Changeset 215705 in webkit

Timestamp:

Apr 24, 2017 5:05:20 PM (7 years ago)

Author:

n_wang@apple.com

Message:

AX: Crash at WebCore::AXObjectCache::characterOffsetForIndex(int, WebCore::AccessibilityObject const*) + 703
​https://bugs.webkit.org/show_bug.cgi?id=171247

Reviewed by Chris Fleizach.

Source/WebCore:

Crashed because we were passing a nil node into rootAXEditableElement(). Fixed it by
adding a null check.

Test: accessibility/mac/input-string-for-range-crash.html

• accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::characterOffsetForIndex):

LayoutTests:

• accessibility/mac/input-string-for-range-crash-expected.txt: Added.
• accessibility/mac/input-string-for-range-crash.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/accessibility/mac/input-string-for-range-crash-expected.txt (added)
• LayoutTests/accessibility/mac/input-string-for-range-crash.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/accessibility/AXObjectCache.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2017-04-24  Nan Wang  <n_wang@apple.com>
+
+        AX: Crash at WebCore::AXObjectCache::characterOffsetForIndex(int, WebCore::AccessibilityObject const*) + 703
+        https://bugs.webkit.org/show_bug.cgi?id=171247
+
+        Reviewed by Chris Fleizach.
+
+        * accessibility/mac/input-string-for-range-crash-expected.txt: Added.
+        * accessibility/mac/input-string-for-range-crash.html: Added.
+
 2017-04-24  Youenn Fablet  <youenn@apple.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2017-04-24  Nan Wang  <n_wang@apple.com>
+
+        AX: Crash at WebCore::AXObjectCache::characterOffsetForIndex(int, WebCore::AccessibilityObject const*) + 703
+        https://bugs.webkit.org/show_bug.cgi?id=171247
+
+        Reviewed by Chris Fleizach.
+
+        Crashed because we were passing a nil node into rootAXEditableElement(). Fixed it by
+        adding a null check.
+
+        Test: accessibility/mac/input-string-for-range-crash.html
+
+        * accessibility/AXObjectCache.cpp:
+        (WebCore::AXObjectCache::characterOffsetForIndex):
+
 2017-04-24  Youenn Fablet  <youenn@apple.com>
 

trunk/Source/WebCore/accessibility/AXObjectCache.cpp

@@ -2638 +2638 @@
             if ((validate.node->isTextNode() || characterOffsetNodeIsBR(validate))) {
                 CharacterOffset next = nextCharacterOffset(validate, false);
-                if (!next.offset && rootAXEditableElement(next.node) == rootAXEditableElement(validate.node))
+                if (!next.isNull() && !next.offset && rootAXEditableElement(next.node) == rootAXEditableElement(validate.node))
                     result = next;
             }