Skip to site navigation (Press enter)

[webkit-changes] [140166] trunk/Source/WebCore

dmazzoni Fri, 18 Jan 2013 09:46:41 -0800

Title: [140166] trunk/Source/WebCore

Revision: 140166
Author: [email protected]
Date: 2013-01-18 09:48:24 -0800 (Fri, 18 Jan 2013)

Log Message

REGRESSION (r132699): Crashes in WebCore::TextIterator::handleTextNodeFirstLetter
https://bugs.webkit.org/show_bug.cgi?id=100688


Reviewed by Martin Robinson.

Prevent crashes when accessibilityObjectIsIgnored calls textUnderElement
while a subtree is being destroyed.

Covered by existing tests.

* accessibility/atk/AccessibilityObjectAtk.cpp:
(WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/accessibility/atk/AccessibilityObjectAtk.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (140165 => 140166)


--- trunk/Source/WebCore/ChangeLog	2013-01-18 17:38:35 UTC (rev 140165)
+++ trunk/Source/WebCore/ChangeLog	2013-01-18 17:48:24 UTC (rev 140166)
@@ -1,3 +1,18 @@
+2013-01-18  Dominic Mazzoni  <[email protected]>
+
+        REGRESSION (r132699): Crashes in WebCore::TextIterator::handleTextNodeFirstLetter
+        https://bugs.webkit.org/show_bug.cgi?id=100688
+
+        Reviewed by Martin Robinson.
+
+        Prevent crashes when accessibilityObjectIsIgnored calls textUnderElement
+        while a subtree is being destroyed.
+
+        Covered by existing tests.
+
+        * accessibility/atk/AccessibilityObjectAtk.cpp:
+        (WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):
+
 2013-01-18  Joe Mason  <[email protected]>
 
         [BlackBerry] Only clear credentials when purgeCredentials is called

Modified: trunk/Source/WebCore/accessibility/atk/AccessibilityObjectAtk.cpp (140165 => 140166)


--- trunk/Source/WebCore/accessibility/atk/AccessibilityObjectAtk.cpp	2013-01-18 17:38:35 UTC (rev 140165)
+++ trunk/Source/WebCore/accessibility/atk/AccessibilityObjectAtk.cpp	2013-01-18 17:48:24 UTC (rev 140166)
@@ -84,7 +84,9 @@
     // usually have no need for the anonymous block. And when the wrong objects
     // get included or ignored, needed accessibility signals do not get emitted.
     if (role == ParagraphRole || role == DivRole) {
-        if (textUnderElement().isEmpty())
+        // Don't call textUnderElement() here, because it's slow and it can
+        // crash when called while we're in the middle of a subtree being deleted.
+        if (!renderer()->firstChild())
             return DefaultBehavior;
 
         if (!parent->renderer() || parent->renderer()->isAnonymousBlock())

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes