241936 – AX: CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::AccessibilityTableCell::ariaOwnedByParent const

Bug 241936 - AX: CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::AccessibilityTableCell::ariaOwnedByParent const

Summary: AX: CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::A...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Accessibility (show other bugs)
Version:	WebKit Nightly Build
Hardware:	All All

Importance:	P2 Normal
Assignee:	Andres Gonzalez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2022-06-23 14:53 PDT by Andres Gonzalez
Modified:	2022-06-23 19:04 PDT (History)
CC List:	10 users (show)

See Also:

Attachments
Patch (1.61 KB, patch) 2022-06-23 15:05 PDT, Andres Gonzalez	no flags	Details \| Formatted Diff \| Diff
Patch (1.60 KB, patch) 2022-06-23 15:14 PDT, Andres Gonzalez	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andres Gonzalez 2022-06-23 14:53:22 PDT

Thread 0 Crashed::   Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                        0x1b663c0d0        WebCore::AccessibilityTableCell::ariaOwnedByParent() const + 100 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./accessibility/AccessibilityTableCell.cpp:299)
1   com.apple.WebCore                        0x1b663c0bc        WebCore::AccessibilityTableCell::ariaOwnedByParent() const + 80 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/accessibility/AccessibilityObjectInterface.h:1091)
2   com.apple.WebCore                        0x1b65d9998        WebCore::AccessibilityARIAGridCell::parentTable() const + 24 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./accessibility/AccessibilityTableCell.cpp:306)
3   com.apple.WebCore                        0x1b663ad3c        WebCore::AccessibilityTableCell::computeAccessibilityIsIgnored() const + 404 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./accessibility/AccessibilityTableCell.cpp:121)
4   com.apple.WebCore                        0x1b66113c8        WebCore::AccessibilityObject::accessibilityIsIgnored() const + 424 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./accessibility/AccessibilityObject.cpp:3762)
5   com.apple.WebCore                        0x1b65c6fe4        WebCore::AXObjectCache::handleChildrenChanged(WebCore::AccessibilityObject&) + 508 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./accessibility/AccessibilityObject.cpp:3623)
6   com.apple.WebCore                        0x1b65d5e14        WebCore::AXObjectCache::performDeferredCacheUpdate() + 1028 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./accessibility/AXObjectCache.cpp:3345)
7   com.apple.WebCore                        0x1b562be7c        WebCore::FrameView::performPostLayoutTasks() + 1696 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./page/FrameView.cpp:3456)
8   com.apple.WebCore                        0x1b70748b8        WebCore::FrameViewLayoutContext::layout() + 1184 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./page/FrameViewLayoutContext.cpp:310)
9   com.apple.WebCore                        0x1b56882c0        WebCore::Document::updateLayout() + 772 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./dom/Document.cpp:2262)
10  com.apple.WebCore                        0x1b69b21c8        WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) + 72 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./dom/Document.cpp:2286)
11  com.apple.WebCore                        0x1b56c6050        WebCore::Element::getBoundingClientRect() + 52 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Sources/WebCore/Source/WebCore/./dom/Element.cpp:1768)
12  com.apple.WebCore                        0x1b5bd8c14        WebCore::jsElementPrototypeFunction_getBoundingClientRect(JSC::JSGlobalObject*, JSC::CallFrame*) + 140 (/AppleInternal/Library/BuildRoots/b735fe89-ea95-11ec-a9bc-3e2aa58faa6a/Library/Caches/com.apple.xbs/Binaries/WebCore/install/Symbols/BuiltProducts/DerivedSources/WebCore/JSElement.cpp:3859)

Comment 1 Radar WebKit Bug Importer 2022-06-23 14:53:30 PDT

<rdar://problem/95809097>

Comment 2 Andres Gonzalez 2022-06-23 15:02:59 PDT

rdar://95250417

Comment 3 Radar WebKit Bug Importer 2022-06-23 15:03:07 PDT

<rdar://problem/95809896>

Comment 4 Andres Gonzalez 2022-06-23 15:05:01 PDT

Created attachment 460456 [details]
Patch

Comment 5 Andres Gonzalez 2022-06-23 15:06:40 PDT

rdar://95250417

Comment 6 chris fleizach 2022-06-23 15:10:44 PDT

Comment on attachment 460456 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=460456&action=review

> COMMIT_MESSAGE:7
> +AXObjectCache::objectsForIDs was returning a vectorVector<RefPtr> that could contain nullptrs. This patch ensures that all items in the vector are not null.

vectorVector

Comment 7 Andres Gonzalez 2022-06-23 15:14:44 PDT

Created attachment 460457 [details]
Patch

Comment 8 Andres Gonzalez 2022-06-23 15:16:11 PDT

(In reply to chris fleizach from comment #6)
> Comment on attachment 460456 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=460456&action=review
> 
> > COMMIT_MESSAGE:7
> > +AXObjectCache::objectsForIDs was returning a vectorVector<RefPtr> that could contain nullptrs. This patch ensures that all items in the vector are not null.
> 
> vectorVector

Fixed.

Comment 9 EWS 2022-06-23 19:04:48 PDT

Committed 251816@main (d9b9019250ec): <https://commits.webkit.org/251816@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 460457 [details].