RESOLVED WONTFIX45514
AX: Add methods used to prevent a Chromium renderer crash 
https://bugs.webkit.org/show_bug.cgi?id=45514
Summary AX: Add methods used to prevent a Chromium renderer crash
Chris Guillory
Reported 2010-09-09 19:56:46 PDT
Currently the Chromium renderer crashes in WebCore accessibility code when retrieving properties from a AccessibilityRenderObject that has a null m_renderer (which is invalid). http://code.google.com/p/chromium/issues/detail?id=54973 http://code.google.com/p/chromium/issues/detail?id=47126 http://code.google.com/p/chromium/issues/detail?id=52538 The issues that lead to a null m_renderer should be tackled. However, instead of crashing on release builds let's the ignore the invalid objects and leave them out of Chromium's accessibility tree. The change adds the methods needed to prevent crashes.
Attachments
Add methods to WebAccessibilityObject in Chromium port (2.29 KB, patch)
2010-09-09 19:58 PDT, Chris Guillory 		dglazkov: review+
dglazkov: commit-queue-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Guillory
Comment 1 2010-09-09 19:58:26 PDT
Created attachment 67143 [details] Add methods to WebAccessibilityObject in Chromium port
Dimitri Glazkov (Google)
Comment 2 2010-09-09 20:24:02 PDT
Comment on attachment 67143 [details] Add methods to WebAccessibilityObject in Chromium port View in context: https://bugs.webkit.org/attachment.cgi?id=67143&action=prettypatch I feel like we're doing some bad, bad things here. Why are we checking for validity of the renderer? Shouldn't the AX tree take care of this? > WebKit/chromium/src/WebAccessibilityObject.cpp:342 > + return 0; return false; > WebKit/chromium/src/WebAccessibilityObject.cpp:351 > + return 0; return false;
Chris Guillory
Comment 3 2010-09-09 20:47:03 PDT
The webcore AX tree does try to take care of this but we still end up in this state somehow and each time it happens the Chromium renderer crashes as we build up the entire accessibility tree. Some previous issues in this area have been identified/fixed. https://bugs.webkit.org/show_bug.cgi?id=44352 https://bugs.webkit.org/show_bug.cgi?id=42309 https://bugs.webkit.org/show_bug.cgi?id=44149 The new crashes in versions of Chromium that support keeping the tree up-to-date are more difficult to identify. This is one alternative to crashing.
chris fleizach
Comment 4 2010-09-09 21:12:13 PDT
Comment on attachment 67143 [details] Add methods to WebAccessibilityObject in Chromium port how are you going to use isRendererValid() will you also account for non render objects?
Chris Guillory
Comment 5 2010-09-09 21:25:24 PDT
Yes, I'd ignore AccessibilityObject instance that are an AccessibilityRenderObject without a valid renderer. http://codereview.chromium.org/3356016/show
Chris Guillory
Comment 6 2010-09-11 06:48:46 PDT
Let's not go here right now.
Note You need to log in before you can comment on or make changes to this bug.