[Webkit-unassigned] [Bug 241643] New: AX ITM: Should not build an isolated tree branch rooted at an object with invalid ID.

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=241643

            Bug ID: 241643
           Summary: AX ITM: Should not build an isolated tree branch
                    rooted at an object with invalid ID.
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Accessibility
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: andresg_22 at apple.com
                CC: andresg_22 at apple.com,
                    webkit-bug-importer at group.apple.com

In some webpages we are hitting the following state where we are trying to build an isolated tree branch with a starting object that has invalid/null ID. This creates undefined problems since the ID is used as the key for HashMaps.

(lldb) f 7
frame #7: 0x000000014da57480 WebCore`WebCore::AXIsolatedTree::collectNodeChangesForSubtree(this=0x0000000105e2f500, axObject=0x0000000105d1d700) at AXIsolatedTree.cpp:311:32
   308      AXTRACE("AXIsolatedTree::collectNodeChangesForSubtree"_s);
   309      ASSERT(isMainThread());
   310      SetForScope collectingNodeChanges(m_isCollectingNodeChanges, true);
-> 311      m_unresolvedPendingAppends.set(axObject.objectID(), AttachWrapper::OnMainThread);
   312  
   313      auto axChildrenCopy = axObject.children();
   314      auto axChildrenIDs = axChildrenCopy.map([&](auto& axChild) {
(lldb) v axObject.m_id
(WebCore::AXID) axObject.m_id = (m_identifier = 0)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220615/336cfa3f/attachment.htm>