RESOLVED FIXED 70938
AX: crash when accessing selectedTab in a tab list 
https://bugs.webkit.org/show_bug.cgi?id=70938
Summary AX: crash when accessing selectedTab in a tab list
chris fleizach
Reported 2011-10-26 09:55:01 PDT
This crash can be hit if a tab object was modified and the children list not updated in the meantime Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00007fff84987ea2 WebCore::AccessibilityRenderObject::isChecked() const + 16 1 com.apple.WebCore 0x00007fff84ffc667 WebCore::AccessibilityRenderObject::selectedTabItem() + 127 2 com.apple.WebCore 0x00007fff84967b11 -[AccessibilityObjectWrapper accessibilityAttributeValue:] + 3377 3 com.apple.AppKit 0x00007fff86d3436e -[NSObject(NSAccessibilityInternal) _accessibilityValueForAttribute:clientError:] + 240 4 com.apple.AppKit 0x00007fff86d38f5b CopyAppKitUIElementAttributeValueNoCatch + 55 5 com.apple.AppKit 0x00007fff86d3695d CopyAttributeValue + 316 6 com.apple.HIServices 0x00007fff8bb16c1f _AXXMIGCopyAttributeValue + 225 7 com.apple.HIServices 0x00007fff8bb20381 _XCopyAttributeValue + 619 8 com.apple.HIServices 0x00007fff8bafafce mshMIGPerform + 564 9 com.apple.CoreFoundation 0x00007fff88c5221c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ + 44 10 com.apple.CoreFoundation 0x00007fff88c51f4b __CFRunLoopDoSource1 + 155 11 com.apple.CoreFoundation 0x00007fff88c886b7 __CFRunLoopRun + 1895 12 com.apple.CoreFoundation 0x00007fff88c87c16 CFRunLoopRunSpecific + 230 13 com.apple.HIToolbox 0x00007fff8789544f RunCurrentEventLoopInMode + 277 14 com.apple.HIToolbox 0x00007fff8789c6b9 ReceiveNextEventCommon + 355 15 com.apple.HIToolbox 0x00007fff8789c546 BlockUntilNextEventMatchingListInMode + 62 16 com.apple.AppKit 0x00007fff86a9bac5 _DPSNextEvent + 659 17 com.apple.AppKit 0x00007fff86a9b3c9 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135 18 com.apple.AppKit 0x00007fff86a97d01 -[NSApplication run] + 470 19 com.apple.WebKit2 0x00007fff85fab483 WebKit::WebProcessMain(WebKit::CommandLine const&) + 587 20 com.apple.WebKit2 0x00007fff85f979c6 WebKitMain + 268 21 com.apple.WebProcess 0x000000010ebcfda4 0x10ebcf000 + 3492
Attachments
patch (12.09 KB, patch)
2011-10-26 15:15 PDT, chris fleizach 		gustavo: commit-queue-
DetailsFormatted DiffDiff
patch (12.11 KB, patch)
2011-10-26 20:37 PDT, chris fleizach 		bdakin: review+
webkit.review.bot: commit-queue-
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
chris fleizach
Comment 1 2011-10-26 15:15:11 PDT
Created attachment 112604 [details] patch
chris fleizach
Comment 2 2011-10-26 15:16:18 PDT
Comment on attachment 112604 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=112604&action=review > Tools/DumpRenderTree/AccessibilityUIElement.h:180 > // ARIA specific will remove whitespace in submission
Gustavo Noronha (kov)
Comment 3 2011-10-26 17:23:47 PDT
Comment on attachment 112604 [details] patch Attachment 112604 [details] did not pass gtk-ews (gtk): Output: http://queues.webkit.org/results/10212889
chris fleizach
Comment 4 2011-10-26 20:37:14 PDT
Created attachment 112635 [details] patch
Beth Dakin
Comment 5 2011-11-08 17:24:50 PST
Comment on attachment 112635 [details] patch r=me!
WebKit Review Bot
Comment 6 2011-11-08 22:57:20 PST
Comment on attachment 112635 [details] patch Rejecting attachment 112635 [details] from commit-queue. Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '-..." exit_code: 1 Last 500 characters of output: return self.open(self.click(*args, **kwds)) File "/mnt/git/webkit-commit-queue/Tools/Scripts/webkitpy/thirdparty/autoinstalled/mechanize/_mechanize.py", line 203, in open return self._mech_open(url, data, timeout=timeout) File "/mnt/git/webkit-commit-queue/Tools/Scripts/webkitpy/thirdparty/autoinstalled/mechanize/_mechanize.py", line 255, in _mech_open raise response webkitpy.thirdparty.autoinstalled.mechanize._response.httperror_seek_wrapper: HTTP Error 500: Internal Server Error Full output: http://queues.webkit.org/results/10377126
chris fleizach
Comment 7 2011-11-09 11:10:10 PST
http://trac.webkit.org/changeset/99740
Julien Chaffraix
Comment 8 2011-11-09 11:31:20 PST
(In reply to comment #7) > http://trac.webkit.org/changeset/99740 FYI there was a bad merge that made the bots red. I corrected it in http://trac.webkit.org/changeset/99741. Hopefully there was nothing else.
Beth Dakin
Comment 9 2011-11-09 11:51:13 PST
I made another attempt with http://trac.webkit.org/changeset/99743
chris fleizach
Comment 10 2011-11-09 12:01:04 PST
(In reply to comment #9) > I made another attempt with http://trac.webkit.org/changeset/99743 After that change I see /Volumes/data/WebKit-4/Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm:483:48:{483:24-483:48}: error: out-of-line definition of 'uiElementAttributeValue' does not match any declaration in 'AccessibilityUIElement' [3] AccessibilityUIElement AccessibilityUIElement::uiElementAttributeValue(JSStringRef attribute) ~~~~~~~~~~~~~~~~~~~~~~~~^ I'll take a look at it now
Beth Dakin
Comment 11 2011-11-09 12:04:26 PST
(In reply to comment #9) > I made another attempt with http://trac.webkit.org/changeset/99743 And revision 99746.
Note You need to log in before you can comment on or make changes to this bug.