Changeset 244631 in webkit


Ignore:
Timestamp:
Apr 24, 2019 5:49:08 PM (5 years ago)
Author:
commit-queue@webkit.org
Message:

Flaky crash under WebCore::AXObjectCache::stopCachingComputedObjectAttributes()
https://bugs.webkit.org/show_bug.cgi?id=187391
<rdar://problem/40681396

Check for null value returned by AccessibilityObject::axObjectCache.

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-04-24
Reviewed by Chris Fleizach.

No need for new test since existing tests caught this problem.

  • accessibility/AccessibilityNodeObject.cpp:

(WebCore::AccessibilityNodeObject::firstChild const):
(WebCore::AccessibilityNodeObject::lastChild const):
(WebCore::AccessibilityNodeObject::previousSibling const):
(WebCore::AccessibilityNodeObject::nextSibling const):
(WebCore::AccessibilityNodeObject::addChildren):
(WebCore::AccessibilityNodeObject::anchorElement const):
(WebCore::AccessibilityNodeObject::changeValueByStep):
(WebCore::AccessibilityNodeObject::changeValueByPercent):
(WebCore::AccessibilityNodeObject::textForLabelElement const):
(WebCore::AccessibilityNodeObject::titleElementText const):
(WebCore::AccessibilityNodeObject::alternativeText const):
(WebCore::AccessibilityNodeObject::ariaLabeledByText const):
(WebCore::AccessibilityNodeObject::helpText const):

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r244630 r244631  
     12019-04-24  Andres Gonzalez  <andresg_22@apple.com>
     2
     3        Flaky crash under WebCore::AXObjectCache::stopCachingComputedObjectAttributes()
     4        https://bugs.webkit.org/show_bug.cgi?id=187391
     5        <rdar://problem/40681396
     6
     7        Check for null value returned by AccessibilityObject::axObjectCache.
     8
     9        Reviewed by Chris Fleizach.
     10
     11        No need for new test since existing tests caught this problem.
     12
     13        * accessibility/AccessibilityNodeObject.cpp:
     14        (WebCore::AccessibilityNodeObject::firstChild const):
     15        (WebCore::AccessibilityNodeObject::lastChild const):
     16        (WebCore::AccessibilityNodeObject::previousSibling const):
     17        (WebCore::AccessibilityNodeObject::nextSibling const):
     18        (WebCore::AccessibilityNodeObject::addChildren):
     19        (WebCore::AccessibilityNodeObject::anchorElement const):
     20        (WebCore::AccessibilityNodeObject::changeValueByStep):
     21        (WebCore::AccessibilityNodeObject::changeValueByPercent):
     22        (WebCore::AccessibilityNodeObject::textForLabelElement const):
     23        (WebCore::AccessibilityNodeObject::titleElementText const):
     24        (WebCore::AccessibilityNodeObject::alternativeText const):
     25        (WebCore::AccessibilityNodeObject::ariaLabeledByText const):
     26        (WebCore::AccessibilityNodeObject::helpText const):
     27
    1282019-04-24  Simon Fraser  <simon.fraser@apple.com>
    229

  • trunk/Source/WebCore/accessibility/AccessibilityNodeObject.cpp

    r244582 r244631  
    178178    if (!firstChild)
    179179        return nullptr;
    180    
    181     return axObjectCache()->getOrCreate(firstChild);
     180
     181    auto objectCache = axObjectCache();
     182    return objectCache ? objectCache->getOrCreate(firstChild) : nullptr;
    182183}
    183184
     
    190191    if (!lastChild)
    191192        return nullptr;
    192    
    193     return axObjectCache()->getOrCreate(lastChild);
     193
     194    auto objectCache = axObjectCache();
     195    return objectCache ? objectCache->getOrCreate(lastChild) : nullptr;
    194196}
    195197
     
    203205        return nullptr;
    204206
    205     return axObjectCache()->getOrCreate(previousSibling);
     207    auto objectCache = axObjectCache();
     208    return objectCache ? objectCache->getOrCreate(previousSibling) : nullptr;
    206209}
    207210
     
    215218        return nullptr;
    216219
    217     return axObjectCache()->getOrCreate(nextSibling);
     220    auto objectCache = axObjectCache();
     221    return objectCache ? objectCache->getOrCreate(nextSibling) : nullptr;
    218222}
    219223   
     
    345349    if (renderer() && !m_node->hasTagName(canvasTag))
    346350        return;
    347    
     351
     352    auto objectCache = axObjectCache();
     353    if (!objectCache)
     354        return;
     355
    348356    for (Node* child = m_node->firstChild(); child; child = child->nextSibling())
    349         addChild(axObjectCache()->getOrCreate(child));
     357        addChild(objectCache->getOrCreate(child));
    350358   
    351359    m_subtreeDirty = false;
     
