24143 – Crash occurs at WebCore::AccessibilityTable::isTableExposableThroughAccessibility() when applying a link in GMail

RESOLVED FIXED Bug 24143

Crash occurs at WebCore::AccessibilityTable::isTableExposableThroughAccessibility() when applying a link in GMail

https://bugs.webkit.org/show_bug.cgi?id=24143

Summary Crash occurs at WebCore::AccessibilityTable::isTableExposableThroughAccessibi...

chris fleizach

Reported 2009-02-24 16:33:12 PST

Thread 0 Crashed: 0 com.apple.WebCore 0x00007fff83ef3915 WebCore::AccessibilityTable::isTableExposableThroughAccessibility() + 773 1 com.apple.WebCore 0x00007fff83ef3c3b WebCore::AccessibilityTable::AccessibilityTable(WebCore::RenderObject*) + 91 2 com.apple.WebCore 0x00007fff83c7cc12 WebCore::AccessibilityTable::create(WebCore::RenderObject*) + 50 3 com.apple.WebCore 0x00007fff83bd40eb WebCore::AXObjectCache::get(WebCore::RenderObject*) + 363 4 com.apple.WebCore 0x00007fff83bdf0ed WebCore::AccessibilityRenderObject::childrenChanged() + 61 5 com.apple.WebCore 0x00007fff83bd8c05 WebCore::AXObjectCache::childrenChanged(WebCore::RenderObject*) + 101 6 com.apple.WebCore 0x00007fff83a8febe WebCore::RenderObject::destroy() + 222 7 com.apple.WebCore 0x00007fff83a8fce7 WebCore::RenderBox::destroy() + 71 8 com.apple.WebCore 0x00007fff8411570d WebCore::RenderObjectChildList::destroyLeftoverChildren() + 141 9 com.apple.WebCore 0x00007fff840f7476 WebCore::RenderBlock::destroy() + 54 10 com.apple.WebCore 0x00007fff83a8fc46 WebCore::Node::detach() + 38 11 com.apple.WebCore 0x00007fff83a8fafe WebCore::Element::detach() + 110 12 com.apple.WebCore 0x00007fff83b4cc01 WebCore::HTMLInputElement::detach() + 17 13 com.apple.WebCore 0x00007fff83a8fa6c WebCore::ContainerNode::detach() + 44 14 com.apple.WebCore 0x00007fff83a8fafe WebCore::Element::detach() + 110 15 com.apple.WebCore 0x00007fff83a8fa6c WebCore::ContainerNode::detach() + 44 16 com.apple.WebCore 0x00007fff83a8fafe WebCore::Element::detach() + 110 17 com.apple.WebCore 0x00007fff83a8fa6c WebCore::ContainerNode::detach() + 44 18 com.apple.WebCore 0x00007fff83a8fafe WebCore::Element::detach() + 110 19 com.apple.WebCore 0x00007fff83a8fa6c WebCore::ContainerNode::detach() + 44 20 com.apple.WebCore 0x00007fff83a8fafe WebCore::Element::detach() + 110 21 com.apple.WebCore 0x00007fff83a8fa6c WebCore::ContainerNode::detach() + 44 22 com.apple.WebCore 0x00007fff83a8fafe WebCore::Element::detach() + 110 23 com.apple.WebCore 0x00007fff83a8fa6c WebCore::ContainerNode::detach() + 44 24 com.apple.WebCore 0x00007fff83a8fafe WebCore::Element::detach() + 110 25 com.apple.WebCore 0x00007fff83a8fa6c WebCore::ContainerNode::detach() + 44 26 com.apple.WebCore 0x00007fff83a8fafe WebCore::Element::detach() + 110 27 com.apple.WebCore 0x00007fff83a8fa6c WebCore::ContainerNode::detach() + 44 28 com.apple.WebCore 0x00007fff83a8fafe WebCore::Element::detach() + 110 29 com.apple.WebCore 0x00007fff83a8fa6c WebCore::ContainerNode::detach() + 44 30 com.apple.WebCore 0x00007fff83a8fafe WebCore::Element::detach() + 110 31 com.apple.WebCore 0x00007fff83a8fa6c WebCore::ContainerNode::detach() + 44 32 com.apple.WebCore 0x00007fff83a8fafe WebCore::Element::detach() + 110 33 com.apple.WebCore 0x00007fff83b323f5 WebCore::ContainerNode::removeChild(WebCore::Node*, int&) + 405 34 com.apple.WebCore 0x00007fff83b4f3c7 WebCore::JSNode::removeChild(JSC::ExecState*, JSC::ArgList const&) + 87 35 com.apple.WebCore 0x00007fff83b4f36e WebCore::jsNodePrototypeFunctionRemoveChild(JSC::ExecState*, JSC::JSObject*, JSC::JSValuePtr, JSC::ArgList const&) + 110 36 com.apple.JavaScriptCore 0x00007fff876540b9 JSC::Interpreter::cti_op_call_NotJSFunction(void**) + 537 37 ??? 0x000000011b4d62ba 0 + 4753023674 38 com.apple.JavaScriptCore 0x00007fff8760805e JSC::Interpreter::execute(JSC::FunctionBodyNode*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValuePtr*) + 558 39 ???

