Changeset 140166 in webkit


Ignore:
Timestamp:
Jan 18, 2013 9:48:24 AM (11 years ago)
Author:
dmazzoni@google.com
Message:

REGRESSION (r132699): Crashes in WebCore::TextIterator::handleTextNodeFirstLetter
https://bugs.webkit.org/show_bug.cgi?id=100688

Reviewed by Martin Robinson.

Prevent crashes when accessibilityObjectIsIgnored calls textUnderElement
while a subtree is being destroyed.

Covered by existing tests.

  • accessibility/atk/AccessibilityObjectAtk.cpp:

(WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r140164 r140166  
     12013-01-18  Dominic Mazzoni  <dmazzoni@google.com>
     2
     3        REGRESSION (r132699): Crashes in WebCore::TextIterator::handleTextNodeFirstLetter
     4        https://bugs.webkit.org/show_bug.cgi?id=100688
     5
     6        Reviewed by Martin Robinson.
     7
     8        Prevent crashes when accessibilityObjectIsIgnored calls textUnderElement
     9        while a subtree is being destroyed.
     10
     11        Covered by existing tests.
     12
     13        * accessibility/atk/AccessibilityObjectAtk.cpp:
     14        (WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):
     15
    1162013-01-18  Joe Mason  <jmason@rim.com>
    217
  • trunk/Source/WebCore/accessibility/atk/AccessibilityObjectAtk.cpp

    r134939 r140166  
    8585    // get included or ignored, needed accessibility signals do not get emitted.
    8686    if (role == ParagraphRole || role == DivRole) {
    87         if (textUnderElement().isEmpty())
     87        // Don't call textUnderElement() here, because it's slow and it can
     88        // crash when called while we're in the middle of a subtree being deleted.
     89        if (!renderer()->firstChild())
    8890            return DefaultBehavior;
    8991
Note: See TracChangeset for help on using the changeset viewer.