Title: [287533] trunk/Source/WebCore
- Revision
- 287533
- Author
- [email protected]
- Date
- 2022-01-03 01:21:23 -0800 (Mon, 03 Jan 2022)
Log Message
AX: web process crash with isolated tree mode enabled
https://bugs.webkit.org/show_bug.cgi?id=234739
<rdar://problem/86983058>
Reviewed by Chris Fleizach.
It can happen that a new node being added is removed by AXIsolatedObject constructor when initializing
ComputedLabel property, because AccessibilityObject::computedLabel() calls updateBackingStore() that can trigger
a layout. We don't really need ComputedLabel property for isolated objects because AccessibilityObject::computedLabel()
is only used by the inspector that uses AccessibilityObject directly.
* accessibility/isolatedtree/AXIsolatedObject.cpp:
(WebCore::AXIsolatedObject::initializeAttributeData): Remove ComputedLabel property initialization.
(WebCore::AXIsolatedObject::computedLabel): Assert if called.
* accessibility/isolatedtree/AXIsolatedObject.h:
* accessibility/isolatedtree/AXIsolatedTree.cpp:
(WebCore::AXIsolatedTree::createSubtree): Add an assert to ensure the wrapper is still valid after AXIsolatedObject::create().
* accessibility/isolatedtree/AXIsolatedTree.h:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (287532 => 287533)
--- trunk/Source/WebCore/ChangeLog 2022-01-03 08:17:59 UTC (rev 287532)
+++ trunk/Source/WebCore/ChangeLog 2022-01-03 09:21:23 UTC (rev 287533)
@@ -1,3 +1,24 @@
+2022-01-03 Carlos Garcia Campos <[email protected]>
+
+ AX: web process crash with isolated tree mode enabled
+ https://bugs.webkit.org/show_bug.cgi?id=234739
+ <rdar://problem/86983058>
+
+ Reviewed by Chris Fleizach.
+
+ It can happen that a new node being added is removed by AXIsolatedObject constructor when initializing
+ ComputedLabel property, because AccessibilityObject::computedLabel() calls updateBackingStore() that can trigger
+ a layout. We don't really need ComputedLabel property for isolated objects because AccessibilityObject::computedLabel()
+ is only used by the inspector that uses AccessibilityObject directly.
+
+ * accessibility/isolatedtree/AXIsolatedObject.cpp:
+ (WebCore::AXIsolatedObject::initializeAttributeData): Remove ComputedLabel property initialization.
+ (WebCore::AXIsolatedObject::computedLabel): Assert if called.
+ * accessibility/isolatedtree/AXIsolatedObject.h:
+ * accessibility/isolatedtree/AXIsolatedTree.cpp:
+ (WebCore::AXIsolatedTree::createSubtree): Add an assert to ensure the wrapper is still valid after AXIsolatedObject::create().
+ * accessibility/isolatedtree/AXIsolatedTree.h:
+
2022-01-03 Youenn Fablet <[email protected]>
FetchRequest.clone does not need to be called with the current context
Modified: trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.cpp (287532 => 287533)
--- trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.cpp 2022-01-03 08:17:59 UTC (rev 287532)
+++ trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.cpp 2022-01-03 09:21:23 UTC (rev 287533)
@@ -200,7 +200,6 @@
setObjectProperty(AXPropertyName::VerticalScrollBar, object.scrollBar(AccessibilityOrientation::Vertical));
setObjectProperty(AXPropertyName::HorizontalScrollBar, object.scrollBar(AccessibilityOrientation::Horizontal));
setProperty(AXPropertyName::ARIARoleAttribute, static_cast<int>(object.ariaRoleAttribute()));
- setProperty(AXPropertyName::ComputedLabel, object.computedLabel().isolatedCopy());
setProperty(AXPropertyName::PlaceholderValue, object.placeholderValue().isolatedCopy());
setProperty(AXPropertyName::ExpandedTextValue, object.expandedTextValue().isolatedCopy());
setProperty(AXPropertyName::SupportsExpandedTextValue, object.supportsExpandedTextValue());
@@ -799,6 +798,13 @@
}
#endif
+String AXIsolatedObject::computedLabel()
+{
+ // This is only used by the web inspector that calls AccessibilityObject::computedLabel().
+ ASSERT_NOT_REACHED();
+ return { };
+}
+
SRGBA<uint8_t> AXIsolatedObject::colorValue() const
{
return colorAttributeValue(AXPropertyName::ColorValue).toSRGBALossy<uint8_t>();
Modified: trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.h (287532 => 287533)
--- trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.h 2022-01-03 08:17:59 UTC (rev 287532)
+++ trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.h 2022-01-03 09:21:23 UTC (rev 287533)
@@ -261,7 +261,7 @@
AXCoreObject* titleUIElement() const override { return objectAttributeValue(AXPropertyName::TitleUIElement); }
AXCoreObject* scrollBar(AccessibilityOrientation) override;
AccessibilityRole ariaRoleAttribute() const override { return static_cast<AccessibilityRole>(intAttributeValue(AXPropertyName::ARIARoleAttribute)); }
- String computedLabel() override { return stringAttributeValue(AXPropertyName::ComputedLabel); }
+ String computedLabel() override;
int textLength() const override { return intAttributeValue(AXPropertyName::TextLength); }
const String placeholderValue() const override { return stringAttributeValue(AXPropertyName::PlaceholderValue); }
String expandedTextValue() const override { return stringAttributeValue(AXPropertyName::ExpandedTextValue); }
Modified: trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp (287532 => 287533)
--- trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp 2022-01-03 08:17:59 UTC (rev 287532)
+++ trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp 2022-01-03 09:21:23 UTC (rev 287533)
@@ -209,6 +209,8 @@
return object;
}
+ ASSERT(axObject.wrapper());
+
NodeChange nodeChange { object, nullptr };
if (attachWrapper)
object->attachPlatformWrapper(axObject.wrapper());
Modified: trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.h (287532 => 287533)
--- trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.h 2022-01-03 08:17:59 UTC (rev 287532)
+++ trunk/Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.h 2022-01-03 09:21:23 UTC (rev 287533)
@@ -96,7 +96,6 @@
ColumnHeaders,
ColumnIndex,
ColumnIndexRange,
- ComputedLabel,
ComputedRoleString,
Contents,
CurrentState,
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
