RESOLVED FIXED Bug 82745
AX: Crash at WebCore::renderObjectContainsPosition(WebCore::RenderObject*, WebCore::Position const&) 
https://bugs.webkit.org/show_bug.cgi?id=82745
Summary AX: Crash at WebCore::renderObjectContainsPosition(WebCore::RenderObject*, We...
chris fleizach
Reported 2012-03-30 10:42:32 PDT
It looks like if AXRangeForPoint is given a point that results in a hit-test on a node that does not have a renderer, then we pass in a bad node to renderObjectContainsPosition, which leads to a crash
Attachments
patch (12.79 KB, patch)
2012-03-30 10:55 PDT, chris fleizach 		simon.fraser: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
chris fleizach
Comment 1 2012-03-30 10:42:47 PDT
rdar://11042320
chris fleizach
Comment 2 2012-03-30 10:55:50 PDT
Created attachment 134839 [details] patch
Simon Fraser (smfr)
Comment 3 2012-03-30 11:01:35 PDT
Comment on attachment 134839 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=134839&action=review > Tools/WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm:860 > + if ([value isKindOfClass:[NSValue class]]) { > + return [NSStringFromRange([value rangeValue]) createJSStringRef]; > + } No need for braces here. > Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm:852 > + if ([value isKindOfClass:[NSValue class]]) { > + return [NSStringFromRange([value rangeValue]) createJSStringRef]; > + } No need for braces here.
chris fleizach
Comment 4 2012-03-30 11:07:49 PDT
http://trac.webkit.org/changeset/112694
Note You need to log in before you can comment on or make changes to this bug.