[Webkit-unassigned] [Bug 250406] New: AX: crash in AXObjectCache::updateRelationsForTree.

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=250406

            Bug ID: 250406
           Summary: AX: crash in AXObjectCache::updateRelationsForTree.
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Accessibility
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: andresg_22 at apple.com
                CC: andresg_22 at apple.com,
                    webkit-bug-importer at group.apple.com

(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x30)
  * frame #0: 0x00000002814efe34 WebCore`WebCore::Node::parentNode(this=0x0000000000000000) const at Node.h:858:12
    frame #1: 0x0000000282d733dc WebCore`WebCore::AXObjectCache::updateRelationsForTree(this=0x0000000107192b10, rootNode=0x0000000000000000) at AXObjectCache.cpp:4080:5
    frame #2: 0x0000000282d735ac WebCore`WebCore::AXObjectCache::updateRelationsForTree(this=0x0000000107192b10, rootNode=0x0000000132120000) at AXObjectCache.cpp:4101:13
    frame #3: 0x0000000282d7334c WebCore`WebCore::AXObjectCache::updateRelationsIfNeeded(this=0x0000000107192b10) at AXObjectCache.cpp:4075:5
    frame #4: 0x0000000282d741ec WebCore`WebCore::AXObjectCache::relatedObjectIDsFor(this=0x0000000107192b10, object=0x00000001070b9000, relationType=FlowsTo) at AXObjectCache.cpp:4178:5
    frame #5: 0x0000000282e04f3c WebCore`WebCore::AccessibilityObject::relatedObjects(this=0x00000001070b9000, relationType=FlowsTo) const at AccessibilityObject.cpp:3877:36
    frame #6: 0x0000000282e0c468 WebCore`WebCore::AXCoreObject::flowToObjects(this=0x00000001070b9000) const at AccessibilityObjectInterface.h:1045:64
    frame #7: 0x0000000282e0c32c WebCore`WebCore::AccessibilityRenderObject::linkedObjects(this=0x00000001070b9000) const at AccessibilityRenderObject.cpp:1079:26
    frame #8: 0x0000000282e55928 WebCore`WebCore::AXIsolatedObject::initializeProperties(this=0x00000001071ffc00, coreObject=0x000000016b8ab130, isRoot=No) at AXIsolatedObject.cpp:290:67
    frame #9: 0x0000000282e50f54 WebCore`WebCore::AXIsolatedObject::AXIsolatedObject(this=0x00000001071ffc00, axObject=0x000000016b8ab130, tree=0x000000010722cbc0) at AXIsolatedObject.cpp:59:5
    frame #10: 0x0000000282e5684c WebCore`WebCore::AXIsolatedObject::AXIsolatedObject(this=0x00000001071ffc00, axObject=0x000000016b8ab130, tree=0x000000010722cbc0) at AXIsolatedObject.cpp:44:1
    frame #11: 0x0000000282e56894 WebCore`WebCore::AXIsolatedObject::create(object=0x000000016b8ab130, tree=0x000000010722cbc0) at AXIsolatedObject.cpp:64:26
    frame #12: 0x0000000282e61f94 WebCore`WebCore::AXIsolatedTree::nodeChangeForObject(this=0x000000010722cbc0, axObject=Ref<WebCore::AXCoreObject, WTF::RawPtrTraits<WebCore::AXCoreObject> > @ 0x000000016b8ab130, attachWrapper=OnMainThread) at AXIsolatedTree.cpp:197:19
    frame #13: 0x0000000282e61d40 WebCore`WebCore::AXIsolatedTree::queueRemovalsAndUnresolvedChanges(this=0x000000010722cbc0, subtreeRemovals=0x000000016b8ab220) at AXIsolatedTree.cpp:291:43
