[Webkit-unassigned] [Bug 126073] Crashes in AccessibilityRenderObject::computeAccessibilityIsIgnored()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Dec 21 07:33:18 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=126073
--- Comment #14 from chris fleizach <cfleizach at apple.com> 2013-12-21 07:31:18 PST ---
(In reply to comment #13)
> This looks like the root cause:
>
> http://build.webkit.org/results/Apple%20Mavericks%20Debug%20WK1%20(Tests)/r160955%20(1283)/fast/events/nested-event-remove-node-crash-crash-log.txt
>
> 12 com.apple.WebCore 0x00000001079381c8 WebCore::Style::resolveTree(WebCore::Document&, WebCore::Style::Change) + 520 (StyleResolveTree.cpp:880)
> 13 com.apple.WebCore 0x0000000107c4ace6 WebCore::Document::recalcStyle(WebCore::Style::Change) + 438 (Document.cpp:1760)
> 14 com.apple.WebCore 0x0000000107c474df WebCore::Document::updateStyleIfNeeded() + 431 (Document.cpp:1809)
> 15 com.apple.WebCore 0x00000001080d16df WebCore::HTMLElement::supportsFocus() const + 111 (HTMLElement.cpp:667)
> 16 com.apple.WebCore 0x00000001077169c6 WebCore::AccessibilityNodeObject::canSetFocusAttribute() const + 214 (AccessibilityNodeObject.cpp:1985)
> 17 com.apple.WebCore 0x0000000107723839 WebCore::AccessibilityRenderObject::inheritsPresentationalRole() const + 41 (AccessibilityRenderObject.cpp:2625)
> 18 com.apple.WebCore 0x0000000107722d95 WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored() const + 325 (AccessibilityRenderObject.cpp:1183)
> 19 com.apple.WebCore 0x000000010771e84f WebCore::AccessibilityObject::accessibilityIsIgnored() const + 191 (AccessibilityObject.cpp:2133)
> 20 com.apple.WebCore 0x00000001077080cd WebCore::AccessibilityObject::notifyIfIgnoredValueChanged() + 29 (AccessibilityObject.cpp:2033)
> 21 com.apple.WebCore 0x0000000107708dc8 WebCore::AXObjectCache::recomputeIsIgnored(WebCore::RenderObject*) + 56 (AXObjectCache.cpp:864)
> 22 com.apple.WebCore 0x0000000108be0359 WebCore::RenderBlock::deleteLines() + 73 (RenderBlock.cpp:932)
> 23 com.apple.WebCore 0x0000000109462ea2 WebCore::RenderBlockFlow::deleteLines() + 450 (RenderBlockFlow.cpp:1827)
> 24 com.apple.WebCore 0x0000000108be10cd WebCore::RenderBlock::removeChild(WebCore::RenderObject&) + 1709 (RenderBlock.cpp:1191)
> 25 com.apple.WebCore 0x0000000108d91e06 WebCore::RenderObject::removeFromParent() + 70 (RenderObject.cpp:187)
> 26 com.apple.WebCore 0x0000000108d9c2f3 WebCore::RenderObject::willBeDestroyed() + 163 (RenderObject.cpp:1865)
> 27 com.apple.WebCore 0x0000000108e77647 WebCore::RenderText::willBeDestroyed() + 167 (RenderText.cpp:284)
> 28 com.apple.WebCore 0x0000000108d9c8bd WebCore::RenderObject::destroy() + 29 (RenderObject.cpp:1985)
> 29 com.apple.WebCore 0x0000000108d9c892 WebCore::RenderObject::destroyAndCleanupAnonymousWrappers() + 274 (RenderObject.cpp:1975)
> 30 com.apple.WebCore 0x0000000107937012 WebCore::Style::detachTextRenderer(WebCore::Text&) + 50 (StyleResolveTree.cpp:414)
> 31 com.apple.WebCore 0x0000000107938661 WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) + 81
>
> We are entering style resolve from the middle of render tree destruction.
Two thoughts:
Does WebCore::HTMLElement::supportsFocus() really need to update the style calculations?
It's possible this work
WebCore::AXObjectCache::recomputeIsIgnored
can be pended on a timer to run during the next runloop iteration
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list