Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: c0e4e457ee2555e9c6ff495a45c6ca6b399a0f02
https://github.com/WebKit/WebKit/commit/c0e4e457ee2555e9c6ff495a45c6ca6b399a0f02
Author: Tyler Wilcock <[email protected]>
Date: 2023-06-20 (Tue, 20 Jun 2023)
Changed paths:
M Source/WebCore/accessibility/AXTextMarker.cpp
Log Message:
-----------
AX: AXTextMarker::boundaryPoint() can nullptr crash after WeakPtr<Node> is
destroyed
https://bugs.webkit.org/show_bug.cgi?id=258291
rdar://110921085
Reviewed by Chris Fleizach.
After creating a `WeakPtr` to a `Node`, `AXTextMarker::boundaryPoint()` calls
`AccessibilityObject::replacedNodeNeedsCharacter`
with that node, which in turn calls `accessibilityIsIgnored`, which can cause
side effects that destroy the original `WeakPtr` `Node`.
We need to re-check that the `Node` didn't become nullptr (get destroyed) after
calling `AccessibilityObject::replacedNodeNeedsCharacter`.
* Source/WebCore/accessibility/AXTextMarker.cpp:
(WebCore::AXTextMarker::boundaryPoint const):
Canonical link: https://commits.webkit.org/265315@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
