Bug 235950

Summary: Check AccessibilityRenderObject::m_renderer for null before using it.
Product: WebKit Reporter: Andres Gonzalez <andresg_22>
Component: AccessibilityAssignee: Andres Gonzalez <andresg_22>
Status: RESOLVED FIXED    
Severity: Normal CC: aboxhall, andresg_22, apinheiro, cfleizach, dmazzoni, ews-watchlist, jcraig, jdiggs, samuel_white, tyler_w, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch none

Andres Gonzalez
Reported 2022-02-01 07:13:10 PST
Check AccessibilityRenderObject::m_renderer for null before using it.
Attachments
Patch (5.96 KB, patch)
2022-02-01 07:24 PST, Andres Gonzalez 		no flags
DetailsFormatted DiffDiff
Patch (5.61 KB, patch)
2022-02-01 09:22 PST, Andres Gonzalez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2022-02-01 07:13:21 PST
<rdar://problem/88326438>
Andres Gonzalez
Comment 2 2022-02-01 07:24:05 PST
Created attachment 450524 [details] Patch
Tyler Wilcock
Comment 3 2022-02-01 07:48:19 PST
Comment on attachment 450524 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=450524&action=review > Source/WebCore/accessibility/AccessibilityRenderObject.cpp:-1269 > - AXTRACE("AccessibilityRenderObject::computeAccessibilityIsIgnored"); Did you intend to include this change in this patch?
Andres Gonzalez
Comment 4 2022-02-01 09:22:07 PST
Created attachment 450540 [details] Patch
Andres Gonzalez
Comment 5 2022-02-01 09:23:43 PST
(In reply to Tyler Wilcock from comment #3) > Comment on attachment 450524 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=450524&action=review > > > Source/WebCore/accessibility/AccessibilityRenderObject.cpp:-1269 > > - AXTRACE("AccessibilityRenderObject::computeAccessibilityIsIgnored"); > > Did you intend to include this change in this patch? It was intentional, but I shouldn't since it is not related to the actual change :-). So I removed it from the patch.
chris fleizach
Comment 6 2022-02-01 10:09:13 PST
Comment on attachment 450540 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=450540&action=review > Source/WebCore/accessibility/AccessibilityRenderObject.cpp:496 > + if (m_renderer && isWebArea()) can we put this m_renderer check in isWebArea()?
Andres Gonzalez
Comment 7 2022-02-01 11:07:37 PST
(In reply to chris fleizach from comment #6) > Comment on attachment 450540 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=450540&action=review > > > Source/WebCore/accessibility/AccessibilityRenderObject.cpp:496 > > + if (m_renderer && isWebArea()) > > can we put this m_renderer check in isWebArea()? the WebArea AX object is not an AccessibilityRenderObject, as far as I can tell. We create the WebArea object in: AccessibilityObject* AccessibilityScrollView::webAreaObject() const { ... Document* document = downcast<FrameView>(*m_scrollView).frame().document(); ... return cache->getOrCreate(document); ... } and this results in instantiating an AXNodeObject not an AxRenderObject, so it would have no m_renderer.
EWS
Comment 8 2022-02-01 18:48:51 PST
Committed r288937 (246667@main): <https://commits.webkit.org/246667@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 450540 [details].
Note You need to log in before you can comment on or make changes to this bug.