Skip to site navigation (Press enter)

[webkit-changes] [261749] trunk/Source/WebCore

andresg_22 Fri, 15 May 2020 11:14:27 -0700

Title: [261749] trunk/Source/WebCore

Revision: 261749
Author: [email protected]
Date: 2020-05-15 11:12:45 -0700 (Fri, 15 May 2020)

Log Message

Fix for crash in accessibility/mac/replace-text-with-range-on-webarea-element.html in isolated tree mode.
https://bugs.webkit.org/show_bug.cgi?id=211954


Reviewed by Chris Fleizach.

Fixes crash in isolated tree mode in accessibility/mac/replace-text-with-range-on-webarea-element.html.

* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::postTextStateChangeNotification): Check for null object before dereferencing.
(WebCore::AXObjectCache::rootWebArea): Reverted to returning an AXObject since it is not needed to return AXCoreObject.
* accessibility/AXObjectCache.h:

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/accessibility/AXObjectCache.cpp
trunk/Source/WebCore/accessibility/AXObjectCache.h

Diff

Modified: trunk/Source/WebCore/ChangeLog (261748 => 261749)


--- trunk/Source/WebCore/ChangeLog	2020-05-15 17:10:38 UTC (rev 261748)
+++ trunk/Source/WebCore/ChangeLog	2020-05-15 18:12:45 UTC (rev 261749)
@@ -1,3 +1,17 @@
+2020-05-15  Andres Gonzalez  <[email protected]>
+
+        Fix for crash in accessibility/mac/replace-text-with-range-on-webarea-element.html in isolated tree mode.
+        https://bugs.webkit.org/show_bug.cgi?id=211954
+
+        Reviewed by Chris Fleizach.
+
+        Fixes crash in isolated tree mode in accessibility/mac/replace-text-with-range-on-webarea-element.html.
+
+        * accessibility/AXObjectCache.cpp:
+        (WebCore::AXObjectCache::postTextStateChangeNotification): Check for null object before dereferencing.
+        (WebCore::AXObjectCache::rootWebArea): Reverted to returning an AXObject since it is not needed to return AXCoreObject.
+        * accessibility/AXObjectCache.h:
+
 2020-05-15  Zalan Bujtas  <[email protected]>
 
         [LFC][TFC] Move column and row balancing logic to a dedicated class

Modified: trunk/Source/WebCore/accessibility/AXObjectCache.cpp (261748 => 261749)


--- trunk/Source/WebCore/accessibility/AXObjectCache.cpp	2020-05-15 17:10:38 UTC (rev 261748)
+++ trunk/Source/WebCore/accessibility/AXObjectCache.cpp	2020-05-15 18:12:45 UTC (rev 261749)
@@ -1378,10 +1378,6 @@
         }
     }
 
-#if ENABLE(ACCESSIBILITY_ISOLATED_TREE)
-    updateIsolatedTree(*object, AXSelectedTextChanged);
-#endif
-
     postTextStateChangeNotification(object, intent, selection);
 #else
     postTextStateChangeNotification(node, intent, selection);
@@ -1401,8 +1397,17 @@
             object = observableObject;
     }
 
-    const AXTextStateChangeIntent& newIntent = (intent.type == AXTextStateChangeTypeUnknown || (m_isSynchronizingSelection && m_textSelectionIntent.type != AXTextStateChangeTypeUnknown)) ? m_textSelectionIntent : intent;
-    postTextStateChangePlatformNotification(object, newIntent, selection);
+    if (!object)
+        object = rootWebArea();
+
+    if (object) {
+#if ENABLE(ACCESSIBILITY_ISOLATED_TREE)
+        updateIsolatedTree(*object, AXSelectedTextChanged);
+#endif
+
+        const AXTextStateChangeIntent& newIntent = (intent.type == AXTextStateChangeTypeUnknown || (m_isSynchronizingSelection && m_textSelectionIntent.type != AXTextStateChangeTypeUnknown)) ? m_textSelectionIntent : intent;
+        postTextStateChangePlatformNotification(object, newIntent, selection);
+    }
 #else
     UNUSED_PARAM(object);
     UNUSED_PARAM(intent);
@@ -1428,6 +1433,12 @@
         object = object->observableObject();
     }
 
+    if (!object)
+        object = rootWebArea();
+
+    if (!object)
+        return;
+
 #if ENABLE(ACCESSIBILITY_ISOLATED_TREE)
     updateIsolatedTree(*object, AXValueChanged);
 #endif
@@ -3293,12 +3304,12 @@
     return !requiresAriaHiddenFalse || ariaHiddenFalsePresent;
 }
 
-AXCoreObject* AXObjectCache::rootWebArea()
+AccessibilityObject* AXObjectCache::rootWebArea()
 {
-    AXCoreObject* rootObject = this->rootObject();
-    if (!rootObject || !rootObject->isScrollView())
+    auto* root = getOrCreate(m_document.view());
+    if (!root || !root->isScrollView())
         return nullptr;
-    return rootObject->webAreaObject();
+    return root->webAreaObject();
 }
 
 AXAttributeCacheEnabler::AXAttributeCacheEnabler(AXObjectCache* cache)

Modified: trunk/Source/WebCore/accessibility/AXObjectCache.h (261748 => 261749)


--- trunk/Source/WebCore/accessibility/AXObjectCache.h	2020-05-15 17:10:38 UTC (rev 261748)
+++ trunk/Source/WebCore/accessibility/AXObjectCache.h	2020-05-15 18:12:45 UTC (rev 261749)
@@ -426,7 +426,7 @@
     bool shouldSkipBoundary(const CharacterOffset&, const CharacterOffset&);
 
 private:
-    AXCoreObject* rootWebArea();
+    AccessibilityObject* rootWebArea();
 
     static AccessibilityObject* focusedImageMapUIElement(HTMLAreaElement*);
     static AXCoreObject* focusedObject(Document&);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes