[Webkit-unassigned] [Bug 164931] New: [GTK] Crash in WebCore::AccessibilityRenderObject::remoteSVGRootElement

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Nov 18 09:43:47 PST 2016 

https://bugs.webkit.org/show_bug.cgi?id=164931

            Bug ID: 164931
           Summary: [GTK] Crash in
                    WebCore::AccessibilityRenderObject::remoteSVGRootEleme
                    nt
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Accessibility
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com
                CC: bugs-noreply at webkitgtk.org, jdiggs at igalia.com,
                    webkit-bug-importer at group.apple.com

Web process crash in WebCore::AccessibilityRenderObject::remoteSVGRootElement:

Truncated backtrace:
Thread no. 0 (10 frames)
 #0 WebCore::AccessibilityRenderObject::remoteSVGRootElement(WebCore::AccessibilityRenderObject::CreationChoice) const at /usr/src/debug/webkitgtk-2.13.1/Source/WebCore/rendering/RenderImage.h:138
 #4 WebCore::AccessibilityRenderObject::detachRemoteSVGRoot() at /usr/src/debug/webkitgtk-2.13.1/Source/WebCore/accessibility/AccessibilityRenderObject.cpp:2976
 #5 WebCore::AccessibilityRenderObject::detach(WebCore::AccessibilityDetachmentType, WebCore::AXObjectCache*) at /usr/src/debug/webkitgtk-2.13.1/Source/WebCore/accessibility/AccessibilityRenderObject.cpp:147
 #6 WebCore::AXObjectCache::~AXObjectCache() at /usr/src/debug/webkitgtk-2.13.1/Source/WebCore/accessibility/AXObjectCache.cpp:193
 #7 WebCore::Document::clearAXObjectCache() at /usr/include/c++/6.1.1/bits/unique_ptr.h:76
 #11 WebCore::Document::destroyRenderTree() at /usr/src/debug/webkitgtk-2.13.1/Source/WebCore/dom/Document.cpp:2287
 #12 WebCore::Document::prepareForDestruction() at /usr/src/debug/webkitgtk-2.13.1/Source/WebCore/dom/Document.cpp:2341
 #13 WebCore::Frame::setView(WTF::RefPtr<WebCore::FrameView>&&) at /usr/src/debug/webkitgtk-2.13.1/Source/WebCore/page/Frame.cpp:249
 #14 WebCore::Frame::createView(WebCore::IntSize const&, WebCore::Color const&, bool, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) at /usr/src/debug/webkitgtk-2.13.1/Source/WebCore/page/Frame.cpp:864
 #15 WebKit::WebFrameLoaderClient::transitionToCommittedForNewPage() at /usr/src/debug/webkitgtk-2.13.1/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:1327

Full backtrace available in the downstream bug.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161118/825579a6/attachment.html>

More information about the webkit-unassigned mailing list