Changeset 196287 in webkit


Ignore:
Timestamp:
Feb 8, 2016 7:04:20 PM (8 years ago)
Author:
n_wang@apple.com
Message:

AX: crash at WebCore::Range::selectNodeContents(WebCore::Node*, int&)
https://bugs.webkit.org/show_bug.cgi?id=154018

Reviewed by Chris Fleizach.

Source/WebCore:

Sometimes rangeForUnorderedCharacterOffsets call is accessing derefed node objects
and leading to a crash. Fixed it by checking isNodeInUse before creating the CharacterOffset
object.

Test: accessibility/text-marker/text-marker-range-stale-node-crash.html

  • accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::visiblePositionForTextMarkerData):
(WebCore::AXObjectCache::characterOffsetForTextMarkerData):
(WebCore::AXObjectCache::traverseToOffsetInRange):

  • accessibility/AXObjectCache.h:
  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper rangeForTextMarkerRange:]):
(characterOffsetForTextMarker):
(-[WebAccessibilityObjectWrapper characterOffsetForTextMarker:]):
(textMarkerForVisiblePosition):

LayoutTests:

  • accessibility/text-marker/text-marker-range-stale-node-crash-expected.txt: Added.
  • accessibility/text-marker/text-marker-range-stale-node-crash.html: Added.
Location:
trunk
Files:
2 added
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r196284 r196287  
     12016-02-08  Nan Wang  <n_wang@apple.com>
     2
     3        AX: crash at WebCore::Range::selectNodeContents(WebCore::Node*, int&)
     4        https://bugs.webkit.org/show_bug.cgi?id=154018
     5
     6        Reviewed by Chris Fleizach.
     7
     8        * accessibility/text-marker/text-marker-range-stale-node-crash-expected.txt: Added.
     9        * accessibility/text-marker/text-marker-range-stale-node-crash.html: Added.
     10
    1112016-02-08  Joseph Pecoraro  <pecoraro@apple.com>
    212
  • trunk/Source/WebCore/ChangeLog

    r196286 r196287  
     12016-02-08  Nan Wang  <n_wang@apple.com>
     2
     3        AX: crash at WebCore::Range::selectNodeContents(WebCore::Node*, int&)
     4        https://bugs.webkit.org/show_bug.cgi?id=154018
     5
     6        Reviewed by Chris Fleizach.
     7
     8        Sometimes rangeForUnorderedCharacterOffsets call is accessing derefed node objects
     9        and leading to a crash. Fixed it by checking isNodeInUse before creating the CharacterOffset
     10        object.
     11
     12        Test: accessibility/text-marker/text-marker-range-stale-node-crash.html
     13
     14        * accessibility/AXObjectCache.cpp:
     15        (WebCore::AXObjectCache::visiblePositionForTextMarkerData):
     16        (WebCore::AXObjectCache::characterOffsetForTextMarkerData):
     17        (WebCore::AXObjectCache::traverseToOffsetInRange):
     18        * accessibility/AXObjectCache.h:
     19        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
     20        (-[WebAccessibilityObjectWrapper rangeForTextMarkerRange:]):
     21        (characterOffsetForTextMarker):
     22        (-[WebAccessibilityObjectWrapper characterOffsetForTextMarker:]):
     23        (textMarkerForVisiblePosition):
     24
    1252016-02-08  Andreas Kling  <akling@apple.com>
    226
  • trunk/Source/WebCore/accessibility/AXObjectCache.cpp

    r196167 r196287  
    14241424}
    14251425
     1426CharacterOffset AXObjectCache::characterOffsetForTextMarkerData(TextMarkerData& textMarkerData)
     1427{
     1428    if (!isNodeInUse(textMarkerData.node))
     1429        return CharacterOffset();
     1430   
     1431    if (textMarkerData.ignored)
     1432        return CharacterOffset();
     1433   
     1434    return CharacterOffset(textMarkerData.node, textMarkerData.characterStartIndex, textMarkerData.characterOffset);
     1435}
     1436
    14261437CharacterOffset AXObjectCache::traverseToOffsetInRange(RefPtr<Range>range, int offset, bool toNodeEnd, bool stayWithinRange)
    14271438{
  • trunk/Source/WebCore/accessibility/AXObjectCache.h

    r196216 r196287  
    186186    void textMarkerDataForVisiblePosition(TextMarkerData&, const VisiblePosition&);
    187187    VisiblePosition visiblePositionForTextMarkerData(TextMarkerData&);
     188    CharacterOffset characterOffsetForTextMarkerData(TextMarkerData&);
    188189    void textMarkerDataForCharacterOffset(TextMarkerData&, Node&, int, bool toNodeEnd = false);
    189190    void startOrEndTextMarkerDataForRange(TextMarkerData&, RefPtr<Range>, bool);
  • trunk/Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperMac.mm

    r195463 r196287  
    901901}
    902902
    903 - (CharacterOffset)characterOffsetForTextMarker:(id)textMarker
    904 {
    905     if (!textMarker || isTextMarkerIgnored(textMarker))
     903static CharacterOffset characterOffsetForTextMarker(AXObjectCache* cache, CFTypeRef textMarker)
     904{
     905    if (!cache || !textMarker)
    906906        return CharacterOffset();
    907907   
     
    910910        return CharacterOffset();
    911911   
    912     return CharacterOffset(textMarkerData.node, textMarkerData.characterStartIndex, textMarkerData.characterOffset);
     912    return cache->characterOffsetForTextMarkerData(textMarkerData);
     913}
     914
     915- (CharacterOffset)characterOffsetForTextMarker:(id)textMarker
     916{
     917    return characterOffsetForTextMarker(m_object->axObjectCache(), textMarker);
    913918}
    914919
Note: See TracChangeset for help on using the changeset viewer.