Title: [257896] trunk/Source/WebCore
- Revision
- 257896
- Author
- andresg...@apple.com
- Date
- 2020-03-04 19:28:11 -0800 (Wed, 04 Mar 2020)
Log Message
Fix for crash in AXIsolatedObject::fillChildrenVectorForProperty.
https://bugs.webkit.org/show_bug.cgi?id=208618
Reviewed by Chris Fleizach.
Reserve capacity of WTF::Vector before using it since constructor
doesn't do it.
* accessibility/isolatedtree/AXIsolatedObject.cpp:
(WebCore::AXIsolatedObject::fillChildrenVectorForProperty const):
* accessibility/isolatedtree/AXIsolatedTree.cpp:
(WebCore::AXIsolatedTree::objectsForIDs const):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (257895 => 257896)
--- trunk/Source/WebCore/ChangeLog 2020-03-05 03:14:47 UTC (rev 257895)
+++ trunk/Source/WebCore/ChangeLog 2020-03-05 03:28:11 UTC (rev 257896)
@@ -1,3 +1,18 @@
+2020-03-04 Andres Gonzalez <andresg...@apple.com>
+
+ Fix for crash in AXIsolatedObject::fillChildrenVectorForProperty.
+ https://bugs.webkit.org/show_bug.cgi?id=208618
+
+ Reviewed by Chris Fleizach.
+
+ Reserve capacity of WTF::Vector before using it since constructor
+ doesn't do it.
+
+ * accessibility/isolatedtree/AXIsolatedObject.cpp:
+ (WebCore::AXIsolatedObject::fillChildrenVectorForProperty const):
+ * accessibility/isolatedtree/AXIsolatedTree.cpp:
+ (WebCore::AXIsolatedTree::objectsForIDs const):
+
2020-03-04 Chris Dumez <cdu...@apple.com>
Adopt new and improved CFNetwork SPI for cookie change notifications
Modified: trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.cpp (257895 => 257896)
--- trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.cpp 2020-03-05 03:14:47 UTC (rev 257895)
+++ trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.cpp 2020-03-05 03:28:11 UTC (rev 257896)
@@ -852,7 +852,12 @@
void AXIsolatedObject::fillChildrenVectorForProperty(AXPropertyName propertyName, AccessibilityChildrenVector& children) const
{
- children = tree()->objectsForIDs(vectorAttributeValue<AXID>(propertyName));
+ Vector<AXID> childIDs = vectorAttributeValue<AXID>(propertyName);
+ children.reserveCapacity(childIDs.size());
+ for (const auto& childID : childIDs) {
+ if (auto object = tree()->nodeForID(childID))
+ children.uncheckedAppend(object);
+ }
}
void AXIsolatedObject::updateBackingStore()
Modified: trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp (257895 => 257896)
--- trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp 2020-03-05 03:14:47 UTC (rev 257895)
+++ trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp 2020-03-05 03:28:11 UTC (rev 257896)
@@ -137,7 +137,8 @@
Vector<RefPtr<AXCoreObject>> AXIsolatedTree::objectsForIDs(Vector<AXID> axIDs) const
{
- Vector<RefPtr<AXCoreObject>> result(axIDs.size());
+ Vector<RefPtr<AXCoreObject>> result;
+ result.reserveCapacity(axIDs.size());
for (const auto& axID : axIDs) {
if (auto object = nodeForID(axID))
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
