[webkit-changes] [WebKit/WebKit] cdd133: AX: Add missing null checks to prevent crashes whe...

Tyler Wilcock noreply at github.com
Sun Dec 4 12:29:57 PST 2022 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: cdd13301fca60f743fe39f3c6beb2eabca0922e8
      https://github.com/WebKit/WebKit/commit/cdd13301fca60f743fe39f3c6beb2eabca0922e8
  Author: Tyler Wilcock <tyler_w at apple.com>
  Date:   2022-12-04 (Sun, 04 Dec 2022)

  Changed paths:
    M Source/WebCore/accessibility/AccessibilityNodeObject.cpp
    M Source/WebCore/accessibility/AccessibilityRenderObject.cpp
    M Source/WebCore/accessibility/AccessibilitySVGElement.cpp

  Log Message:
  -----------
  AX: Add missing null checks to prevent crashes when accessing SVG elements
https://bugs.webkit.org/show_bug.cgi?id=248699
rdar://102843966

Reviewed by Chris Fleizach and Andres Gonzalez.

This patch adds null checks in targeted places as speculative fixes
for crashes.

I suspect these crashes are a regression from:

https://bugs.webkit.org/show_bug.cgi?id=247316 (Fix for LayoutTests/accessibility/svg-remote-element.html in isolated tree mode)

As they started happening shortly after it landed.

I spent a while trying to create a test simulating the conditions in the stacktrace but was not successful.

* Source/WebCore/accessibility/AccessibilityNodeObject.cpp:
(WebCore::AccessibilityNodeObject::isFocused const):
Null-check the result of Document::frame().
* Source/WebCore/accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::elementPath const):
Null-check AXObjectCache before trying to use it. https://bugs.webkit.org/show_bug.cgi?id=247316
made AccessibilitySVGElement start storing `WeakPtr<AXObjectCache> m_axObjectCache`, so we probably
need to be more diligent with null-checking the cache before using it. The code path gaining the null-check
is specific to SVG elements.
(WebCore::AccessibilityRenderObject::accessibilityHitTest const):
Null-check the result of the hit-test before using it.
* Source/WebCore/accessibility/AccessibilitySVGElement.cpp:
(WebCore::AccessibilitySVGElement::targetForUseElement const):
Null-check AXObjectCache before using it.
(WebCore::AccessibilitySVGElement::determineAccessibilityRole):
Null-check m_renderer before using it (should address rdar://102843873)

Canonical link: https://commits.webkit.org/257359@main

More information about the webkit-changes mailing list