[Webkit-unassigned] [Bug 169924] AX: WebKit should not expose redundant AXGroups with missing role when the label is the same as the contents

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 14 07:42:34 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=169924

--- Comment #4 from Tyler Wilcock <tyler_w at apple.com> ---
Looks like this introduced a few crashes by trying to get the `stringValue` of nodes within documents that are marked for update.

// Renders referenced by accessibility objects could get destroyed, if TextIterator ends up triggering
// style update/layout here. See also AXObjectCache::deferTextChangedIfNeeded().
ASSERT_WITH_SECURITY_IMPLICATION(!nodeDocument->childNeedsStyleRecalc());

If we can't accurately determine the text because the document needs an update, we can return an empty string instead of asserting. We can't `updateBackingStore` before executing this codepath because we're calling from `accessibilityPlatformIncludesObject` (and other "is ignored" methods upstream) that are all const.

Stacktrace:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore            0x000000013840aef0 WTFCrash + 20 (Assertions.cpp:321)
1   com.apple.JavaScriptCore            0x000000013840af04 WTFCrashWithSecurityImplication + 12 (Assertions.cpp:342)
2   com.apple.WebCore                   0x00000001177a5ac4 WebCore::AccessibilityRenderObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 776
3   com.apple.WebCore                   0x00000001177a645c WebCore::AccessibilityRenderObject::stringValue() const + 428
4   com.apple.WebCore                   0x000000011563a4bc WebCore::isIgnorableGroup(WebCore::AccessibilityObject const&) + 416
5   com.apple.WebCore                   0x000000011563a298 WebCore::AccessibilityObject::accessibilityPlatformIncludesObject() const + 472
6   com.apple.WebCore                   0x00000001177a081c WebCore::AccessibilityObject::defaultObjectInclusion() const + 300
7   com.apple.WebCore                   0x00000001177a90bc WebCore::AccessibilityRenderObject::defaultObjectInclusion() const + 172
8   com.apple.WebCore                   0x00000001177a91b0 WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored() const + 224
9   com.apple.WebCore                   0x00000001177a0944 WebCore::AccessibilityObject::accessibilityIsIgnored() const + 228
10  com.apple.WebCore                   0x00000001177d1fc4 WebCore::AccessibilityObject::parentObjectUnignored() const::$_2::operator()(WebCore::AccessibilityObject const&) const + 40

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211014/275865c7/attachment-0001.htm>

More information about the webkit-unassigned mailing list