[Webkit-unassigned] [Bug 126073] Crashes in AccessibilityRenderObject::computeAccessibilityIsIgnored()

Sat Dec 21 04:52:14 PST 2013

https://bugs.webkit.org/show_bug.cgi?id=126073

--- Comment #13 from Antti Koivisto <koivisto at iki.fi>  2013-12-21 04:50:14 PST ---
This looks like the root cause:

http://build.webkit.org/results/Apple%20Mavericks%20Debug%20WK1%20(Tests)/r160955%20(1283)/fast/events/nested-event-remove-node-crash-crash-log.txt

12  com.apple.WebCore                 0x00000001079381c8 WebCore::Style::resolveTree(WebCore::Document&, WebCore::Style::Change) + 520 (StyleResolveTree.cpp:880)
13  com.apple.WebCore                 0x0000000107c4ace6 WebCore::Document::recalcStyle(WebCore::Style::Change) + 438 (Document.cpp:1760)
14  com.apple.WebCore                 0x0000000107c474df WebCore::Document::updateStyleIfNeeded() + 431 (Document.cpp:1809)
15  com.apple.WebCore                 0x00000001080d16df WebCore::HTMLElement::supportsFocus() const + 111 (HTMLElement.cpp:667)
16  com.apple.WebCore                 0x00000001077169c6 WebCore::AccessibilityNodeObject::canSetFocusAttribute() const + 214 (AccessibilityNodeObject.cpp:1985)
17  com.apple.WebCore                 0x0000000107723839 WebCore::AccessibilityRenderObject::inheritsPresentationalRole() const + 41 (AccessibilityRenderObject.cpp:2625)
18  com.apple.WebCore                 0x0000000107722d95 WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored() const + 325 (AccessibilityRenderObject.cpp:1183)
19  com.apple.WebCore                 0x000000010771e84f WebCore::AccessibilityObject::accessibilityIsIgnored() const + 191 (AccessibilityObject.cpp:2133)
20  com.apple.WebCore                 0x00000001077080cd WebCore::AccessibilityObject::notifyIfIgnoredValueChanged() + 29 (AccessibilityObject.cpp:2033)
21  com.apple.WebCore                 0x0000000107708dc8 WebCore::AXObjectCache::recomputeIsIgnored(WebCore::RenderObject*) + 56 (AXObjectCache.cpp:864)
22  com.apple.WebCore                 0x0000000108be0359 WebCore::RenderBlock::deleteLines() + 73 (RenderBlock.cpp:932)
23  com.apple.WebCore                 0x0000000109462ea2 WebCore::RenderBlockFlow::deleteLines() + 450 (RenderBlockFlow.cpp:1827)
24  com.apple.WebCore                 0x0000000108be10cd WebCore::RenderBlock::removeChild(WebCore::RenderObject&) + 1709 (RenderBlock.cpp:1191)
25  com.apple.WebCore                 0x0000000108d91e06 WebCore::RenderObject::removeFromParent() + 70 (RenderObject.cpp:187)
26  com.apple.WebCore                 0x0000000108d9c2f3 WebCore::RenderObject::willBeDestroyed() + 163 (RenderObject.cpp:1865)
27  com.apple.WebCore                 0x0000000108e77647 WebCore::RenderText::willBeDestroyed() + 167 (RenderText.cpp:284)
28  com.apple.WebCore                 0x0000000108d9c8bd WebCore::RenderObject::destroy() + 29 (RenderObject.cpp:1985)
29  com.apple.WebCore                 0x0000000108d9c892 WebCore::RenderObject::destroyAndCleanupAnonymousWrappers() + 274 (RenderObject.cpp:1975)
30  com.apple.WebCore                 0x0000000107937012 WebCore::Style::detachTextRenderer(WebCore::Text&) + 50 (StyleResolveTree.cpp:414)
31  com.apple.WebCore                 0x0000000107938661 WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) + 81 

We are entering style resolve from the middle of render tree destruction.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.