[Webkit-unassigned] [Bug 112523] Crash in AXObjectCache::notificationPostTimerFired()

Sun Mar 17 23:20:25 PDT 2013

https://bugs.webkit.org/show_bug.cgi?id=112523

--- Comment #6 from Simon Fraser (smfr) <simon.fraser at apple.com>  2013-03-17 23:22:51 PST ---
Something very odd is happening with accessibility. See this sample:
http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r146032%20(7849)/svg/wicd/sizing-flakiness-sample.txt

notably:
       911 WebCore::ThreadTimers::sharedTimerFiredInternal()  (in WebCore) + 302  [0x1134a177e]  ThreadTimers.cpp:129
         911 WebCore::Timer<WebCore::AXObjectCache>::fired()  (in WebCore) + 115  [0x111a19823]  Timer.h:113
           911 WebCore::AXObjectCache::notificationPostTimerFired(WebCore::Timer<WebCore::AXObjectCache>*)  (in WebCore) + 400  [0x1119cbcd0]  AXObjectCache.cpp:645
             911 WebCore::AXObjectCache::postPlatformNotification(WebCore::AccessibilityObject*, WebCore::AXObjectCache::AXNotification)  (in WebCore) + 597  [0x111b011e5]  AXObjectCacheMac.mm:131
               911 -[WebAccessibilityObjectWrapperBase accessibilityPostedNotification:]  (in WebCore) + 161  [0x1134f70b1]  WebAccessibilityObjectWrapperBase.mm:240
                 911 -[NSNotificationCenter postNotificationName:object:userInfo:]  (in Foundation) + 64  [0x7fff918abe26]
                   911 _CFXNotificationPost  (in CoreFoundation) + 2554  [0x7fff9351deda]
                     907 -[AccessibilityNotificationHandler _notificationReceived:]  (in WebKitTestRunnerInjectedBundle) + 681  [0x119ea0fa9]  AccessibilityNotificationHandler.mm:136
                     ! 907 JSObjectCallAsFunction  (in JavaScriptCore) + 523  [0x110c5b56b]  JSObjectRef.cpp:468
                     !   907 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)  (in JavaScriptCore) + 306  [0x1109b3782]  CallData.cpp:40
                     !     907 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)  (in JavaScriptCore) + 1519  [0x110ba61cf]  Interpreter.cpp:1059
                     !       907 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::JSGlobalData*)  (in JavaScriptCore) + 84  [0x110ba8f24]  JITCode.h:135
                     !         907 ???  (in JavaScriptCore)  load address 0x110939000 + 0x2b3250  [0x110bec250]
                     !           796 cti_op_put_by_id_generic  (in JavaScriptCore) + 203  [0x110bdfdfb]  JITStubs.cpp:1415
                     !           : 796 JSC::JSValue::put(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)  (in JavaScriptCore) + 185  [0x110ad0859]  JSCJSValueInlines.h:678

The test is svg/wicd/sizing-flakiness.html, which has nothing to do with accessibility. So why is an accessibility notification firing, and why is it running JS code?

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.