Title: [244498] trunk
- Revision
- 244498
- Author
- carlo...@webkit.org
- Date
- 2019-04-22 00:58:11 -0700 (Mon, 22 Apr 2019)
Log Message
REGRESSION(r241289): [GTK] accessibility/removed-continuation-element-causes-crash.html and accessibility/removed-anonymous-block-child-causes-crash.html crashes
https://bugs.webkit.org/show_bug.cgi?id=194630
Reviewed by Michael Catanzaro.
Source/WebCore:
Do not assume core object always has a wrapper in webkitAccessibleRefChild().
Fixes: accessibility/removed-continuation-element-causes-crash.html
accessibility/removed-anonymous-block-child-causes-crash.html
* accessibility/atk/WebKitAccessible.cpp:
(webkitAccessibleRefChild): Return early if wrapper is nullptr.
Tools:
Return early from getAttributeSet() is passed in accessible is nullptr.
* WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp:
LayoutTests:
Remove expectations for tests that are passing now.
* platform/gtk/TestExpectations:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (244497 => 244498)
--- trunk/LayoutTests/ChangeLog 2019-04-22 06:44:25 UTC (rev 244497)
+++ trunk/LayoutTests/ChangeLog 2019-04-22 07:58:11 UTC (rev 244498)
@@ -1,3 +1,14 @@
+2019-04-22 Carlos Garcia Campos <cgar...@igalia.com>
+
+ REGRESSION(r241289): [GTK] accessibility/removed-continuation-element-causes-crash.html and accessibility/removed-anonymous-block-child-causes-crash.html crashes
+ https://bugs.webkit.org/show_bug.cgi?id=194630
+
+ Reviewed by Michael Catanzaro.
+
+ Remove expectations for tests that are passing now.
+
+ * platform/gtk/TestExpectations:
+
2019-04-20 Said Abou-Hallawa <s...@apple.com>
REGRESSION (r243137): SVGViewElement.viewTarget should not return a new object
Modified: trunk/LayoutTests/platform/gtk/TestExpectations (244497 => 244498)
--- trunk/LayoutTests/platform/gtk/TestExpectations 2019-04-22 06:44:25 UTC (rev 244497)
+++ trunk/LayoutTests/platform/gtk/TestExpectations 2019-04-22 07:58:11 UTC (rev 244498)
@@ -1321,9 +1321,6 @@
webkit.org/b/191882 fast/forms/validation-message-clone.html [ Failure Crash Pass ]
webkit.org/b/191882 fast/forms/validation-message-in-relative-body.html [ Failure Crash ]
-webkit.org/b/194630 accessibility/removed-anonymous-block-child-causes-crash.html [ Crash ]
-webkit.org/b/194630 accessibility/removed-continuation-element-causes-crash.html [ Crash ]
-
webkit.org/b/195260 mathml/presentation/tokenElements-dynamic.html [ Crash Pass ]
webkit.org/b/195271 imported/w3c/web-platform-tests/mathml/presentation-markup/scripts/underover-1.html [ Failure Pass ]
Modified: trunk/Source/WebCore/ChangeLog (244497 => 244498)
--- trunk/Source/WebCore/ChangeLog 2019-04-22 06:44:25 UTC (rev 244497)
+++ trunk/Source/WebCore/ChangeLog 2019-04-22 07:58:11 UTC (rev 244498)
@@ -1,3 +1,18 @@
+2019-04-22 Carlos Garcia Campos <cgar...@igalia.com>
+
+ REGRESSION(r241289): [GTK] accessibility/removed-continuation-element-causes-crash.html and accessibility/removed-anonymous-block-child-causes-crash.html crashes
+ https://bugs.webkit.org/show_bug.cgi?id=194630
+
+ Reviewed by Michael Catanzaro.
+
+ Do not assume core object always has a wrapper in webkitAccessibleRefChild().
+
+ Fixes: accessibility/removed-continuation-element-causes-crash.html
+ accessibility/removed-anonymous-block-child-causes-crash.html
+
+ * accessibility/atk/WebKitAccessible.cpp:
+ (webkitAccessibleRefChild): Return early if wrapper is nullptr.
+
2019-04-21 Darin Adler <da...@apple.com>
WHLSLPrepare.cpp always recompiles, even if nothing was changed
Modified: trunk/Source/WebCore/accessibility/atk/WebKitAccessible.cpp (244497 => 244498)
--- trunk/Source/WebCore/accessibility/atk/WebKitAccessible.cpp 2019-04-22 06:44:25 UTC (rev 244497)
+++ trunk/Source/WebCore/accessibility/atk/WebKitAccessible.cpp 2019-04-22 07:58:11 UTC (rev 244498)
@@ -348,11 +348,12 @@
if (!coreChild)
return nullptr;
- auto* child = ATK_OBJECT(coreChild->wrapper());
- atk_object_set_parent(child, object);
- g_object_ref(child);
+ auto* child = coreChild->wrapper();
+ if (!child)
+ return nullptr;
- return child;
+ atk_object_set_parent(ATK_OBJECT(child), object);
+ return ATK_OBJECT(g_object_ref(child));
}
static gint webkitAccessibleGetIndexInParent(AtkObject* object)
Modified: trunk/Tools/ChangeLog (244497 => 244498)
--- trunk/Tools/ChangeLog 2019-04-22 06:44:25 UTC (rev 244497)
+++ trunk/Tools/ChangeLog 2019-04-22 07:58:11 UTC (rev 244498)
@@ -1,3 +1,14 @@
+2019-04-22 Carlos Garcia Campos <cgar...@igalia.com>
+
+ REGRESSION(r241289): [GTK] accessibility/removed-continuation-element-causes-crash.html and accessibility/removed-anonymous-block-child-causes-crash.html crashes
+ https://bugs.webkit.org/show_bug.cgi?id=194630
+
+ Reviewed by Michael Catanzaro.
+
+ Return early from getAttributeSet() is passed in accessible is nullptr.
+
+ * WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp:
+
2019-04-21 Wenson Hsieh <wenson_hs...@apple.com>
Defer EditorState updates until the next layer tree flush in a few additional circumstances
Modified: trunk/Tools/WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp (244497 => 244498)
--- trunk/Tools/WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp 2019-04-22 06:44:25 UTC (rev 244497)
+++ trunk/Tools/WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp 2019-04-22 07:58:11 UTC (rev 244498)
@@ -184,6 +184,9 @@
AtkAttributeSet* getAttributeSet(AtkObject* accessible, AtkAttributeType type)
{
+ if (!accessible)
+ return nullptr;
+
if (type == ObjectAttributeType)
return atk_object_get_attributes(accessible);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
