NEW 221888
AX: Crash when hiding focused element whilst using VoiceOver (SIGSEGV) if body has a fixed :before pseudo-element
https://bugs.webkit.org/show_bug.cgi?id=221888
Summary AX: Crash when hiding focused element whilst using VoiceOver (SIGSEGV) if bod...
Oliver Byford
Reported 2021-02-15 01:20:30 PST
Created attachment 420279 [details] Example (alternative to CodePen) ## Steps to reproduce 1. Open https://codepen.io/36degrees/pen/bGBVZqp or the attached example.html 2. Enable VoiceOver 3. Tab to the button 'Hide this message' and activate it by pressing enter ## Behaviour The WebKit process crashes after a few moments. In Safari (macOS) a banner appears that says 'This web page was reloaded because a problem occurred'. ``` Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001ac098cac WebCore::makeBoundaryPoint(WebCore::VisiblePosition const&) + 120 1 com.apple.WebCore 0x00000001abf7e0ac WebCore::Range::contains(WebCore::VisiblePosition const&) const + 40 2 com.apple.WebCore 0x00000001abf7e0ac WebCore::Range::contains(WebCore::VisiblePosition const&) const + 40 3 com.apple.WebCore 0x00000001abc2493c WebCore::AccessibilityRenderObject::setSelectedVisiblePositionRange(WebCore::VisiblePositionRange const&) const + 1192 4 com.apple.WebCore 0x00000001acc91018 -[WebAccessibilityObjectWrapper _accessibilitySetValue:forAttribute:] + 1056 5 com.apple.JavaScriptCore 0x00000001a8b4c308 WTF::RunLoop::performWork() + 484 6 com.apple.JavaScriptCore 0x00000001a8b4cff0 WTF::RunLoop::performWork(void*) + 36 7 com.apple.CoreFoundation 0x0000000192c1fc14 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 8 com.apple.CoreFoundation 0x0000000192c1fb60 __CFRunLoopDoSource0 + 208 9 com.apple.CoreFoundation 0x0000000192c1f84c __CFRunLoopDoSources0 + 268 10 com.apple.CoreFoundation 0x0000000192c1e1e4 __CFRunLoopRun + 824 11 com.apple.CoreFoundation 0x0000000192c1d740 CFRunLoopRunSpecific + 600 12 com.apple.Foundation 0x00000001939a6a88 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 232 13 com.apple.Foundation 0x0000000193a3a644 -[NSRunLoop(NSRunLoop) run] + 92 14 libxpc.dylib 0x000000019289b9e0 _xpc_objc_main + 900 15 libxpc.dylib 0x000000019289b3a0 xpc_main + 536 16 com.apple.WebKit 0x00000001add8b114 WebKit::XPCServiceMain(int, char const**) + 644 17 libdyld.dylib 0x0000000192b40f34 start + 4 ``` This does not happen if the :before pseudo-element on the <body> is removed or is not `position: fixed`. Have reproduced across multiple machines and Safari running a local build of WebKit.
Attachments
Example (alternative to CodePen) (1.03 KB, text/html)
2021-02-15 01:20 PST, Oliver Byford
no flags
Crash Report (124.77 KB, text/plain)
2021-02-15 01:21 PST, Oliver Byford
no flags
Radar WebKit Bug Importer
Comment 1 2021-02-15 01:20:55 PST
Oliver Byford
Comment 2 2021-02-15 01:21:20 PST
Created attachment 420280 [details] Crash Report
Note You need to log in before you can comment on or make changes to this bug.