RESOLVED FIXED 96443
AX: Crashes in WebProcess at com.apple.WebCore: -[AccessibilityObjectWrapper remoteAccessibilityParentObject] + 78 
https://bugs.webkit.org/show_bug.cgi?id=96443
Summary AX: Crashes in WebProcess at com.apple.WebCore: -[AccessibilityObjectWrapper ...
chris fleizach
Reported 2012-09-11 16:04:16 PDT
> 1 com.apple.WebCore 0x7fff900a5e6e -[AccessibilityObjectWrapper remoteAccessibilityParentObject] + 0x4e 2 com.apple.WebCore 0x7fff9005f9af -[AccessibilityObjectWrapper scrollViewParent] + 0x7f 3 com.apple.WebCore 0x7fff9003023d -[AccessibilityObjectWrapper accessibilityAttributeValue:] + 0xcd 4 com.apple.AppKit 0x7fff8ec7b26d -[NSObject(NSRemoteUIElementAccessibility) accessibilityPresenterProcessIdentifier] + 0x7a 5 com.apple.AppKit 0x7fff8e6b5bb9 NSAccessibilityCreateAXUIElementRef + 0x36a 6 com.apple.AppKit 0x7fff8e6b611b ConvertOutgoingValue + 0x50e 7 com.apple.AppKit 0x7fff8e6b5caf ConvertOutgoingValue + 0xa2 8 com.apple.AppKit 0x7fff8e6b630d ConvertOutgoingValueForAttribute + 0x1bd 9 com.apple.AppKit 0x7fff8e6b6360 CopyAppKitUIElementAttributeValueNoCatch + 0x48 10 com.apple.AppKit 0x7fff8e6b3d51 CopyAttributeValue + 0x13c 11 com.apple.HIServices 0x7fff8b0c956f _AXXMIGCopyAttributeValue + 0xe1 12 com.apple.HIServices 0x7fff8b0d2876 _XCopyAttributeValue + 0x26b 13 com.apple.HIServices 0x7fff8b0ae182 mshMIGPerform + 0x234 14 com.apple.CoreFoundation 0x7fff887e3abc __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ + 0x2c 15 com.apple.CoreFoundation 0x7fff887e37eb __CFRunLoopDoSource1 + 0x9b 16 com.apple.CoreFoundation 0x7fff88819f27 __CFRunLoopRun + 0x767 17 com.apple.CoreFoundation 0x7fff88819486 CFRunLoopRunSpecific + 0xe6 18 com.apple.HIToolbox 0x7fff876c44d3 RunCurrentEventLoopInMode + 0x115 19 com.apple.HIToolbox 0x7fff876cb781 ReceiveNextEventCommon + 0x163 20 com.apple.HIToolbox 0x7fff876cb60e BlockUntilNextEventMatchingListInMode + 0x3e 21 com.apple.AppKit 0x7fff8e41be31 _DPSNextEvent + 0x293 22 com.apple.AppKit 0x7fff8e41b735 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 0x87 23 com.apple.AppKit 0x7fff8e418071 -[NSApplication run] + 0x1d6 24 com.apple.WebKit2 0x7fff84b5963b WebKit::WebProcessMain(WebKit::CommandLine const&) + 0x229 25 com.apple.WebKit2 0x7fff84b3fc30 WebKitMain + 0x110 26 com.apple.WebProcess 0x109d9ce56 main + 0x0 (/SourceCache/WebKit2/WebKit2-7534.53.1/mac/MainMac.cpp:68) 27 com.apple.WebProcess 0x109d9cd64 start + 0x0
Attachments
patch for landing (3.28 KB, patch)
2012-09-11 16:10 PDT, chris fleizach 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
chris fleizach
Comment 1 2012-09-11 16:05:08 PDT
It appears that in RemoteAXObjectRef WebFrameLoaderClient::accessibilityRemoteObject() we are not checking whether the page is nil
chris fleizach
Comment 2 2012-09-11 16:10:11 PDT
Created attachment 163471 [details] patch for landing
chris fleizach
Comment 3 2012-09-11 16:11:02 PDT
Comment on attachment 163471 [details] patch for landing View in context: https://bugs.webkit.org/attachment.cgi?id=163471&action=review > Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapper.mm:1393 > + Document* document = m_object->document(); I wanted to separate these calls out so 1) we don't end up calling document() three times. 2) If the crash is actually in this method (which I don't think is the case), it will be easier to determine which line
chris fleizach
Comment 4 2012-09-11 16:13:25 PDT
rdar://11638298
chris fleizach
Comment 5 2012-10-18 17:55:33 PDT
Comment on attachment 163471 [details] patch for landing thanks!
WebKit Review Bot
Comment 6 2012-10-18 18:06:15 PDT
Comment on attachment 163471 [details] patch for landing Clearing flags on attachment: 163471 Committed r131834: <http://trac.webkit.org/changeset/131834>
WebKit Review Bot
Comment 7 2012-10-18 18:06:18 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.