[Webkit-unassigned] [Bug 251647] New: WebContent (JavaScriptCore) Segfault when interacting with code.visualstudio.com

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Feb 2 16:03:59 PST 2023 

https://bugs.webkit.org/show_bug.cgi?id=251647

            Bug ID: 251647
           Summary: WebContent (JavaScriptCore) Segfault when interacting
                    with code.visualstudio.com
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Mac (Apple Silicon)
                OS: macOS 13
            Status: NEW
          Severity: Major
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: alex at awlsome.com

Created attachment 464817

  --> https://bugs.webkit.org/attachment.cgi?id=464817&action=review

Crash Report (exported from Console.app)

Environment:
Safari Technology Preview 162 (Safari 16.4, WebKit 18615.1.18.2)
macOS 13.2 (22D49)
MacBook Pro 16" 2021 - M1 Pro

Went to code.visualstudio.com and tried to click on website. 
Caused immediate WebKit.WebContent crash.
Website will reload if you tell Safari to, but any subsequent click will crash website again.
Can scroll on website w/o it crashing. Only crashes with user interaction.

Can't recreate with latest Safari 16.3 (18614.4.6.1.5)
Wasn't able to recreate with latest WebKit build (Safari archive kept crashing... another bug?)

Reproduce:
1) Get Safari Technology Preview *duh*
2) Go to code.visualstudio.com
3) Click anywhere, even whitespace.
4) Experience crash (hopefully?) 

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   WebCore                                    0x10f996794 WebCore::AXObjectCache::updateRelationsForTree(WebCore::ContainerNode&) + 280
1   WebCore                                    0x10f99678c WebCore::AXObjectCache::updateRelationsForTree(WebCore::ContainerNode&) + 272
2   WebCore                                    0x10f997888 WebCore::AXObjectCache::relatedObjectIDsFor(WebCore::AXCoreObject const&, WebCore::AXRelationType) + 100
3   WebCore                                    0x10f9cf3cc WebCore::AccessibilityObject::relatedObjects(WebCore::AXRelationType) const + 104
4   WebCore                                    0x10f9f8ea0 WebCore::AccessibilityTableRow::addChildren() + 80
5   WebCore                                    0x10f9aad68 WebCore::AccessibilityNodeObject::updateChildrenIfNecessary() + 304
6   WebCore                                    0x10f9c6a88 WebCore::AccessibilityObject::children(bool) + 72
7   WebCore                                    0x10f9ba23c WebCore::AccessibilityObject::insertChild(WebCore::AXCoreObject*, unsigned int, WebCore::AccessibilityObject::DescendIfIgnored) + 1192
8   WebCore                                    0x10f9e4ed4 WebCore::AccessibilityRenderObject::addChildren() + 224
9   WebCore                                    0x10f9aad68 WebCore::AccessibilityNodeObject::updateChildrenIfNecessary() + 304
10  WebCore                                    0x10f9c6a88 WebCore::AccessibilityObject::children(bool) + 72
11  WebCore                                    0x10f9ba23c WebCore::AccessibilityObject::insertChild(WebCore::AXCoreObject*, unsigned int, WebCore::AccessibilityObject::DescendIfIgnored) + 1192
12  WebCore                                    0x10f9e4ed4 WebCore::AccessibilityRenderObject::addChildren() + 224
13  WebCore                                    0x10f9aad68 WebCore::AccessibilityNodeObject::updateChildrenIfNecessary() + 304
14  WebCore                                    0x10f9c6a88 WebCore::AccessibilityObject::children(bool) + 72
15  WebCore                                    0x10f9ba23c WebCore::AccessibilityObject::insertChild(WebCore::AXCoreObject*, unsigned int, WebCore::AccessibilityObject::DescendIfIgnored) + 1192
16  WebCore                                    0x10f9e4ed4 WebCore::AccessibilityRenderObject::addChildren() + 224
17  WebCore                                    0x10f9aad68 WebCore::AccessibilityNodeObject::updateChildrenIfNecessary() + 304
18  WebCore                                    0x10f9c6a88 WebCore::AccessibilityObject::children(bool) + 72
19  WebCore                                    0x10f9ba23c WebCore::AccessibilityObject::insertChild(WebCore::AXCoreObject*, unsigned int, WebCore::AccessibilityObject::DescendIfIgnored) + 1192
20  WebCore                                    0x10f9e4ed4 WebCore::AccessibilityRenderObject::addChildren() + 224
21  WebCore                                    0x10f9aad68 WebCore::AccessibilityNodeObject::updateChildrenIfNecessary() + 304
22  WebCore                                    0x10f9c6a88 WebCore::AccessibilityObject::children(bool) + 72
23  WebCore                                    0x10f9ba23c WebCore::AccessibilityObject::insertChild(WebCore::AXCoreObject*, unsigned int, WebCore::AccessibilityObject::DescendIfIgnored) + 1192
24  WebCore                                    0x10f9e4ed4 WebCore::AccessibilityRenderObject::addChildren() + 224
25  WebCore                                    0x10f9aad68 WebCore::AccessibilityNodeObject::updateChildrenIfNecessary() + 304
26  WebCore                                    0x10f9c67b0 WebCore::AccessibilityObject::updateBackingStore() + 316
27  WebCore                                    0x110d7d01c -[WebAccessibilityObjectWrapperBase updateObjectBackingStore] + 100
28  WebCore                                    0x110d87718 -[WebAccessibilityObjectWrapper accessibilityAttributeValue:] + 64
29  AppKit                                     0x190fc745c NSAccessibilityGetObjectForAttributeUsingLegacyAPI + 280
30  AppKit                                     0x191499414 ___NSAccessibilityEntryPointValueForAttribute_block_invoke.748 + 1992
31  AppKit                                     0x191494db0 NSAccessibilityPerformEntryPointObject + 44
32  AppKit                                     0x19119e860 _NSAccessibilityEntryPointValueForAttribute + 224
33  AppKit                                     0x191169984 -[NSObject(NSRemoteUIElementAccessibility) accessibilityPresenterProcessIdentifier] + 120
34  AppKit                                     0x19108d3fc NSAccessibilityCreateAXUIElementRef + 740
35  AppKit                                     0x1912974f0 CopyElementAtPosition + 344
36  HIServices                                 0x19346a240 _AXXMIGCopyElementAtPosition + 444
37  HIServices                                 0x19348f0f4 _XCopyElementAtPosition + 356
38  HIServices                                 0x193447ba8 mshMIGPerform + 204
39  CoreFoundation                             0x18dcc1f98 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ + 60
40  CoreFoundation                             0x18dcc1eb8 __CFRunLoopDoSource1 + 520
41  CoreFoundation                             0x18dcc08a4 __CFRunLoopRun + 2264
42  CoreFoundation                             0x18dcbf878 CFRunLoopRunSpecific + 612
43  Foundation                                 0x18ebcaab8 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212
44  Foundation                                 0x18ec43ac0 -[NSRunLoop(NSRunLoop) run] + 64
45  libxpc.dylib                               0x18d95b45c _xpc_objc_main + 860
46  libxpc.dylib                               0x18d95ad7c xpc_main + 108
47  WebKit                                     0x105d23d50 WebKit::XPCServiceMain(int, char const**) + 256
48  dyld                                       0x18d8b7e50 start + 2544

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230203/6449e91e/attachment.htm>

More information about the webkit-unassigned mailing list