Title: [289187] releases/WebKitGTK/webkit-2.34/Source/WebCore
- Revision
- 289187
- Author
- [email protected]
- Date
- 2022-02-06 16:16:54 -0800 (Sun, 06 Feb 2022)
Log Message
Merge r288874 - AX: nullptr crash under AccessibilityRenderObject::computeAccessibilityIsIgnored
https://bugs.webkit.org/show_bug.cgi?id=235945
rdar://88217815
Reviewed by Andres Gonzalez.
This is similar to https://bugs.webkit.org/show_bug.cgi?id=161276.
* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored const):
m_renderer is a WeakPtr and can become null during parentObjectUnignored call, same as
the case below.
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.34/Source/WebCore/ChangeLog (289186 => 289187)
--- releases/WebKitGTK/webkit-2.34/Source/WebCore/ChangeLog 2022-02-07 00:16:47 UTC (rev 289186)
+++ releases/WebKitGTK/webkit-2.34/Source/WebCore/ChangeLog 2022-02-07 00:16:54 UTC (rev 289187)
@@ -1,3 +1,19 @@
+2022-02-01 Antti Koivisto <[email protected]>
+
+ AX: nullptr crash under AccessibilityRenderObject::computeAccessibilityIsIgnored
+ https://bugs.webkit.org/show_bug.cgi?id=235945
+ rdar://88217815
+
+ Reviewed by Andres Gonzalez.
+
+ This is similar to https://bugs.webkit.org/show_bug.cgi?id=161276.
+
+ * accessibility/AccessibilityRenderObject.cpp:
+ (WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored const):
+
+ m_renderer is a WeakPtr and can become null during parentObjectUnignored call, same as
+ the case below.
+
2022-01-27 Gabriel Nava Marino <[email protected]>
jsc_fuz/wktr: crash with new XRReferenceSpaceEvent('', {referenceSpace})
Modified: releases/WebKitGTK/webkit-2.34/Source/WebCore/accessibility/AccessibilityRenderObject.cpp (289186 => 289187)
--- releases/WebKitGTK/webkit-2.34/Source/WebCore/accessibility/AccessibilityRenderObject.cpp 2022-02-07 00:16:47 UTC (rev 289186)
+++ releases/WebKitGTK/webkit-2.34/Source/WebCore/accessibility/AccessibilityRenderObject.cpp 2022-02-07 00:16:54 UTC (rev 289187)
@@ -1358,6 +1358,11 @@
if (is<RenderText>(*m_renderer)) {
// static text beneath MenuItems and MenuButtons are just reported along with the menu item, so it's ignored on an individual level
AXCoreObject* parent = parentObjectUnignored();
+
+ // Walking up the parent chain might reset the m_renderer.
+ if (!m_renderer)
+ return true;
+
if (parent && (parent->isMenuItem() || parent->ariaRoleAttribute() == AccessibilityRole::MenuButton))
return true;
auto& renderText = downcast<RenderText>(*m_renderer);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
