.
Comment 1 Andres Gonzalez 2020-11-19 11:13:32 PST 
Created attachment 414602 [details]
Patch
Comment 2 Andres Gonzalez 2020-11-19 11:21:29 PST 
Crash stack trace:
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
  * frame #0: 0x00000001d8df58af WebCore`WTF::KeyValuePair<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > >* WTF::HashTable<unsigned long, WTF::KeyValuePair<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >, WTF::DefaultHash<unsigned long>, WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::KeyValuePairTraits, WTF::HashTraits<unsigned long> >::inlineLookup<WTF::HashMapTranslatorAdapter<WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::KeyValuePairTraits, WTF::IdentityHashTranslator<WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::KeyValuePairTraits, WTF::DefaultHash<unsigned long> > >, unsigned long>(this=0x88c4ec9000008017, key=0x00007ffee37d86f0) at HashTable.h:673:28
    frame #1: 0x00000001d8df582d WebCore`WTF::KeyValuePair<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > >* WTF::HashTable<unsigned long, WTF::KeyValuePair<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >, WTF::DefaultHash<unsigned long>, WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::KeyValuePairTraits, WTF::HashTraits<unsigned long> >::lookup<WTF::HashMapTranslatorAdapter<WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::KeyValuePairTraits, WTF::IdentityHashTranslator<WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::KeyValuePairTraits, WTF::DefaultHash<unsigned long> > >, unsigned long>(this=0x88c4ec9000008017, key=0x00007ffee37d86f0) at HashTable.h:663:16
    frame #2: 0x00000001d8df57bd WebCore`WebCore::AccessibilityObject* WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::get<WTF::IdentityHashTranslator<WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::KeyValuePairTraits, WTF::DefaultHash<unsigned long> >, unsigned long>(this=0x88c4ec9000008017, value=0x00007ffee37d86f0) const at HashMap.h:321:63
    frame #3: 0x00000001d8dcfa6d WebCore`WTF::HashMap<unsigned long, WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> >, WTF::DefaultHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<WTF::RefPtr<WebCore::AccessibilityObject, WTF::RawPtrTraits<WebCore::AccessibilityObject>, WTF::DefaultRefDerefTraits<WebCore::AccessibilityObject> > > >::get(this=0x88c4ec9000008017, key=0x00007ffee37d86f0) const at HashMap.h:436:12
    frame #4: 0x00000001d8e17ba6 WebCore`WebCore::AXObjectCache::objectFromAXID(this=0x88c4ec9000007fff, id=140735487809992) const at AXObjectCache.h:222:75
    frame #5: 0x00000001d8e99c7d WebCore`WebCore::AXIsolatedObject::associatedAXObject(this=0x00007fff886293a0) const at AXIsolatedObject.h:87:55
    frame #6: 0x00000001d8ed4bd8 WebCore`WebCore::AXIsolatedObject::scrollToMakeVisible(this=0x00007000032efe00) const::$_17::operator()() const at AXIsolatedObject.cpp:659:29
    frame #7: 0x00000001d8ed4f28 WebCore`void WebCore::Accessibility::performFunctionOnMainThread<WebCore::AXIsolatedObject::scrollToMakeVisible() const::$_17>(this=0x0000000203f60698) const::$_17&&)::'lambda'()::operator()() const at AccessibilityObjectInterface.h:1563:9
    frame #8: 0x00000001d8ed4ede WebCore`WTF::Detail::CallableWrapper<void WebCore::Accessibility::performFunctionOnMainThread<WebCore::AXIsolatedObject::scrollToMakeVisible() const::$_17>(WebCore::AXIsolatedObject::scrollToMakeVisible() const::$_17&&)::'lambda'(), void>::call(this=0x0000000203f60690) at Function.h:52:39
    frame #9: 0x00000001f51b8f82 JavaScriptCore`WTF::Function<void ()>::operator(this=0x00007ffee37d87e8)() const at Function.h:83:35
    frame #10: 0x00000001f522dd75 JavaScriptCore`WTF::RunLoop::performWork(this=0x00000001fc6fb080) at RunLoop.cpp:123:9
    frame #11: 0x00000001f5231561 JavaScriptCore`WTF::RunLoop::performWork(context=0x00000001fc6fb080) at RunLoopCF.cpp:46:37
    frame #12: 0x00007fff205ea9fc CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
    frame #13: 0x00007fff205ea964 CoreFoundation`__CFRunLoopDoSource0 + 180
    frame #14: 0x00007fff205ea6df CoreFoundation`__CFRunLoopDoSources0 + 248
    frame #15: 0x00007fff205e9111 CoreFoundation`__CFRunLoopRun + 890
    frame #16: 0x00007fff205e86be CoreFoundation`CFRunLoopRunSpecific + 563
    frame #17: 0x00007fff21372fa1 Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212
    frame #18: 0x00007fff21401384 Foundation`-[NSRunLoop(NSRunLoop) run] + 76
    frame #19: 0x00007fff202413dd libxpc.dylib`_xpc_objc_main + 825
    frame #20: 0x00007fff20240e65 libxpc.dylib`xpc_main + 437
    frame #21: 0x00000001c8ae636c WebKit`WebKit::XPCServiceMain(argc=1, argv=0x00007ffee37d99c8) at XPCServiceMain.mm:208:5
    frame #22: 0x00000001c9f3de3b WebKit`WKXPCServiceMain(argc=1, argv=0x00007ffee37d99c8) at WKMain.mm:33:12
    frame #23: 0x000000010c429ea2 com.apple.WebKit.WebContent.Development`main(argc=1, argv=0x00007ffee37d99c8) at AuxiliaryProcessMain.cpp:30:12
    frame #24: 0x00007fff2050d591 libdyld.dylib`start + 1
    frame #25: 0x00007fff2050d591 libdyld.dylib`start + 1
(lldb)
Comment 3 EWS 2020-11-19 11:52:21 PST 
Committed r270041: <https://trac.webkit.org/changeset/270041>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 414602 [details].
Comment 4 Radar WebKit Bug Importer 2020-11-19 11:53:17 PST 
<rdar://problem/71595779>