Title: [215705] trunk
- Revision
- 215705
- Author
- n_w...@apple.com
- Date
- 2017-04-24 17:05:20 -0700 (Mon, 24 Apr 2017)
Log Message
AX: Crash at WebCore::AXObjectCache::characterOffsetForIndex(int, WebCore::AccessibilityObject const*) + 703
https://bugs.webkit.org/show_bug.cgi?id=171247
Reviewed by Chris Fleizach.
Source/WebCore:
Crashed because we were passing a nil node into rootAXEditableElement(). Fixed it by
adding a null check.
Test: accessibility/mac/input-string-for-range-crash.html
* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::characterOffsetForIndex):
LayoutTests:
* accessibility/mac/input-string-for-range-crash-expected.txt: Added.
* accessibility/mac/input-string-for-range-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (215704 => 215705)
--- trunk/LayoutTests/ChangeLog 2017-04-25 00:04:00 UTC (rev 215704)
+++ trunk/LayoutTests/ChangeLog 2017-04-25 00:05:20 UTC (rev 215705)
@@ -1,3 +1,13 @@
+2017-04-24 Nan Wang <n_w...@apple.com>
+
+ AX: Crash at WebCore::AXObjectCache::characterOffsetForIndex(int, WebCore::AccessibilityObject const*) + 703
+ https://bugs.webkit.org/show_bug.cgi?id=171247
+
+ Reviewed by Chris Fleizach.
+
+ * accessibility/mac/input-string-for-range-crash-expected.txt: Added.
+ * accessibility/mac/input-string-for-range-crash.html: Added.
+
2017-04-24 Youenn Fablet <you...@apple.com>
Set defaults video getUserMedia constraints
Added: trunk/LayoutTests/accessibility/mac/input-string-for-range-crash-expected.txt (0 => 215705)
--- trunk/LayoutTests/accessibility/mac/input-string-for-range-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/accessibility/mac/input-string-for-range-crash-expected.txt 2017-04-25 00:05:20 UTC (rev 215705)
@@ -0,0 +1,11 @@
+
+This tests that calling stringForRange on an input element won't cause crash.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+abcd
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/accessibility/mac/input-string-for-range-crash.html (0 => 215705)
--- trunk/LayoutTests/accessibility/mac/input-string-for-range-crash.html (rev 0)
+++ trunk/LayoutTests/accessibility/mac/input-string-for-range-crash.html 2017-04-25 00:05:20 UTC (rev 215705)
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+</head>
+<style>
+.myInput:after {
+ content: " ";
+ display: table
+}
+</style>
+<body>
+
+<div class="myInput">
+<input id="test" type="input" value="abcd">
+</div>
+
+<p id="description"></p>
+<div id="console"></div>
+
+<script>
+ description("This tests that calling stringForRange on an input element won't cause crash.");
+
+ if (window.accessibilityController) {
+ var input = accessibilityController.accessibleElementById("test");
+ // make sure calling stringForRange won't crash
+ debug(input.stringForRange(0, 4));
+ }
+</script>
+
+<script src=""
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (215704 => 215705)
--- trunk/Source/WebCore/ChangeLog 2017-04-25 00:04:00 UTC (rev 215704)
+++ trunk/Source/WebCore/ChangeLog 2017-04-25 00:05:20 UTC (rev 215705)
@@ -1,3 +1,18 @@
+2017-04-24 Nan Wang <n_w...@apple.com>
+
+ AX: Crash at WebCore::AXObjectCache::characterOffsetForIndex(int, WebCore::AccessibilityObject const*) + 703
+ https://bugs.webkit.org/show_bug.cgi?id=171247
+
+ Reviewed by Chris Fleizach.
+
+ Crashed because we were passing a nil node into rootAXEditableElement(). Fixed it by
+ adding a null check.
+
+ Test: accessibility/mac/input-string-for-range-crash.html
+
+ * accessibility/AXObjectCache.cpp:
+ (WebCore::AXObjectCache::characterOffsetForIndex):
+
2017-04-24 Youenn Fablet <you...@apple.com>
Set defaults video getUserMedia constraints
Modified: trunk/Source/WebCore/accessibility/AXObjectCache.cpp (215704 => 215705)
--- trunk/Source/WebCore/accessibility/AXObjectCache.cpp 2017-04-25 00:04:00 UTC (rev 215704)
+++ trunk/Source/WebCore/accessibility/AXObjectCache.cpp 2017-04-25 00:05:20 UTC (rev 215705)
@@ -2637,7 +2637,7 @@
// Do not include the new line character, always move the offset to the start of next node.
if ((validate.node->isTextNode() || characterOffsetNodeIsBR(validate))) {
CharacterOffset next = nextCharacterOffset(validate, false);
- if (!next.offset && rootAXEditableElement(next.node) == rootAXEditableElement(validate.node))
+ if (!next.isNull() && !next.offset && rootAXEditableElement(next.node) == rootAXEditableElement(validate.node))
result = next;
}
break;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
