Skip to site navigation (Press enter)

[webkit-changes] [265705] trunk/Source/WebCore

andresg_22 Fri, 14 Aug 2020 14:56:47 -0700

Title: [265705] trunk/Source/WebCore

Revision: 265705
Author: [email protected]
Date: 2020-08-14 14:55:31 -0700 (Fri, 14 Aug 2020)

Log Message

Crash in WebCore::AXObjectCache::rangeMatchesTextNearRange.
https://bugs.webkit.org/show_bug.cgi?id=215521
<rdar://problem/64773177>


Reviewed by Chris Fleizach.

The test accessibility/ios-simulator/text-marker-range-matches-text.html
exercises this code path, but doesn't reproduce this crash.

Added a check for nullity of the VisiblePositions before creating the
SimpleRange.

* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::rangeMatchesTextNearRange):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/accessibility/AXObjectCache.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (265704 => 265705)


--- trunk/Source/WebCore/ChangeLog	2020-08-14 21:42:56 UTC (rev 265704)
+++ trunk/Source/WebCore/ChangeLog	2020-08-14 21:55:31 UTC (rev 265705)
@@ -1,3 +1,20 @@
+2020-08-14  Andres Gonzalez  <[email protected]>
+
+        Crash in WebCore::AXObjectCache::rangeMatchesTextNearRange.
+        https://bugs.webkit.org/show_bug.cgi?id=215521
+        <rdar://problem/64773177>
+
+        Reviewed by Chris Fleizach.
+
+        The test accessibility/ios-simulator/text-marker-range-matches-text.html
+        exercises this code path, but doesn't reproduce this crash.
+
+        Added a check for nullity of the VisiblePositions before creating the
+        SimpleRange.
+
+        * accessibility/AXObjectCache.cpp:
+        (WebCore::AXObjectCache::rangeMatchesTextNearRange):
+
 2020-08-14  Chris Dumez  <[email protected]>
 
         Add support for suspending / resuming an OfflineAudioContext

Modified: trunk/Source/WebCore/accessibility/AXObjectCache.cpp (265704 => 265705)


--- trunk/Source/WebCore/accessibility/AXObjectCache.cpp	2020-08-14 21:42:56 UTC (rev 265704)
+++ trunk/Source/WebCore/accessibility/AXObjectCache.cpp	2020-08-14 21:55:31 UTC (rev 265705)
@@ -2002,6 +2002,8 @@
         startPosition = firstPositionInOrBeforeNode(originalRange.start.container.ptr());
     if (endPosition.isNull())
         endPosition = lastPositionInOrAfterNode(originalRange.end.container.ptr());
+    if (startPosition.isNull() || endPosition.isNull())
+        return WTF::nullopt;
 
     auto searchRange = makeSimpleRange(startPosition, endPosition);
     if (!searchRange || searchRange->collapsed())

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes