Context Navigation

← Previous Changeset
Next Changeset →

Changeset 207564 in webkit

Timestamp:

Oct 19, 2016 1:33:23 PM (8 years ago)

Author:

n_wang@apple.com

Message:

AX: crash: com.apple.WebCore: WebCore::AccessibilityObject::findMatchingObjects + 600
https://bugs.webkit.org/show_bug.cgi?id=163682

Reviewed by Chris Fleizach.

Source/WebCore:

There's a null pointer crash when we ask for startObject->parentObjectUnignored() in
AccessibilityObject::findMatchingObject. Added a null check for the startObject to fix that.

Test: accessibility/mac/search-predicate-crash.html

accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::findMatchingObjects):

LayoutTests:

accessibility/mac/search-predicate-crash-expected.txt: Added.
accessibility/mac/search-predicate-crash.html: Added.

Location:

trunk

Files:

: 2 added
: 3 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/accessibility/mac/search-predicate-crash-expected.txt (added)
LayoutTests/accessibility/mac/search-predicate-crash.html (added)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/accessibility/AccessibilityObject.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r207557
+                      r207564
+-10-19  Nan Wang  <n_wang@apple.com>
+        AX: crash: com.apple.WebCore: WebCore::AccessibilityObject::findMatchingObjects + 600
+        https://bugs.webkit.org/show_bug.cgi?id=163682
+        Reviewed by Chris Fleizach.
+        * accessibility/mac/search-predicate-crash-expected.txt: Added.
+        * accessibility/mac/search-predicate-crash.html: Added.
 -10-19  Myles C. Maxfield  <mmaxfield@apple.com>

trunk/Source/WebCore/ChangeLog

-                      r207560
+                      r207564
+-10-19  Nan Wang  <n_wang@apple.com>
+        AX: crash: com.apple.WebCore: WebCore::AccessibilityObject::findMatchingObjects + 600
+        https://bugs.webkit.org/show_bug.cgi?id=163682
+        Reviewed by Chris Fleizach.
+        There's a null pointer crash when we ask for startObject->parentObjectUnignored() in
+        AccessibilityObject::findMatchingObject. Added a null check for the startObject to fix that.
+        Test: accessibility/mac/search-predicate-crash.html
+        * accessibility/AccessibilityObject.cpp:
+        (WebCore::AccessibilityObject::findMatchingObjects):
 -10-19  David Kilzer  <ddkilzer@apple.com>

trunk/Source/WebCore/accessibility/AccessibilityObject.cpp

r207429	r207564
604	604
605	605	// The outer loop steps up the parent chain each time (unignored is important here because otherwise elements would be searched twice)
606		for (AccessibilityObject* stopSearchElement = parentObjectUnignored(); startObject != stopSearchElement; startObject = startObject->parentObjectUnignored()) {
	606	for (AccessibilityObject* stopSearchElement = parentObjectUnignored(); startObject && startObject != stopSearchElement; startObject = startObject->parentObjectUnignored()) {
607	607
608	608	// Only append the children after/before the previous element, so that the search does not check elements that are

Note: See TracChangeset for help on using the changeset viewer.