[webkit-changes] [232852] trunk

Thu, 14 Jun 2018 14:11:51 -0700

Title: [232852] trunk
Revision
232852
Author
n_w...@apple.com
Date
2018-06-14 14:11:10 -0700 (Thu, 14 Jun 2018)

Log Message

AX: Crash in AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 536
https://bugs.webkit.org/show_bug.cgi?id=186629

Reviewed by Chris Fleizach.

Source/WebCore:

This crashed when we passed a null node to ancestorsOfType. Fixed it
by adding a null check.

Test: accessibility/hidden-object-text-value-crash.html

* accessibility/AccessibilityNodeObject.cpp:
(WebCore::AccessibilityNodeObject::textUnderElement const):

LayoutTests:

* accessibility/hidden-object-text-value-crash-expected.txt: Added.
* accessibility/hidden-object-text-value-crash.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (232851 => 232852)


--- trunk/LayoutTests/ChangeLog	2018-06-14 20:26:38 UTC (rev 232851)
+++ trunk/LayoutTests/ChangeLog	2018-06-14 21:11:10 UTC (rev 232852)
@@ -1,3 +1,13 @@
+2018-06-14  Nan Wang  <n_w...@apple.com>
+
+        AX: Crash in AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 536
+        https://bugs.webkit.org/show_bug.cgi?id=186629
+
+        Reviewed by Chris Fleizach.
+
+        * accessibility/hidden-object-text-value-crash-expected.txt: Added.
+        * accessibility/hidden-object-text-value-crash.html: Added.
+
 2018-06-14  John Wilander  <wilan...@apple.com>
 
         Resource Load Statistics: Shortcut classification for redirect to prevalent resource

Added: trunk/LayoutTests/accessibility/hidden-object-text-value-crash-expected.txt (0 => 232852)


--- trunk/LayoutTests/accessibility/hidden-object-text-value-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/accessibility/hidden-object-text-value-crash-expected.txt	2018-06-14 21:11:10 UTC (rev 232852)
@@ -0,0 +1,13 @@
+
+click
+Description text
+
+This tests that it won't cause a crash when computing the text value of an AX object that is hidden and has no node.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/accessibility/hidden-object-text-value-crash.html (0 => 232852)


--- trunk/LayoutTests/accessibility/hidden-object-text-value-crash.html	                        (rev 0)
+++ trunk/LayoutTests/accessibility/hidden-object-text-value-crash.html	2018-06-14 21:11:10 UTC (rev 232852)
@@ -0,0 +1,39 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src=""
+</head>
+<style>
+span::before {
+    content: "Before";
+}
+</style>
+<body id="body">
+
+<button id="button" type="button" aria-hidden="true" aria-haspopup="true"><span></span></button>
+<div id="button2" aria-labelledby="button">
+<button>click</button>
+</div>
+
+<p>Description text</p>
+</div>
+
+<p id="description"></p>
+<div id="console"></div>
+
+<script>
+
+    description("This tests that it won't cause a crash when computing the text value of an AX object that is hidden and has no node.");
+
+    if (window.accessibilityController) {
+
+        var button = accessibilityController.accessibleElementById("button2");
+        // Do not crash
+        button.description;
+    }
+
+</script>
+
+<script src=""
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (232851 => 232852)


--- trunk/Source/WebCore/ChangeLog	2018-06-14 20:26:38 UTC (rev 232851)
+++ trunk/Source/WebCore/ChangeLog	2018-06-14 21:11:10 UTC (rev 232852)
@@ -1,3 +1,18 @@
+2018-06-14  Nan Wang  <n_w...@apple.com>
+
+        AX: Crash in AccessibilityNodeObject::textUnderElement(WebCore::AccessibilityTextUnderElementMode) const + 536
+        https://bugs.webkit.org/show_bug.cgi?id=186629
+
+        Reviewed by Chris Fleizach.
+
+        This crashed when we passed a null node to ancestorsOfType. Fixed it
+        by adding a null check.
+
+        Test: accessibility/hidden-object-text-value-crash.html
+
+        * accessibility/AccessibilityNodeObject.cpp:
+        (WebCore::AccessibilityNodeObject::textUnderElement const):
+
 2018-06-14  Timothy Hatcher  <timo...@apple.com>
 
         Expose more semantic system colors.

Modified: trunk/Source/WebCore/accessibility/AccessibilityNodeObject.cpp (232851 => 232852)


--- trunk/Source/WebCore/accessibility/AccessibilityNodeObject.cpp	2018-06-14 20:26:38 UTC (rev 232851)
+++ trunk/Source/WebCore/accessibility/AccessibilityNodeObject.cpp	2018-06-14 21:11:10 UTC (rev 232852)
@@ -1744,7 +1744,7 @@
     // The Accname specification states that if the current node is hidden, and not directly
     // referenced by aria-labelledby or aria-describedby, and is not a host language text
     // alternative, the empty string should be returned.
-    if (isHidden() && !is<HTMLLabelElement>(node) && !ancestorsOfType<HTMLCanvasElement>(*node).first()) {
+    if (isHidden() && !is<HTMLLabelElement>(node) && (node && !ancestorsOfType<HTMLCanvasElement>(*node).first())) {
         AccessibilityObject::AccessibilityChildrenVector labelFor;
         AccessibilityObject::AccessibilityChildrenVector descriptionFor;
         ariaLabelledByReferencingElements(labelFor);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to