Bug 235950

Summary: Check AccessibilityRenderObject::m_renderer for null before using it.
Product: WebKit Reporter: Andres Gonzalez <andresg_22>
Component: AccessibilityAssignee: Andres Gonzalez <andresg_22>
Status: RESOLVED FIXED    
Severity: Normal CC: aboxhall, andresg_22, apinheiro, cfleizach, dmazzoni, ews-watchlist, jcraig, jdiggs, samuel_white, tyler_w, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch none

Description Andres Gonzalez 2022-02-01 07:13:10 PST 
Check AccessibilityRenderObject::m_renderer for null before using it.
Comment 1 Radar WebKit Bug Importer 2022-02-01 07:13:21 PST 
<rdar://problem/88326438>
Comment 2 Andres Gonzalez 2022-02-01 07:24:05 PST 
Created attachment 450524 [details]
Patch
Comment 3 Tyler Wilcock 2022-02-01 07:48:19 PST 
Comment on attachment 450524 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=450524&action=review

> Source/WebCore/accessibility/AccessibilityRenderObject.cpp:-1269
> -    AXTRACE("AccessibilityRenderObject::computeAccessibilityIsIgnored");

Did you intend to include this change in this patch?
Comment 4 Andres Gonzalez 2022-02-01 09:22:07 PST 
Created attachment 450540 [details]
Patch
Comment 5 Andres Gonzalez 2022-02-01 09:23:43 PST 
(In reply to Tyler Wilcock from comment #3)
> Comment on attachment 450524 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=450524&action=review
> 
> > Source/WebCore/accessibility/AccessibilityRenderObject.cpp:-1269
> > -    AXTRACE("AccessibilityRenderObject::computeAccessibilityIsIgnored");
> 
> Did you intend to include this change in this patch?

It was intentional, but I shouldn't since it is not related to the actual change :-). So I removed it from the patch.
Comment 6 chris fleizach 2022-02-01 10:09:13 PST 
Comment on attachment 450540 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=450540&action=review

> Source/WebCore/accessibility/AccessibilityRenderObject.cpp:496
> +    if (m_renderer && isWebArea())

can we put this m_renderer check in isWebArea()?
Comment 7 Andres Gonzalez 2022-02-01 11:07:37 PST 
(In reply to chris fleizach from comment #6)
> Comment on attachment 450540 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=450540&action=review
> 
> > Source/WebCore/accessibility/AccessibilityRenderObject.cpp:496
> > +    if (m_renderer && isWebArea())
> 
> can we put this m_renderer check in isWebArea()?

the WebArea AX object is not an AccessibilityRenderObject, as far as I can tell. We create the WebArea object in:

AccessibilityObject* AccessibilityScrollView::webAreaObject() const
{
...
    Document* document = downcast<FrameView>(*m_scrollView).frame().document();
...
        return cache->getOrCreate(document);
...
}
and this results in instantiating an AXNodeObject not an AxRenderObject, so it would have no m_renderer.
Comment 8 EWS 2022-02-01 18:48:51 PST 
Committed r288937 (246667@main): <https://commits.webkit.org/246667@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 450540 [details].