RESOLVED FIXED 43807
REGRESSION (r64816-r64889): Crash in WebCore::AccessibilityRenderObject 
https://bugs.webkit.org/show_bug.cgi?id=43807
Summary REGRESSION (r64816-r64889): Crash in WebCore::AccessibilityRenderObject
Kevin M. Dean
Reported 2010-08-10 13:42:01 PDT
Whenever I press Command-Control-d over some text to bring up the floating dictionary window, Webkit gets the spinning wheel and crashes. Process: Safari [705] Path: /Applications/WebKit.app/Contents/MacOS/WebKit Identifier: org.webkit.nightly.WebKit Version: r65052 (65052) Code Type: PPC (Native) Parent Process: launchd [110] Date/Time: 2010-08-10 13:24:58.447 -0400 OS Version: Mac OS X 10.5.8 (9L30) Report Version: 6 Anonymous UUID: F41C1802-6457-4B49-A738-107FEBA3B7F7 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000000 Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.WebCore 0x01497e18 WebCore::AccessibilityRenderObject::visiblePositionForPoint(WebCore::IntPoint const&) const + 408 1 com.apple.WebCore 0x0148c164 -[AccessibilityObjectWrapper accessibilityAttributeValue:forParameter:] + 2532 2 ....DictionaryServiceComponent 0x1d370ff4 DSAXGetTextOrigin + 1028 3 ....DictionaryServiceComponent 0x1d370908 DSAXGetTextUnderMouse + 432 4 ....DictionaryServiceComponent 0x1d36fb70 DSGetTextUnderMouse + 1024 5 ....DictionaryServiceComponent 0x1d3702cc DSInitializeMessageReceiving + 616 6 com.apple.CoreFoundation 0x920e9258 __CFMessagePortPerform + 324 7 com.apple.CoreFoundation 0x92109630 CFRunLoopRunSpecific + 2480 8 com.apple.HIToolbox 0x90c09b14 RunCurrentEventLoopInMode + 264 9 com.apple.HIToolbox 0x90c09938 ReceiveNextEventCommon + 412 10 com.apple.HIToolbox 0x90c09778 BlockUntilNextEventMatchingListInMode + 84 11 com.apple.AppKit 0x93151244 _DPSNextEvent + 596 12 com.apple.AppKit 0x93150bfc -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 112 13 com.apple.Safari 0x000191c4 0x1000 + 98756 14 com.apple.AppKit 0x9314a89c -[NSApplication run] + 744 15 com.apple.AppKit 0x9311b298 NSApplicationMain + 440 16 com.apple.Safari 0x0000b7c8 0x1000 + 42952
Attachments
Full Crash Log (38.01 KB, text/plain)
2010-08-11 09:56 PDT, Kevin M. Dean 		no flags
Details
patch (10.66 KB, patch)
2010-09-13 00:25 PDT, chris fleizach 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
chris fleizach
Comment 1 2010-08-11 09:47:43 PDT
interesting. i think this is a dupe of other bugs (in radar, not yet in webkit) it looks like dictionary services is using accessibility to get text, which is new to me. Kevin, can you attach the whole crash report. we might be able to get line numbers out of it
Kevin M. Dean
Comment 2 2010-08-11 09:56:59 PDT
Created attachment 64130 [details] Full Crash Log
chris fleizach
Comment 3 2010-08-11 10:04:57 PDT
looks like DictionaryServices changed and no longer uses that method, so this crash report only exists in leopard. i suspect that the problem still exists in webkit however. there's a lot of potential places we'd be accessing a null pointer in that method.
Kevin M. Dean
Comment 4 2010-09-07 17:04:47 PDT
Any update on this crash bug? Still around with the latest webkit and Safari 5.0.2.
chris fleizach
Comment 5 2010-09-08 00:09:47 PDT
(In reply to comment #4) > Any update on this crash bug? Still around with the latest webkit and Safari 5.0.2. I'm testing right now on 10.6.4 and 5.0.2 and i'm not running into a crash. do you have a website that this always happens on? can you give any other info
Kevin M. Dean
Comment 6 2010-09-08 00:29:09 PDT
You previously mentioned that the crash only exists in Leopard, so I would expect 10.6.4 to be fine based on that. The crash is with the dictionary function and happens anywhere regardless of which web site it's on.
chris fleizach
Comment 7 2010-09-09 14:25:14 PDT
(In reply to comment #6) > You previously mentioned that the crash only exists in Leopard, so I would expect 10.6.4 to be fine based on that. > > The crash is with the dictionary function and happens anywhere regardless of which web site it's on. sorry meant to say latest 10.5
Kevin M. Dean
Comment 8 2010-09-09 16:28:56 PDT
Are you making sure you're running Webkit. Straight Safari 5.0.2 under 10.5.8 works fine. It's the latest Webkit in that combination that crashes on me.
chris fleizach
Comment 9 2010-09-12 22:54:17 PDT
regression from https://bugs.webkit.org/show_bug.cgi?id=43632
chris fleizach
Comment 10 2010-09-12 22:58:24 PDT
<rdar://problem/8421449>
chris fleizach
Comment 11 2010-09-13 00:25:40 PDT
Created attachment 67369 [details] patch
Eric Seidel (no email)
Comment 12 2010-09-13 01:36:32 PDT
Comment on attachment 67369 [details] patch Wouldn't it be easier just to change the later line to use render() instead of renderBoxModelObject()?
chris fleizach
Comment 13 2010-09-13 09:03:49 PDT
http://trac.webkit.org/changeset/67390
Note You need to log in before you can comment on or make changes to this bug.