When we create TextMarkerData in AXObjectCache.cpp
We just stick in a Node, like so
textMarkerData.axID = obj.get()->axObjectID();
textMarkerData.node = domNode;
textMarkerData.offset = deepPos.deprecatedEditingOffset();
textMarkerData.affinity = visiblePos.affinity();
It seems that this is the probable cause of a number of low-incidence crashes,
because when TextMarkerData is returned by the Assistive technology
application, .node has already been released.
For example, this crash
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x00000000bbadbeef
0x00000001026d2f7f in WebCore::TreeShared<WebCore::Node>::ref ()
(gdb) bt
#0 0x00000001026d2f7f in WebCore::TreeShared<WebCore::Node>::ref ()
#1 0x00000001026d3163 in WTF::PassRefPtr<WebCore::Node>::PassRefPtr ()
#2 0x0000000103193dfb in WebCore::VisiblePosition::VisiblePosition ()
#3 0x00000001027517b9 in
WebCore::AXObjectCache::visiblePositionForTextMarkerData ()
#4 0x00000001026dbe69 in visiblePositionForTextMarker ()
#5 0x00000001026dbeb8 in visiblePositionForEndOfTextMarkerRange ()
#6 0x00000001026dbf47 in -[AccessibilityObjectWrapper
visiblePositionRangeForTextMarkerRange:] ()
#7 0x00000001026e16ff in -[AccessibilityObjectWrapper
accessibilityAttributeValue:forParameter:] ()
#8 0x0000000100d9c692 in CopyParameterizedAttributeValue ()
#9 0x00007fff8619a6c2 in _AXXMIGCopyParameterizedAttributeValue ()
#10 0x00007fff861a481f in _XCopyParameterizedAttributeValue ()
It seems like we need a cache for the node's we store in TextMarkerData
----------------
Should I add a HashSet in AXObjectCache that uses RefPtr around the nodes?
Or should I add something in the destructor of Node to inform accessibility to
update it's cache? (I think this is what RenderObject does)
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev