Skip to site navigation (Press enter)

[webkit-changes] [288874] trunk/Source/WebCore

antti Tue, 01 Feb 2022 07:13:44 -0800

Title: [288874] trunk/Source/WebCore

Revision: 288874
Author: [email protected]
Date: 2022-02-01 07:12:47 -0800 (Tue, 01 Feb 2022)

Log Message

AX: nullptr crash under AccessibilityRenderObject::computeAccessibilityIsIgnored
https://bugs.webkit.org/show_bug.cgi?id=235945
rdar://88217815


Reviewed by Andres Gonzalez.

This is similar to https://bugs.webkit.org/show_bug.cgi?id=161276.

* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored const):

m_renderer is a WeakPtr and can become null during parentObjectUnignored call, same as
the case below.

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/accessibility/AccessibilityRenderObject.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (288873 => 288874)


--- trunk/Source/WebCore/ChangeLog	2022-02-01 13:15:16 UTC (rev 288873)
+++ trunk/Source/WebCore/ChangeLog	2022-02-01 15:12:47 UTC (rev 288874)
@@ -1,3 +1,19 @@
+2022-02-01  Antti Koivisto  <[email protected]>
+
+        AX: nullptr crash under AccessibilityRenderObject::computeAccessibilityIsIgnored
+        https://bugs.webkit.org/show_bug.cgi?id=235945
+        rdar://88217815
+
+        Reviewed by Andres Gonzalez.
+
+        This is similar to https://bugs.webkit.org/show_bug.cgi?id=161276.
+
+        * accessibility/AccessibilityRenderObject.cpp:
+        (WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored const):
+
+        m_renderer is a WeakPtr and can become null during parentObjectUnignored call, same as
+        the case below.
+
 2022-02-01  Carlos Garcia Campos  <[email protected]>
 
         Unreviewed. [GTK][WPE] Fix compile warning

Modified: trunk/Source/WebCore/accessibility/AccessibilityRenderObject.cpp (288873 => 288874)


--- trunk/Source/WebCore/accessibility/AccessibilityRenderObject.cpp	2022-02-01 13:15:16 UTC (rev 288873)
+++ trunk/Source/WebCore/accessibility/AccessibilityRenderObject.cpp	2022-02-01 15:12:47 UTC (rev 288874)
@@ -1325,6 +1325,11 @@
     if (is<RenderText>(*m_renderer)) {
         // static text beneath MenuItems and MenuButtons are just reported along with the menu item, so it's ignored on an individual level
         AXCoreObject* parent = parentObjectUnignored();
+
+        // Walking up the parent chain might reset the m_renderer.
+        if (!m_renderer)
+            return true;
+
         if (parent && (parent->isMenuItem() || parent->ariaRoleAttribute() == AccessibilityRole::MenuButton))
             return true;
         auto& renderText = downcast<RenderText>(*m_renderer);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes