Title: [233699] trunk/Source/WebCore
- Revision
- 233699
- Author
- cfleiz...@apple.com
- Date
- 2018-07-10 14:56:02 -0700 (Tue, 10 Jul 2018)
Log Message
AX: Crash in accessing AXObjectCache in textMarkerDataForVisiblePosition
https://bugs.webkit.org/show_bug.cgi?id=187528
<rdar://problem/37231941>
Reviewed by Joanmarie Diggs.
Occasional crashes reported when running accessibility/mac/search-field-cancel-button.html.
Looks like the cache object retrieved was not valid and we weren't checking for it.
* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::visiblePositionForTextMarkerData):
(WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
(WebCore::AXObjectCache::textMarkerDataForFirstPositionInTextControl):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (233698 => 233699)
--- trunk/Source/WebCore/ChangeLog 2018-07-10 21:29:25 UTC (rev 233698)
+++ trunk/Source/WebCore/ChangeLog 2018-07-10 21:56:02 UTC (rev 233699)
@@ -1,3 +1,19 @@
+2018-07-10 Chris Fleizach <cfleiz...@apple.com>
+
+ AX: Crash in accessing AXObjectCache in textMarkerDataForVisiblePosition
+ https://bugs.webkit.org/show_bug.cgi?id=187528
+ <rdar://problem/37231941>
+
+ Reviewed by Joanmarie Diggs.
+
+ Occasional crashes reported when running accessibility/mac/search-field-cancel-button.html.
+ Looks like the cache object retrieved was not valid and we weren't checking for it.
+
+ * accessibility/AXObjectCache.cpp:
+ (WebCore::AXObjectCache::visiblePositionForTextMarkerData):
+ (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
+ (WebCore::AXObjectCache::textMarkerDataForFirstPositionInTextControl):
+
2018-07-10 Zalan Bujtas <za...@apple.com>
FragmentInterval, FragmentIntervalTree and FragmentSearchAdapter should hold not hold raw pointers to renderers.
Modified: trunk/Source/WebCore/accessibility/AXObjectCache.cpp (233698 => 233699)
--- trunk/Source/WebCore/accessibility/AXObjectCache.cpp 2018-07-10 21:29:25 UTC (rev 233698)
+++ trunk/Source/WebCore/accessibility/AXObjectCache.cpp 2018-07-10 21:56:02 UTC (rev 233699)
@@ -1591,7 +1591,7 @@
return VisiblePosition();
AXObjectCache* cache = renderer->document().axObjectCache();
- if (!cache->m_idsInUse.contains(textMarkerData.axID))
+ if (cache && !cache->m_idsInUse.contains(textMarkerData.axID))
return VisiblePosition();
return visiblePos;
@@ -2204,6 +2204,8 @@
// find or create an accessibility object for this node
AXObjectCache* cache = domNode->document().axObjectCache();
+ if (!cache)
+ return std::nullopt;
RefPtr<AccessibilityObject> obj = cache->getOrCreate(domNode);
// This memory must be zero'd so instances of TextMarkerData can be tested for byte-equivalence.
@@ -2231,6 +2233,9 @@
return std::nullopt;
AXObjectCache* cache = textControl.document().axObjectCache();
+ if (!cache)
+ return std::nullopt;
+
RefPtr<AccessibilityObject> obj = cache->getOrCreate(&textControl);
if (!obj)
return std::nullopt;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
