A crash occurs when a notification is posted for an object that has been detached from the document. <rdar://problem/7409759>
Created attachment 47687 [details] patch
Comment on attachment 47687 [details] patch > + * accessibility/AccessibilityRenderObject.cpp: > + (AccessibilityRenderObject::document): > + Null check m_renderer. I presume this is the bug fix. > + * accessibility/win/AXObjectCacheWin.cpp: > + (WebCore::AXObjectCache::postPlatformNotification): > + Map AXValueChanged to EVENT_OBJECT_VALUECHANGED. What does this have to do with the bug report? Is it just something else you noticed when making the test case? I must admit this is one of the largest patches I have ever seen to fix a null-dereference! r=me
(In reply to comment #2) > (From update of attachment 47687 [details]) > > + * accessibility/AccessibilityRenderObject.cpp: > > + (AccessibilityRenderObject::document): > > + Null check m_renderer. > > I presume this is the bug fix. Yes, this is the fix. I'll mention this in the changelog. > > > + * accessibility/win/AXObjectCacheWin.cpp: > > + (WebCore::AXObjectCache::postPlatformNotification): > > + Map AXValueChanged to EVENT_OBJECT_VALUECHANGED. > > What does this have to do with the bug report? Is it just something else you > noticed when making the test case? This is required for us to receive the value change event that lets us know that the test passed without crashing. I'll mention that, too. Thanks for the review!
Landed in r54078.