    frame #14: 0x0000000282e60cb8 WebCore`WebCore::AXIsolatedTree::generateSubtree(this=0x000000010722cbc0, axObject=0x000000010722c960) at AXIsolatedTree.cpp:180:5
    frame #15: 0x0000000282e60860 WebCore`WebCore::AXIsolatedTree::create(axObjectCache=0x0000000107192b10) at AXIsolatedTree.cpp:87:15
    frame #16: 0x0000000282daab38 WebCore`WebCore::AXObjectCache::getOrCreateIsolatedTree(this=0x000000016b8ab5c0) const::$_9::operator()() const at AXObjectCache.cpp:851:20
    frame #17: 0x0000000282daaae4 WebCore`WTF::RefPtr<WebCore::AXIsolatedTree, WTF::RawPtrTraits<WebCore::AXIsolatedTree>, WTF::DefaultRefDerefTraits<WebCore::AXIsolatedTree> > WebCore::Accessibility::retrieveValueFromMainThread<WTF::RefPtr<WebCore::AXIsolatedTree, WTF::RawPtrTraits<WebCore::AXIsolatedTree>, WTF::DefaultRefDerefTraits<WebCore::AXIsolatedTree> >, WebCore::AXObjectCache::getOrCreateIsolatedTree(this=0x000000010726aba8) const::$_9>(WebCore::AXObjectCache::getOrCreateIsolatedTree() const::$_9&&)::'lambda'()::operator()() const at AccessibilityObjectInterface.h:1621:17
    frame #18: 0x0000000282daaa54 WebCore`WTF::Detail::CallableWrapper<WTF::RefPtr<WebCore::AXIsolatedTree, WTF::RawPtrTraits<WebCore::AXIsolatedTree>, WTF::DefaultRefDerefTraits<WebCore::AXIsolatedTree> > WebCore::Accessibility::retrieveValueFromMainThread<WTF::RefPtr<WebCore::AXIsolatedTree, WTF::RawPtrTraits<WebCore::AXIsolatedTree>, WTF::DefaultRefDerefTraits<WebCore::AXIsolatedTree> >, WebCore::AXObjectCache::getOrCreateIsolatedTree() const::$_9>(WebCore::AXObjectCache::getOrCreateIsolatedTree() const::$_9&&)::'lambda'(), void>::call(this=0x000000010726aba0) at Function.h:53:39
    frame #19: 0x00000001396a146c JavaScriptCore`WTF::Function<void ()>::operator(this=0x000000016b8ab550)() const at Function.h:82:35
    frame #20: 0x00000001376716f0 JavaScriptCore`void WTF::callOnMainAndWait<(WTF::MainStyle)0>(function=0x000000016b8ab550)>&&) at MainThread.cpp:117:9
    frame #21: 0x00000001376716a4 JavaScriptCore`WTF::callOnMainThreadAndWait(function=0x000000016b8ab550)>&&) at MainThread.cpp:144:5
    frame #22: 0x0000000282d5f438 WebCore`WTF::RefPtr<WebCore::AXIsolatedTree, WTF::RawPtrTraits<WebCore::AXIsolatedTree>, WTF::DefaultRefDerefTraits<WebCore::AXIsolatedTree> > WebCore::Accessibility::retrieveValueFromMainThread<WTF::RefPtr<WebCore::AXIsolatedTree, WTF::RawPtrTraits<WebCore::AXIsolatedTree>, WTF::DefaultRefDerefTraits<WebCore::AXIsolatedTree> >, WebCore::AXObjectCache::getOrCreateIsolatedTree(lambda=0x000000016b8ab5c0) const::$_9>(WebCore::AXObjectCache::getOrCreateIsolatedTree() const::$_9&&) at AccessibilityObjectInterface.h:1620:5
    frame #23: 0x0000000282d5f334 WebCore`WebCore::AXObjectCache::getOrCreateIsolatedTree(this=0x0000000107192b10) const at AXObjectCache.cpp:850:16
    frame #24: 0x0000000282d5f174 WebCore`WebCore::AXObjectCache::isolatedTreeRootObject(this=0x0000000107192b10) at AXObjectCache.cpp:861:21
    frame #25: 0x0000000282d5f118 WebCore`WebCore::AXObjectCache::rootObject(this=0x0000000107192b10) at AXObjectCache.cpp:835:16
...

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230110/5f51675d/attachment-0001.htm>