Bug 225677 - AX: Crash at WebCore::Document::updateLayout
Summary: AX: Crash at WebCore::Document::updateLayout
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Accessibility (show other bugs)
Version: WebKit Nightly Build
Hardware: All All
: P2 Normal
Assignee: chris fleizach
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-05-11 15:58 PDT by chris fleizach
Modified: 2023-04-12 14:45 PDT (History)
9 users (show)

See Also:

Attachments
patch (7.34 KB, patch)
2021-05-12 17:14 PDT, chris fleizach 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description chris fleizach 2021-05-11 15:58:25 PDT 
50 WebCore: WTFCrashWithInfo(int, char const*, char const*, int)
        50 WebCore: WebCore::Document::updateLayout()
   ==> 50 WebCore: WebCore::AccessibilityObject::updateBackingStore() <==
            50 WebCore: -[WebAccessibilityObjectWrapperBase updateObjectBackingStore]
              50 WebCore: -[WebAccessibilityObjectWrapper accessibilityIsIgnored]
                50 AppKit: __NSAccessibilityEntryPointIsAccessibilityElement_block_invoke
                  50 AppKit: NSAccessibilityPerformEntryPointBOOL
                    50 AppKit: NSAccessibilityEntryPointIsAccessibilityElement
                      50 AppKit: NSAccessibilityPostNotificationForObservedElementWithUserInfo
                        50 WebCore: WebCore::AccessibilityMenuList::didUpdateActiveOption(int)
                          50 WebCore: WebCore::RenderMenuList::setTextFromOption(int)
                            50 WebCore: WebCore::HTMLSelectElement::selectOption(int, unsigned int)
                              50 WebCore: WebCore::HTMLOptionElement::insertedIntoAncestor(WebCore::Node::InsertionType, WebCore::ContainerNode&)
                                50 WebCore: WebCore::notifyNodeInsertedIntoDocument(WebCore::ContainerNode&, WebCore::Node&, WebCore::TreeScopeChange, WTF::Vector<WTF::Ref<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, 11ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&)
                                  50 WebCore: WebCore::notifyChildNodeInserted(WebCore::ContainerNode&, WebCore::Node&)
                                    26 WebCore: WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck(WebCore::Node&)
                                    | 24 WebCore: WebCore::Node::appendChild(WebCore::Node&)
                                    | | 24 WebCore: WebCore::jsNodePrototypeFunctionAppendChild(JSC::JSGlobalObject*, JSC::CallFrame*)


<rdar://problem/74472851>
Comment 1 chris fleizach 2021-05-12 17:14:30 PDT 
Created attachment 428436 [details]
patch
Comment 2 EWS 2021-05-13 07:30:30 PDT 
Committed r277434 (237682@main): <https://commits.webkit.org/237682@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 428436 [details].