Title: [191565] releases/WebKitGTK/webkit-2.10/Source/WebCore
- Revision
- 191565
- Author
- [email protected]
- Date
- 2015-10-26 00:49:34 -0700 (Mon, 26 Oct 2015)
Log Message
Merge r191357 - AX: CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::AccessibilityTable::tableElement const + 116
https://bugs.webkit.org/show_bug.cgi?id=150349
Reviewed by Brent Fulgham.
The crash point for this bug says that the parentElement of the firstBody is garbage when it's accessed.
Unfortunately, I could not reproduce this in-situ or with a test.
So my speculative solution is to recalculate those body elements to ensure that they're valid before we access.
* accessibility/AccessibilityTable.cpp:
(WebCore::AccessibilityTable::tableElement):
(WebCore::AccessibilityTable::isDataTable):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog (191564 => 191565)
--- releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog 2015-10-26 07:47:27 UTC (rev 191564)
+++ releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog 2015-10-26 07:49:34 UTC (rev 191565)
@@ -1,3 +1,18 @@
+2015-10-20 Chris Fleizach <[email protected]>
+
+ AX: CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::AccessibilityTable::tableElement const + 116
+ https://bugs.webkit.org/show_bug.cgi?id=150349
+
+ Reviewed by Brent Fulgham.
+
+ The crash point for this bug says that the parentElement of the firstBody is garbage when it's accessed.
+ Unfortunately, I could not reproduce this in-situ or with a test.
+ So my speculative solution is to recalculate those body elements to ensure that they're valid before we access.
+
+ * accessibility/AccessibilityTable.cpp:
+ (WebCore::AccessibilityTable::tableElement):
+ (WebCore::AccessibilityTable::isDataTable):
+
2015-10-19 Carlos Garcia Campos <[email protected]>
ASSERTION FAILED: m_state == Initialized in SubresourceLoader::didReceiveResponse()
Modified: releases/WebKitGTK/webkit-2.10/Source/WebCore/accessibility/AccessibilityTable.cpp (191564 => 191565)
--- releases/WebKitGTK/webkit-2.10/Source/WebCore/accessibility/AccessibilityTable.cpp 2015-10-26 07:47:27 UTC (rev 191564)
+++ releases/WebKitGTK/webkit-2.10/Source/WebCore/accessibility/AccessibilityTable.cpp 2015-10-26 07:49:34 UTC (rev 191565)
@@ -101,17 +101,15 @@
if (is<HTMLTableElement>(table.element()))
return downcast<HTMLTableElement>(table.element());
+ table.forceSectionsRecalc();
+
// If the table has a display:table-row-group, then the RenderTable does not have a pointer to it's HTMLTableElement.
// We can instead find it by asking the firstSection for its parent.
RenderTableSection* firstBody = table.firstBody();
if (!firstBody || !firstBody->element())
return nullptr;
- Element* actualTable = firstBody->element()->parentElement();
- if (!is<HTMLTableElement>(actualTable))
- return nullptr;
-
- return downcast<HTMLTableElement>(actualTable);
+ return ancestorsOfType<HTMLTableElement>(*(firstBody->element())).first();
}
bool AccessibilityTable::isDataTable() const
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
