[webkit-changes] [WebKit/WebKit] d15c4b: [Remote Inspection] Refactor ElementTargetingContr...

Tue, 30 Jul 2024 16:19:13 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: d15c4b4addcad589c6dda36bc3bde03a78da1e10
      
https://github.com/WebKit/WebKit/commit/d15c4b4addcad589c6dda36bc3bde03a78da1e10
  Author: Wenson Hsieh <[email protected]>
  Date:   2024-07-30 (Tue, 30 Jul 2024)

  Changed paths:
    M Source/WebCore/page/ElementTargetingController.cpp

  Log Message:
  -----------
  [Remote Inspection] Refactor ElementTargetingController to avoid a rare 
nullptr crash
https://bugs.webkit.org/show_bug.cgi?id=277371
rdar://132831879

Reviewed by Aditya Keerthi.

This is a speculative fix for a `nullptr` (or `CheckedPtr`) crash, due to the 
fact that `renderer`
is a `CheckedPtr` below:

```
    CheckedPtr renderer = element.renderer();

    …

    return {
        .elementIdentifier = element.identifier(),
        .documentIdentifier = element.document().identifier(),
        .offsetEdges = computeOffsetEdges(renderer->style()),               // 
<--- A
        .renderedText = WTFMove(renderedText),
        .searchableText = searchableTextForTarget(element),                 // 
<--- B
        .screenReaderText = WTFMove(screenReaderText),
        .selectors = selectorsForTarget(element, cache),
        .boundsInRootView = element.boundingBoxInRootViewCoordinates(),
        .boundsInClientCoordinates = computeClientRect(*renderer),          // 
<--- C

        …
    };
```

Because we may update layout in (B) (and rebuild parts of the render tree in 
the process), it's
possible for the renderer to become null by the time we get to line (C). To 
address this, we make
the `renderer` a `WeakPtr` and limit its lifetime to only code that accesses 
information from
`RenderStyle` and geometry information, without updating layout.

No new test case, since it only seemed to reproduce once.

* Source/WebCore/page/ElementTargetingController.cpp:
(WebCore::targetedElementInfo):
(WebCore::ElementTargetingController::extractTargets):

Canonical link: https://commits.webkit.org/281613@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to