Changeset 171347 in webkit
- Timestamp:
- Jul 22, 2014 10:50:31 AM (10 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r171344 r171347 1 2014-07-21 Myles C. Maxfield <mmaxfield@apple.com> 2 3 Clicking on links while accessibility is enabled does not render as expected 4 https://bugs.webkit.org/show_bug.cgi?id=135074 5 6 Reviewed by Chris Fleizach. 7 8 Delete a node and its parent, then call allAttributes() on the accessibility representation of 9 the deleted child and make sure there is no crash. 10 11 * accessibility/parent-delete-expected.txt: Added 12 * accessibility/parent-delete.html: Added 13 1 14 2014-07-22 Alexey Proskuryakov <ap@apple.com> 2 15 -
trunk/Source/WebCore/ChangeLog
r171345 r171347 1 2014-07-21 Myles C. Maxfield <mmaxfield@apple.com> 2 3 Clicking on links while accessibility is enabled sometimes crashes 4 https://bugs.webkit.org/show_bug.cgi?id=135074 5 6 Reviewed by Chris Fleizach. 7 8 When an accessibility request comes in from the system, we call updateBackingStore() on the 9 relevant AccessibilityObject, which triggers a relayout of the entire document. This relayout 10 might delete that accessibility node and its parent, which would cause the node to be deleted. 11 After the stack unwinds, we then call a member function on the node without checking for this 12 condition. 13 14 Test: accessibility/parent-delete.html 15 16 * accessibility/AccessibilityObject.cpp: 17 (WebCore::AccessibilityObject::updateBackingStore): Retain the node for the duration of the 18 function. 19 1 20 2014-07-22 Jeremy Jones <jeremyj@apple.com> 2 21 -
trunk/Source/WebCore/accessibility/AccessibilityObject.cpp
r170661 r171347 1430 1430 { 1431 1431 // Updating the layout may delete this object. 1432 RefPtr<AccessibilityObject> protector(this); 1433 1432 1434 if (Document* document = this->document()) { 1433 1435 if (!document->view()->isInLayout())
Note: See TracChangeset
for help on using the changeset viewer.