Attachments
patch to fix crash (14.18 KB, patch) 2009-02-24 18:34 PST, chris fleizach	no flags	Details Formatted Diff Diff
patch to fix crash (14.18 KB, patch) 2009-02-24 18:34 PST, chris fleizach	no flags	Details Formatted Diff Diff
patch to fix crash (14.18 KB, patch) 2009-02-24 18:34 PST, chris fleizach	no flags	Details Formatted Diff Diff
patch to fix crash (17.56 KB, patch) 2009-02-24 18:36 PST, chris fleizach	bdakin: review+	Details Formatted Diff Diff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.

chris fleizach

Comment 1 2009-02-24 18:34:06 PST

Created attachment 27949 [details] patch to fix crash

chris fleizach

Comment 2 2009-02-24 18:34:18 PST

Created attachment 27951 [details] patch to fix crash

chris fleizach

Comment 3 2009-02-24 18:34:18 PST

Created attachment 27952 [details] patch to fix crash

chris fleizach

Comment 4 2009-02-24 18:36:24 PST

Created attachment 27954 [details] patch to fix crash

Beth Dakin

Comment 5 2009-02-25 13:35:35 PST

Comment on attachment 27954 [details] patch to fix crash Hey Chris! This patch looks good. My only comments really have to go with naming conventions. I am not wild about the names get() and getIfExists(). How about one of the following: get() = getOrCreate() getIfExists() = get() or get() = add() getIfExists() = get() The add() one is a little weird, I know, but that is a common naming convention for this kind of thing is some other parts of WebCore…basically it means add this to the cache or just return it if it already exists. That being said, I like getOrCreate() as well, so you can choose whichever you prefer.

chris fleizach

Comment 6 2009-02-25 13:43:27 PST

I will go with getOrCreate. that is a little more explicit than "add", since most of the time this method is used, it is just to get things. changing get to getOrCreate will make this a much bigger patch (In reply to comment #5) > (From update of attachment 27954 [details] [review]) > Hey Chris! This patch looks good. My only comments really have to go with > naming conventions. I am not wild about the names get() and getIfExists(). How > about one of the following: > > get() = getOrCreate() > getIfExists() = get() > > or > > get() = add() > getIfExists() = get() > > The add() one is a little weird, I know, but that is a common naming convention > for this kind of thing is some other parts of WebCore…basically it means add > this to the cache or just return it if it already exists. That being said, I > like getOrCreate() as well, so you can choose whichever you prefer. >

chris fleizach

Comment 7 2009-02-25 16:28:11 PST

http://trac.webkit.org/changeset/41236

chris fleizach

Comment 8 2009-05-18 11:32:33 PDT

*** Bug 22340 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Mac

OS OS X 10.5

Product WebKit

Component Accessibility

Assignee

Nobody

Reported

2009-02-24 16:33 PST

Modified

2009-05-18 11:32 PDT History

CC List

0 users

URL

Keywords

Duplicates (1)

22340 View as bug list

Depends on

Blocks