[webkit-changes] [WebKit/WebKit] 97bf2a: AccessibilityNodeObject::determineAccessibilityRol...

Wed Dec 20 13:11:40 PST 2023

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 97bf2aa7a8d6fc55b58fa5965a047f4de84c6c54
      https://github.com/WebKit/WebKit/commit/97bf2aa7a8d6fc55b58fa5965a047f4de84c6c54
  Author: Tyler Wilcock <tyler_w at apple.com>
  Date:   2023-12-20 (Wed, 20 Dec 2023)

  Changed paths:
    M Source/WebCore/accessibility/AccessibilityNodeObject.cpp

  Log Message:
  -----------
  AccessibilityNodeObject::determineAccessibilityRoleFromNode needs to null-check node before using it
rdar://117640053

Reviewed by Chris Fleizach and Ryosuke Niwa.

It's possible for AccessibilityNodeObject::m_node (which is a WeakPtr)
to get destroyed in the middle of determineAccessibilityRoleFromNode,
meaning subsequent node()->foo accesses will cause a nullptr deref.

Use a RefPtr to keep the node alive until the end of this function, so
that after we null-check it once we know it's valid until we exit.

* Source/WebCore/accessibility/AccessibilityNodeObject.cpp:
(WebCore::AccessibilityNodeObject::determineAccessibilityRoleFromNode const):

Originally-landed-as: 267815.479 at safari-7617-branch (bb2e66a677f1). rdar://119595138
Canonical link: https://commits.webkit.org/272375@main