64011 – Crash related to accessibility and setFocusedNode

Bug 64011 - Crash related to accessibility and setFocusedNode

Summary: Crash related to accessibility and setFocusedNode

Status:	RESOLVED INVALID

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Accessibility (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Mac OS X 10.6

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-07-06 11:50 PDT by Dominic Mazzoni
Modified:	2013-11-19 12:06 PST (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dominic Mazzoni 2011-07-06 11:50:20 PDT

A particular sequence of actions on a Google+ page is causing both Safari and Webkit Nightly to crash when used with VoiceOver. It seems to be caused by AccessibilityRenderObject trying to set focus to a node that no longer exists.

We'll try to post a minimal html example, but for now, here's a stack trace.

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000

#0  0x0000000000000000 in ?? ()
#1  0x00007fff864998f2 in NSAccessibilityHandleFocusChangedForce ()
#2  0x0000000100e02fc6 in WebCore::Document::setFocusedNode ()
#3  0x0000000100f268f7 in WebCore::FocusController::setFocusedNode ()
#4  0x0000000100ef436b in WebCore::Element::focus ()
#5  0x0000000100c81c1a in WebCore::AccessibilityRenderObject::setFocused ()
#6  0x0000000100c6e9af in -[AccessibilityObjectWrapper
accessibilitySetValue:forAttribute:] ()
#7  0x00007fff866f279b in SetAttributeValue ()
#8  0x00007fff8312d9ab in _AXXMIGSetAttributeValue ()
#9  0x00007fff831376ea in _XSetAttributeValue ()
#10 0x00007fff831130bb in mshMIGPerform ()
#11 0x00007fff855e66e1 in __CFRunLoopRun ()
#12 0x00007fff855e4dbf in CFRunLoopRunSpecific ()
#13 0x00007fff817297ee in RunCurrentEventLoopInMode ()
#14 0x00007fff817295f3 in ReceiveNextEventCommon ()
#15 0x00007fff817294ac in BlockUntilNextEventMatchingListInMode ()
#16 0x00007fff864a3e64 in _DPSNextEvent ()
#17 0x00007fff864a37a9 in -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#18 0x000000010001605a in ?? ()
#19 0x00007fff8646948b in -[NSApplication run] ()
#20 0x00007fff864621a8 in NSApplicationMain ()
#21 0x0000000100009f7c in ?? ()

Comment 1 chris fleizach 2011-07-10 18:48:13 PDT

(In reply to comment #0)
> A particular sequence of actions on a Google+ page is causing both Safari and Webkit Nightly to crash when used with VoiceOver. It seems to be caused by AccessibilityRenderObject trying to set focus to a node that no longer exists.
> 
> We'll try to post a minimal html example, but for now, here's a stack trace.
> 
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000
> 
> #0  0x0000000000000000 in ?? ()
> #1  0x00007fff864998f2 in NSAccessibilityHandleFocusChangedForce ()
> #2  0x0000000100e02fc6 in WebCore::Document::setFocusedNode ()
> #3  0x0000000100f268f7 in WebCore::FocusController::setFocusedNode ()
> #4  0x0000000100ef436b in WebCore::Element::focus ()
> #5  0x0000000100c81c1a in WebCore::AccessibilityRenderObject::setFocused ()
> #6  0x0000000100c6e9af in -[AccessibilityObjectWrapper
> accessibilitySetValue:forAttribute:] ()
> #7  0x00007fff866f279b in SetAttributeValue ()
> #8  0x00007fff8312d9ab in _AXXMIGSetAttributeValue ()
> #9  0x00007fff831376ea in _XSetAttributeValue ()
> #10 0x00007fff831130bb in mshMIGPerform ()
> #11 0x00007fff855e66e1 in __CFRunLoopRun ()
> #12 0x00007fff855e4dbf in CFRunLoopRunSpecific ()
> #13 0x00007fff817297ee in RunCurrentEventLoopInMode ()
> #14 0x00007fff817295f3 in ReceiveNextEventCommon ()
> #15 0x00007fff817294ac in BlockUntilNextEventMatchingListInMode ()
> #16 0x00007fff864a3e64 in _DPSNextEvent ()
> #17 0x00007fff864a37a9 in -[NSApplication
> nextEventMatchingMask:untilDate:inMode:dequeue:] ()
> #18 0x000000010001605a in ?? ()
> #19 0x00007fff8646948b in -[NSApplication run] ()
> #20 0x00007fff864621a8 in NSApplicationMain ()
> #21 0x0000000100009f7c in ?? ()

what version of 10.6? I believe this might be fixed in 10.6.8

Comment 2 James Craig 2013-11-19 12:06:24 PST

Closing as invalid. No reports or info in 2+ years.