    950958
    951959    AXObjectCache* cache = axObjectCache();
     960    if (!cache)
     961        return nullptr;
    952962
    953963    // search up the DOM tree for an anchor element
     
    10971107    setValue(String::numberToStringFixedPrecision(value));
    10981108
    1099     axObjectCache()->postNotification(node(), AXObjectCache::AXValueChanged);
     1109    auto objectCache = axObjectCache();
     1110    if (objectCache)
     1111        objectCache->postNotification(node(), AXObjectCache::AXValueChanged);
    11001112}
    11011113
     
    11131125    setValue(String::numberToStringFixedPrecision(value));
    11141126
    1115     axObjectCache()->postNotification(node(), AXObjectCache::AXValueChanged);
     1127    auto objectCache = axObjectCache();
     1128    if (objectCache)
     1129        objectCache->postNotification(node(), AXObjectCache::AXValueChanged);
    11161130}
    11171131
     
    12741288    if (!is<HTMLLabelElement>(*element))
    12751289        return result;
    1276    
     1290
     1291    auto objectCache = axObjectCache();
     1292    if (!objectCache)
     1293        return result;
     1294
    12771295    HTMLLabelElement* label = downcast<HTMLLabelElement>(element);
    12781296    // Check to see if there's aria-labelledby attribute on the label element.
    1279     if (AccessibilityObject* labelObject = axObjectCache()->getOrCreate(label))
     1297    if (AccessibilityObject* labelObject = objectCache->getOrCreate(label))
    12801298        result = labelObject->ariaLabeledByAttribute();
    12811299   
     
    12921310        if (HTMLLabelElement* label = labelForElement(downcast<Element>(node))) {
    12931311            String innerText = textForLabelElement(label);
    1294            
     1312
     1313            auto objectCache = axObjectCache();
    12951314            // Only use the <label> text if there's no ARIA override.
    1296             if (!innerText.isEmpty() && !ariaAccessibilityDescription())
    1297                 textOrder.append(AccessibilityText(innerText, isMeter() ? AccessibilityTextSource::Alternative : AccessibilityTextSource::LabelByElement, axObjectCache()->getOrCreate(label)));
     1315            if (objectCache && !innerText.isEmpty() && !ariaAccessibilityDescription())
     1316                textOrder.append(AccessibilityText(innerText, isMeter() ? AccessibilityTextSource::Alternative : AccessibilityTextSource::LabelByElement, objectCache->getOrCreate(label)));
    12981317            return;
    12991318        }
     
    13411360        return;
    13421361   
     1362    auto objectCache = axObjectCache();
    13431363    // The fieldset element derives its alternative text from the first associated legend element if one is available.
    1344     if (is<HTMLFieldSetElement>(*node)) {
    1345         AccessibilityObject* object = axObjectCache()->getOrCreate(downcast<HTMLFieldSetElement>(*node).legend());
     1364    if (objectCache && is<HTMLFieldSetElement>(*node)) {
     1365        AccessibilityObject* object = objectCache->getOrCreate(downcast<HTMLFieldSetElement>(*node).legend());
    13461366        if (object && !object->isHidden())
    13471367            textOrder.append(AccessibilityText(accessibleNameForNode(object->node()), AccessibilityTextSource::Alternative));
     
    14871507    String ariaLabeledBy = ariaLabeledByAttribute();
    14881508    if (!ariaLabeledBy.isEmpty()) {
     1509        auto objectCache = axObjectCache();
     1510        if (!objectCache)
     1511            return;
     1512
    14891513        Vector<Element*> elements;
    14901514        ariaLabeledByElements(elements);
    1491        
     1515
    14921516        Vector<RefPtr<AccessibilityObject>> axElements;
    14931517        for (const auto& element : elements)
    1494             axElements.append(axObjectCache()->getOrCreate(element));
     1518            axElements.append(objectCache->getOrCreate(element));
    14951519       
    14961520        textOrder.append(AccessibilityText(ariaLabeledBy, AccessibilityTextSource::Alternative, WTFMove(axElements)));
     
    16171641                return title;
    16181642        }
    1619        
    1620         // Only take help text from an ancestor element if its a group or an unknown role. If help was
     1643
     1644        auto objectCache = axObjectCache();
     1645        if (!objectCache)
     1646            return String();
     1647
     1648        // Only take help text from an ancestor element if its a group or an unknown role. If help was
    16211649        // added to those kinds of elements, it is likely it was meant for a child element.
    1622         if (AccessibilityObject* axObj = axObjectCache()->getOrCreate(ancestor)) {
     1650        if (AccessibilityObject* axObj = objectCache->getOrCreate(ancestor)) {
    16231651            if (!axObj->isGroup() && axObj->roleValue() != AccessibilityRole::Unknown)
    16241652                break;
Note: See TracChangeset for help on using the changeset viewer.