[Webkit-unassigned] [Bug 125042] New: AX: Crash at WebCore::commonTreeScope

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Nov 30 23:12:50 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=125042

           Summary: AX: Crash at WebCore::commonTreeScope
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Accessibility
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: cfleizach at apple.com
                CC: webkit-bug-importer at group.apple.com


It's possible to crash at

* thread #1: tid = 0x1fd7d3, 0x0000000108e0101a JavaScriptCore`WTFCrash + 42 at Assertions.cpp:341, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef)
    frame #0: 0x0000000108e0101a JavaScriptCore`WTFCrash + 42 at Assertions.cpp:341
    frame #1: 0x0000000109c74999 WebCore`WTF::CrashOnOverflow::overflowed() + 9 at CheckedArithmetic.h:80
    frame #2: 0x000000010b7595ff WebCore`WTF::Vector<WebCore::TreeScope*, 5ul, WTF::CrashOnOverflow>::at(this=0x00007fff5ca13a10, i=1) + 79 at Vector.h:584
    frame #3: 0x000000010b75956d WebCore`WTF::Vector<WebCore::TreeScope*, 5ul, WTF::CrashOnOverflow>::operator[](this=0x00007fff5ca13a10, i=1) + 29 at Vector.h:604
    frame #4: 0x000000010b758983 WebCore`WebCore::commonTreeScope(nodeA=0x00007f8168ed9c30, nodeB=0x00007f816ba594f0) + 419 at TreeScope.cpp:428
    frame #5: 0x000000010a5b6d45 WebCore`WebCore::comparePositions(a=0x00007fff5ca13d00, b=0x00007fff5ca13d10) + 53 at htmlediting.cpp:71
    frame #6: 0x000000010b773c10 WebCore`WebCore::VisibleSelection::setBaseAndExtentToDeepEquivalents(this=0x00007fff5ca13d00) + 560 at VisibleSelection.cpp:268
    frame #7: 0x000000010b77286c WebCore`WebCore::VisibleSelection::validate(this=0x00007fff5ca13d00, granularity=CharacterGranularity) + 28 at VisibleSelection.cpp:413
    frame #8: 0x000000010b772c24 WebCore`WebCore::VisibleSelection::VisibleSelection(this=0x00007fff5ca13d00, base=0x00007fff5ca15068, extent=0x00007fff5ca15050, isDirectional=false) + 164 at VisibleSelection.cpp:83
    frame #9: 0x000000010b772b74 WebCore`WebCore::VisibleSelection::VisibleSelection(this=0x00007fff5ca13d00, base=0x00007fff5ca15068, extent=0x00007fff5ca15050, isDirectional=false) + 52 at VisibleSelection.cpp:84
    frame #10: 0x0000000109c45e85 WebCore`WebCore::AccessibilityObject::visiblePositionRangeForUnorderedPositions(this=0x00007f816bc015b0, visiblePos1=0x00007fff5ca15068, visiblePos2=0x00007fff5ca15050) const + 197 at AccessibilityObject.cpp:662
    frame #11: 0x000000010b797278 WebCore`-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:](self=0x00007f8168a5aed0, _cmd=0x00007fff8cb8a788, attribute=0x00007f816af52a80, parameter=0x00007f816c804030) + 11192 at WebAccessibilityObjectWrapperMac.mm:3389


when text markers from detached frames are used that do not have common tree scopes.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list