crash in AXLayoutObject::rawNextSibling()
Reported by
yaoming...@gmail.com,
Mar 11 2016
|
||||||||
Issue descriptionChrome Version : 49.0.2623.75 URLs (if applicable) : http://sina.cn Other browsers tested: Add OK or FAIL, along with the version, after other browsers where you have tested this issue: Safari: Firefox: IE: What steps will reproduce the problem? (1) open the url on android (2) (3) What is the expected result? What happens instead? Please provide any additional information below. Attach a screenshot if possible. crash once time. the stack is listed below: blink/chromium/src/out/Release/../../third_party/WebKit/Source/modules/accessibility/AXLayoutObject.cpp:107 blink/chromium/src/out/Release/../../third_party/WebKit/Source/modules/accessibility/AXLayoutObject.cpp:1607 (discriminator 1) blink/chromium/src/out/Release/../../third_party/WebKit/Source/modules/accessibility/AXLayoutObject.cpp:1641 (discriminator 3) blink/chromium/src/out/Release/../../third_party/WebKit/Source/modules/accessibility/AXObject.cpp:1131 blink/chromium/src/out/Release/../../third_party/WebKit/Source/web/WebAXObject.cpp:189 (discriminator 1) I think should check if m_layoutObject->parent() is null before here: } else if (isInlineWithContinuation(m_layoutObject->parent())) {
,
Mar 14 2016
Can you provide complete crash log for this issue?
,
Mar 14 2016
Could not repro this issue on Nexus 5, Chrome 49.0.2623.91
,
Mar 15 2016
the crash occurs during MTBF(Mean Time Between Failure) test, full stack: third_party/WebKit/Source/modules/accessibility/AXLayoutObject.cpp:107 third_party/WebKit/Source/modules/accessibility/AXLayoutObject.cpp:1607 (discriminator 1) third_party/WebKit/Source/modules/accessibility/AXLayoutObject.cpp:1641 (discriminator 3) third_party/WebKit/Source/modules/accessibility/AXObject.cpp:1131 third_party/WebKit/Source/web/WebAXObject.cpp:189 (discriminator 1) content/renderer/accessibility/blink_ax_tree_source.cc:213 (discriminator 2) ui/accessibility/ax_tree_serializer.h:547 (discriminator 1) ui/accessibility/ax_tree_serializer.h:549 (discriminator 2) ui/accessibility/ax_tree_serializer.h:549 (discriminator 2) ui/accessibility/ax_tree_serializer.h:549 (discriminator 2) ui/accessibility/ax_tree_serializer.h:380 (discriminator 1) content/renderer/accessibility/renderer_accessibility.cc:274 (discriminator 1) ipc/ipc_message.h:158 (discriminator 4) content/renderer/render_frame_impl.cc:1290 content/child/child_thread_impl.cc:315 content/child/child_thread_impl.cc:637 ipc/ipc_channel_proxy.cc:293 base/callback.h:394 (discriminator 1) components/scheduler/base/task_queue_manager.cc:264 components/scheduler/base/task_queue_manager.cc:180 base/bind_internal.h:178 (discriminator 6) base/callback.h:394 (discriminator 1) base/message_loop/message_loop.cc:486 base/message_loop/message_loop.cc:495 base/message_loop/message_loop.cc:607 base/message_loop/message_pump_default.cc:33 base/run_loop.cc:56 base/message_loop/message_loop.cc:293 base/threading/thread.cc:200 base/threading/platform_thread_posix.cc:67
,
Mar 15 2016
Thank you for providing more feedback. Assigning to requester "ppolisetty@chromium.org" for another review. For more details visit https://sites.google.com/a/chromium.org/dev/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 15 2016
,
Mar 25 2016
,
Apr 4 2016
Passing to Changwan as the new stability sheriff.
,
Apr 5 2016
dmazzoni@, could this be related to accessibility path? content/renderer/accessibility/renderer_accessibility.cc:274 (discriminator 1) I noticed that you recently fixed a crash in issue 596101 , but I'm not sure if this is a dup or not. Please take a look.
,
Apr 8 2016
,
Apr 9 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/adf4c63c001b6892464cb51608f28e6cdc75a7fa commit adf4c63c001b6892464cb51608f28e6cdc75a7fa Author: dmazzoni <dmazzoni@chromium.org> Date: Sat Apr 09 03:25:31 2016 Add null check to m_layoutObject->parent() in AXLayoutObject.cpp BUG= 594086 Review URL: https://codereview.chromium.org/1868173003 Cr-Commit-Position: refs/heads/master@{#386280} [modify] https://crrev.com/adf4c63c001b6892464cb51608f28e6cdc75a7fa/third_party/WebKit/Source/modules/accessibility/AXLayoutObject.cpp
,
Jul 18 2016
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by ashej...@chromium.org
, Mar 11 2016