RESOLVED FIXED 241936
AX: CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::AccessibilityTableCell::ariaOwnedByParent const 
https://bugs.webkit.org/show_bug.cgi?id=241936
Summary AX: CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::A...
Andres Gonzalez
Reported 2022-06-23 14:53:22 PDT
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x1b663c0d0 WebCore::AccessibilityTableCell::ariaOwnedByParent() const + 100 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./accessibility/AccessibilityTableCell.cpp:299) 1 com.apple.WebCore 0x1b663c0bc WebCore::AccessibilityTableCell::ariaOwnedByParent() const + 80 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/accessibility/AccessibilityObjectInterface.h:1091) 2 com.apple.WebCore 0x1b65d9998 WebCore::AccessibilityARIAGridCell::parentTable() const + 24 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./accessibility/AccessibilityTableCell.cpp:306) 3 com.apple.WebCore 0x1b663ad3c WebCore::AccessibilityTableCell::computeAccessibilityIsIgnored() const + 404 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./accessibility/AccessibilityTableCell.cpp:121) 4 com.apple.WebCore 0x1b66113c8 WebCore::AccessibilityObject::accessibilityIsIgnored() const + 424 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./accessibility/AccessibilityObject.cpp:3762) 5 com.apple.WebCore 0x1b65c6fe4 WebCore::AXObjectCache::handleChildrenChanged(WebCore::AccessibilityObject&) + 508 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./accessibility/AccessibilityObject.cpp:3623) 6 com.apple.WebCore 0x1b65d5e14 WebCore::AXObjectCache::performDeferredCacheUpdate() + 1028 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./accessibility/AXObjectCache.cpp:3345) 7 com.apple.WebCore 0x1b562be7c WebCore::FrameView::performPostLayoutTasks() + 1696 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./page/FrameView.cpp:3456) 8 com.apple.WebCore 0x1b70748b8 WebCore::FrameViewLayoutContext::layout() + 1184 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./page/FrameViewLayoutContext.cpp:310) 9 com.apple.WebCore 0x1b56882c0 WebCore::Document::updateLayout() + 772 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./dom/Document.cpp:2262) 10 com.apple.WebCore 0x1b69b21c8 WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) + 72 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./dom/Document.cpp:2286) 11 com.apple.WebCore 0x1b56c6050 WebCore::Element::getBoundingClientRect() + 52 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./dom/Element.cpp:1768) 12 com.apple.WebCore 0x1b5bd8c14 WebCore::jsElementPrototypeFunction_getBoundingClientRect(JSC::JSGlobalObject*, JSC::CallFrame*) + 140 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Binaries/WebCore/install/Symbols/BuiltProducts/DerivedSources/WebCore/JSElement.cpp:3859)
Attachments
Patch (1.61 KB, patch)
2022-06-23 15:05 PDT, Andres Gonzalez 		no flags
DetailsFormatted DiffDiff
Patch (1.60 KB, patch)
2022-06-23 15:14 PDT, Andres Gonzalez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2022-06-23 14:53:30 PDT
<rdar://problem/95809097>
Andres Gonzalez
Comment 2 2022-06-23 15:02:59 PDT
rdar://95250417
Radar WebKit Bug Importer
Comment 3 2022-06-23 15:03:07 PDT
<rdar://problem/95809896>
Andres Gonzalez
Comment 4 2022-06-23 15:05:01 PDT
Created attachment 460456 [details] Patch
Andres Gonzalez
Comment 5 2022-06-23 15:06:40 PDT
rdar://95250417
chris fleizach
Comment 6 2022-06-23 15:10:44 PDT
Comment on attachment 460456 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=460456&action=review > COMMIT_MESSAGE:7 > +AXObjectCache::objectsForIDs was returning a vectorVector<RefPtr> that could contain nullptrs. This patch ensures that all items in the vector are not null. vectorVector
Andres Gonzalez
Comment 7 2022-06-23 15:14:44 PDT
Created attachment 460457 [details] Patch
Andres Gonzalez
Comment 8 2022-06-23 15:16:11 PDT
(In reply to chris fleizach from comment #6) > Comment on attachment 460456 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=460456&action=review > > > COMMIT_MESSAGE:7 > > +AXObjectCache::objectsForIDs was returning a vectorVector<RefPtr> that could contain nullptrs. This patch ensures that all items in the vector are not null. > > vectorVector Fixed.
EWS
Comment 9 2022-06-23 19:04:48 PDT
Committed 251816@main (d9b9019250ec): <https://commits.webkit.org/251816@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 460457 [details].
Note You need to log in before you can comment on or make changes to this bug.