Check AccessibilityRenderObject::m_renderer for null before using it.
<rdar://problem/88326438>
Created attachment 450524 [details] Patch
Comment on attachment 450524 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=450524&action=review > Source/WebCore/accessibility/AccessibilityRenderObject.cpp:-1269 > - AXTRACE("AccessibilityRenderObject::computeAccessibilityIsIgnored"); Did you intend to include this change in this patch?
Created attachment 450540 [details] Patch
(In reply to Tyler Wilcock from comment #3) > Comment on attachment 450524 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=450524&action=review > > > Source/WebCore/accessibility/AccessibilityRenderObject.cpp:-1269 > > - AXTRACE("AccessibilityRenderObject::computeAccessibilityIsIgnored"); > > Did you intend to include this change in this patch? It was intentional, but I shouldn't since it is not related to the actual change :-). So I removed it from the patch.
Comment on attachment 450540 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=450540&action=review > Source/WebCore/accessibility/AccessibilityRenderObject.cpp:496 > + if (m_renderer && isWebArea()) can we put this m_renderer check in isWebArea()?
(In reply to chris fleizach from comment #6) > Comment on attachment 450540 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=450540&action=review > > > Source/WebCore/accessibility/AccessibilityRenderObject.cpp:496 > > + if (m_renderer && isWebArea()) > > can we put this m_renderer check in isWebArea()? the WebArea AX object is not an AccessibilityRenderObject, as far as I can tell. We create the WebArea object in: AccessibilityObject* AccessibilityScrollView::webAreaObject() const { ... Document* document = downcast<FrameView>(*m_scrollView).frame().document(); ... return cache->getOrCreate(document); ... } and this results in instantiating an AXNodeObject not an AxRenderObject, so it would have no m_renderer.
Committed r288937 (246667@main): <https://commits.webkit.org/246667@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 450540 [details].