[webkit-changes] [241495] trunk/Source/WebCore

[commit-queue]

Title: [241495] trunk/Source/WebCore

Revision

241495

Author

commit-qu...@webkit.org

Date

2019-02-13 19:38:40 -0800 (Wed, 13 Feb 2019)

Log Message

Web Inspector: Crash when inspecting an element that constantly changes visibility
https://bugs.webkit.org/show_bug.cgi?id=194632
<rdar://problem/48060258>

Patch by Joseph Pecoraro <pecor...@apple.com> on 2019-02-13
Reviewed by Matt Baker and Devin Rousso.

* inspector/agents/InspectorDOMAgent.h:
* inspector/agents/InspectorDOMAgent.cpp:
(WebCore::InspectorDOMAgent::processAccessibilityChildren):
(WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):
Don't use rvalue-references as that was taking ownership and deleting
the object we want to keep around. Instead simplify this to just use
references so no ref counting changes happen.

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/inspector/agents/InspectorDOMAgent.cpp
• trunk/Source/WebCore/inspector/agents/InspectorDOMAgent.h

Diff

Modified: trunk/Source/WebCore/ChangeLog (241494 => 241495)

--- trunk/Source/WebCore/ChangeLog	2019-02-14 03:27:13 UTC (rev 241494)
+++ trunk/Source/WebCore/ChangeLog	2019-02-14 03:38:40 UTC (rev 241495)
@@ -1,3 +1,19 @@
+2019-02-13  Joseph Pecoraro  <pecor...@apple.com>
+
+        Web Inspector: Crash when inspecting an element that constantly changes visibility
+        https://bugs.webkit.org/show_bug.cgi?id=194632
+        <rdar://problem/48060258>
+
+        Reviewed by Matt Baker and Devin Rousso.
+
+        * inspector/agents/InspectorDOMAgent.h:
+        * inspector/agents/InspectorDOMAgent.cpp:
+        (WebCore::InspectorDOMAgent::processAccessibilityChildren):
+        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):
+        Don't use rvalue-references as that was taking ownership and deleting
+        the object we want to keep around. Instead simplify this to just use
+        references so no ref counting changes happen.
+
 2019-02-13  Chris Fleizach  <cfleiz...@apple.com>
 
         AX: Crash in handleMenuOpen

Modified: trunk/Source/WebCore/inspector/agents/InspectorDOMAgent.cpp (241494 => 241495)

--- trunk/Source/WebCore/inspector/agents/InspectorDOMAgent.cpp	2019-02-14 03:27:13 UTC (rev 241494)
+++ trunk/Source/WebCore/inspector/agents/InspectorDOMAgent.cpp	2019-02-14 03:38:40 UTC (rev 241495)
@@ -1742,21 +1742,18 @@
         value->setHasBreakpoint(hasBreakpoint);
     return value;
 }
-    
-void InspectorDOMAgent::processAccessibilityChildren(RefPtr<AccessibilityObject>&& axObject, RefPtr<JSON::ArrayOf<int>>&& childNodeIds)
+
+void InspectorDOMAgent::processAccessibilityChildren(AccessibilityObject& axObject, JSON::ArrayOf<int>& childNodeIds)
 {
-    const auto& children = axObject->children();
+    const auto& children = axObject.children();
     if (!children.size())
         return;
-    
-    if (!childNodeIds)
-        childNodeIds = JSON::ArrayOf<int>::create();
-    
+
     for (const auto& childObject : children) {
         if (Node* childNode = childObject->node())
-            childNodeIds->addItem(pushNodePathToFrontend(childNode));
+            childNodeIds.addItem(pushNodePathToFrontend(childNode));
         else
-            processAccessibilityChildren(childObject.copyRef(), childNodeIds.copyRef());
+            processAccessibilityChildren(*childObject, childNodeIds);
     }
 }
     
@@ -1832,7 +1829,10 @@
                     checked = Inspector::Protocol::DOM::AccessibilityProperties::Checked::True;
             }
             
-            processAccessibilityChildren(axObject, WTFMove(childNodeIds));
+            if (!axObject->children().isEmpty()) {
+                childNodeIds = JSON::ArrayOf<int>::create();
+                processAccessibilityChildren(*axObject, *childNodeIds);
+            }
             
             Vector<Element*> controlledElements;
             axObject->elementsFromAttribute(controlledElements, aria_controlsAttr);

Modified: trunk/Source/WebCore/inspector/agents/InspectorDOMAgent.h (241494 => 241495)

--- trunk/Source/WebCore/inspector/agents/InspectorDOMAgent.h	2019-02-14 03:27:13 UTC (rev 241494)
+++ trunk/Source/WebCore/inspector/agents/InspectorDOMAgent.h	2019-02-14 03:38:40 UTC (rev 241495)
@@ -248,7 +248,7 @@
     RefPtr<JSON::ArrayOf<Inspector::Protocol::DOM::Node>> buildArrayForPseudoElements(const Element&, NodeToIdMap* nodesMap);
     Ref<Inspector::Protocol::DOM::EventListener> buildObjectForEventListener(const RegisteredEventListener&, int identifier, const AtomicString& eventType, Node*, const String* objectGroupId, bool disabled, bool hasBreakpoint);
     RefPtr<Inspector::Protocol::DOM::AccessibilityProperties> buildObjectForAccessibilityProperties(Node*);
-    void processAccessibilityChildren(RefPtr<AccessibilityObject>&&, RefPtr<JSON::ArrayOf<int>>&&);
+    void processAccessibilityChildren(AccessibilityObject&, JSON::ArrayOf<int>&);
     
     Node* nodeForPath(const String& path);
     Node* nodeForObjectId(const String& objectId);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes