RESOLVED FIXED 248451
AX: AXIsolatedObject::m_childrenIDs is cleared too early when processing AXIsolatedTree::m_pendingSubtreeRemovals 
https://bugs.webkit.org/show_bug.cgi?id=248451
Summary AX: AXIsolatedObject::m_childrenIDs is cleared too early when processing AXIs...
Tyler Wilcock
Reported 2022-11-28 18:09:08 PST
In AXIsolatedTree::applyPendingChanges(), when processing m_pendingSubtreeRemovals, we start by taking the last axID in the Vector and using it to get the associated nodeForID(). Then we call AXCoreObject::detach(AccessibilityDetachmentType::ElementDestroyed), which in turn calls AXIsolatedObject::detachRemoteParts. Currently, the implementation of this function loops over m_childrenIDs and detaches those children from `this`, and then clears m_childrenIDs. Then, we jump back to AXIsolatedTree::applyPendingChanges() and run this line of code: m_pendingSubtreeRemovals.appendVector(object->m_childrenIDs); Which does nothing because we cleared m_childrenIDs as part of detachRemoteParts.
Attachments
Patch (6.93 KB, patch)
2022-11-28 19:09 PST, Tyler Wilcock 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2022-11-28 18:09:34 PST
<rdar://problem/102743478>
Tyler Wilcock
Comment 2 2022-11-28 19:09:14 PST
Created attachment 463777 [details] Patch
EWS
Comment 3 2022-11-30 20:03:26 PST
Committed 257217@main (b095a6aaca26): <https://commits.webkit.org/257217@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 463777 [details].
Note You need to log in before you can comment on or make changes to this bug.