RESOLVED FIXED208867
Crash in RenderMenuList::didUpdateActiveOption. 
https://bugs.webkit.org/show_bug.cgi?id=208867
Summary Crash in RenderMenuList::didUpdateActiveOption.
Andres Gonzalez
Reported 2020-03-10 09:45:18 PDT
Crash in RenderMenuList::didUpdateActiveOption.
Attachments
Patch (1.65 KB, patch)
2020-03-10 09:54 PDT, Andres Gonzalez 		no flags
DetailsFormatted DiffDiff
Patch (7.01 KB, patch)
2020-04-02 14:46 PDT, Andres Gonzalez 		no flags
DetailsFormatted DiffDiff
Patch (7.06 KB, patch)
2020-04-02 16:27 PDT, Andres Gonzalez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Andres Gonzalez
Comment 1 2020-03-10 09:54:49 PDT
Created attachment 393162 [details] Patch
Andres Gonzalez
Comment 2 2020-03-10 09:58:30 PDT
<rdar://problem/60035390>
chris fleizach
Comment 3 2020-03-10 09:59:36 PDT
Comment on attachment 393162 [details] Patch Can we add a test?
Sam Weinig
Comment 4 2020-03-10 11:05:03 PDT
Comment on attachment 393162 [details] Patch Needs a test.
Darin Adler
Comment 5 2020-03-16 13:21:05 PDT
Comment on attachment 393162 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=393162&action=review > Source/WebCore/rendering/RenderMenuList.cpp:428 > - if (auto* menuList = downcast<AccessibilityMenuList>(axCache->get(this))) > - menuList->didUpdateActiveOption(optionIndex); > + if (auto* axObject = axCache->get(this)) { > + if (!is<AccessibilityMenuList>(*axObject)) > + return; > + > + downcast<AccessibilityMenuList>(*axObject).didUpdateActiveOption(optionIndex); > + } More elegant way to write this taking advantage of the null checking built into is<>: auto* axObject = axCache->get(this); if (is<AccessibiltyMenuList>(axObject)) downcast<AccessibilityMenuList>(*axObject).didUpdateActiveOption(optionIndex);
Andres Gonzalez
Comment 6 2020-04-02 14:46:32 PDT
Created attachment 395303 [details] Patch
Andres Gonzalez
Comment 7 2020-04-02 14:48:58 PDT
(In reply to Darin Adler from comment #5) > Comment on attachment 393162 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=393162&action=review > > > Source/WebCore/rendering/RenderMenuList.cpp:428 > > - if (auto* menuList = downcast<AccessibilityMenuList>(axCache->get(this))) > > - menuList->didUpdateActiveOption(optionIndex); > > + if (auto* axObject = axCache->get(this)) { > > + if (!is<AccessibilityMenuList>(*axObject)) > > + return; > > + > > + downcast<AccessibilityMenuList>(*axObject).didUpdateActiveOption(optionIndex); > > + } > > More elegant way to write this taking advantage of the null checking built > into is<>: > > auto* axObject = axCache->get(this); > if (is<AccessibiltyMenuList>(axObject)) > > downcast<AccessibilityMenuList>(*axObject). > didUpdateActiveOption(optionIndex); Done. Thanks!
Andres Gonzalez
Comment 8 2020-04-02 16:27:26 PDT
Created attachment 395319 [details] Patch
EWS
Comment 9 2020-04-02 18:51:22 PDT
Committed r259438: <https://trac.webkit.org/changeset/259438> All reviewed patches have been landed. Closing bug and clearing flags on attachment 395319 [details].
Note You need to log in before you can comment on or make changes to this bug.