Branch: refs/heads/safari-7614.2.3.1-branch Home: https://github.com/WebKit/WebKit Commit: c026c76d4a39bb03661f38613df2c5cd36de79f2 https://github.com/WebKit/WebKit/commit/c026c76d4a39bb03661f38613df2c5cd36de79f2 Author: Alan Coon <alanc...@apple.com> Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths: M Source/JavaScriptCore/Configurations/Version.xcconfig M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig M Source/WebCore/Configurations/Version.xcconfig M Source/WebCore/PAL/Configurations/Version.xcconfig M Source/WebGPU/Configurations/Version.xcconfig M Source/WebInspectorUI/Configurations/Version.xcconfig M Source/WebKit/Configurations/Version.xcconfig M Source/WebKitLegacy/mac/Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7614.2.3.1.1 Canonical link: https://commits.webkit.org/252432.243@safari-7614.2.3.1-branch Commit: 98449fdd07de416f7e64287e9b6332c0bd9b0916 https://github.com/WebKit/WebKit/commit/98449fdd07de416f7e64287e9b6332c0bd9b0916 Author: Tyler Wilcock <tyle...@apple.com> Date: 2022-08-29 (Mon, 29 Aug 2022) Changed paths: A LayoutTests/accessibility/multiple-attribute-change-crash-expected.txt A LayoutTests/accessibility/multiple-attribute-change-crash.html A LayoutTests/platform/glib/accessibility/multiple-attribute-change-crash-expected.txt M LayoutTests/platform/ios/TestExpectations A LayoutTests/platform/ios/accessibility/multiple-attribute-change-crash-expected.txt M LayoutTests/platform/win/TestExpectations M Source/WebCore/accessibility/AXObjectCache.cpp Log Message: ----------- Cherry-pick 77ab8bd37796. rdar://problem/98729717 AX: AXObjectCache::remove(Node&) can be called while performing a cache update causing m_deferred* vectors to be modified as we iterate over them https://bugs.webkit.org/show_bug.cgi?id=244421 rdar://98729717 Reviewed by Chris Fleizach. Handling certain attribute changes in AXObjectCache::handleAttributeChange can cause AXObjectCache::remove(Node&) to be called as a side effect. For example, this can happen as a result of a `role` attribute change. When this happens, the Node is removed from m_deferredAttributeChanges while we are iterating over this vector. This patch prevents this by making AXObjectCache::remove(Node&) bail early before modifying any m_deferred* vector if we detect that we're in the middle of a cache update. If this is true, these vectors will be cleared anyways upon completion of their processing. * LayoutTests/accessibility/multiple-attribute-change-crash-expected.txt: Added. * LayoutTests/accessibility/multiple-attribute-change-crash.html: Added. * LayoutTests/platform/ios/TestExpectations: Enable new test. * LayoutTests/platform/glib/accessibility/multiple-attribute-change-crash-expected.txt: Added * LayoutTests/platform/ios/accessibility/multiple-attribute-change-crash-expected.txt: Added. * LayoutTests/platform/win/TestExpectations: Disable new test. * Source/WebCore/accessibility/AXObjectCache.cpp: (WebCore::AXObjectCache::remove): (WebCore::AXObjectCache::handleAttributeChange): Fix unchecked null dereference of the input Element* in an AXLOG. Canonical link: https://commits.webkit.org/253871@main Canonical link: https://commits.webkit.org/252432.244@safari-7614.2.3.1-branch Compare: https://github.com/WebKit/WebKit/compare/c026c76d4a39%5E...98449fdd07de _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes