34309 – MSAA: Crash when posting a notification for a detached object

RESOLVED FIXED 34309

MSAA: Crash when posting a notification for a detached object

https://bugs.webkit.org/show_bug.cgi?id=34309

Summary MSAA: Crash when posting a notification for a detached object

Jon Honeycutt

Reported 2010-01-28 22:41:48 PST

A crash occurs when a notification is posted for an object that has been detached from the document. <rdar://problem/7409759>

Attachments
patch (31.24 KB, patch) 2010-01-29 00:33 PST, Jon Honeycutt	darin: review+ jhoneycutt: commit-queue-	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Jon Honeycutt

Comment 1 2010-01-29 00:33:08 PST

Created attachment 47687 [details] patch

Darin Adler

Comment 2 2010-01-29 09:31:24 PST

Comment on attachment 47687 [details] patch > + * accessibility/AccessibilityRenderObject.cpp: > + (AccessibilityRenderObject::document): > + Null check m_renderer. I presume this is the bug fix. > + * accessibility/win/AXObjectCacheWin.cpp: > + (WebCore::AXObjectCache::postPlatformNotification): > + Map AXValueChanged to EVENT_OBJECT_VALUECHANGED. What does this have to do with the bug report? Is it just something else you noticed when making the test case? I must admit this is one of the largest patches I have ever seen to fix a null-dereference! r=me

Jon Honeycutt

Comment 3 2010-01-29 12:18:05 PST

(In reply to comment #2) > (From update of attachment 47687 [details]) > > + * accessibility/AccessibilityRenderObject.cpp: > > + (AccessibilityRenderObject::document): > > + Null check m_renderer. > > I presume this is the bug fix. Yes, this is the fix. I'll mention this in the changelog. > > > + * accessibility/win/AXObjectCacheWin.cpp: > > + (WebCore::AXObjectCache::postPlatformNotification): > > + Map AXValueChanged to EVENT_OBJECT_VALUECHANGED. > > What does this have to do with the bug report? Is it just something else you > noticed when making the test case? This is required for us to receive the value change event that lets us know that the test passed without crashing. I'll mention that, too. Thanks for the review!

Jon Honeycutt

Comment 4 2010-01-29 13:56:42 PST

Landed in r54078.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS Windows XP

Product WebKit

Component Accessibility

Assignee

Jon Honeycutt

Reported

2010-01-28 22:41 PST

Modified

2010-01-29 13:56 PST History

CC List

0 users

URL

Keywords InRadar

Depends on

Blocks