57405 – CrashTracer: 301 crashes in Safari at com.apple.WebCore: WebCore::AccessibilityRenderObject::visiblePositionForPoint const + 297

Bug 57405 - CrashTracer: 301 crashes in Safari at com.apple.WebCore: WebCore::AccessibilityRenderObject::visiblePositionForPoint const + 297

Summary: CrashTracer: 301 crashes in Safari at com.apple.WebCore: WebCore::Accessibili...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Accessibility (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC OS X 10.5

Importance:	P2 Normal
Assignee:	chris fleizach

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-03-29 17:22 PDT by chris fleizach
Modified:	2011-04-20 17:54 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
patch (3.61 KB, patch) 2011-03-30 08:35 PDT, chris fleizach	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description chris fleizach 2011-03-29 17:22:50 PDT

Thread 0 Crashed ↩:  Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x7fff869fb329 WebCore::AccessibilityRenderObject::visiblePositionForPoint(WebCore::IntPoint const&) const + 297 (/SourceCache/WebCore/
Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000038
Crashed Thread:  0  Dispatch queue: com.apple.main-thread

WebCore-7533.20.24/accessibility/AccessibilityRenderObject.cpp:2557)
1   com.apple.WebCore             	0x7fff86719c22 -[AccessibilityObjectWrapper accessibilityAttributeValue:forParameter:] + 2562 (/SourceCache/WebCore/WebCore-7533.20.24/accessibility/mac/AccessibilityObjectWrapper.mm:2360)

Comment 1 chris fleizach 2011-03-29 17:23:11 PDT

That line is

FrameView* frameView = m_renderer->document()->topDocument()->renderer()->view()->frameView();

which seems likely that there was a nil pointer in there somewhere

Comment 2 chris fleizach 2011-03-29 17:23:49 PDT

unfortunately, i can't reproduce this crash, and don't know how it occurs

Comment 3 chris fleizach 2011-03-30 08:35:34 PDT

Created attachment 87541 [details]
patch

Comment 4 WebKit Commit Bot 2011-04-20 17:54:42 PDT

Comment on attachment 87541 [details]
patch

Clearing flags on attachment: 87541

Committed r84444: <http://trac.webkit.org/changeset/84444>

Comment 5 WebKit Commit Bot 2011-04-20 17:54:47 PDT

All reviewed patches have been landed.  Closing bug.