[webkit-changes] [WebKit/WebKit] c0e4e4: AX: AXTextMarker::boundaryPoint() can nullptr cras...
Tyler Wilcock
noreply at github.com
Tue Jun 20 00:25:56 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: c0e4e457ee2555e9c6ff495a45c6ca6b399a0f02
https://github.com/WebKit/WebKit/commit/c0e4e457ee2555e9c6ff495a45c6ca6b399a0f02
Author: Tyler Wilcock <tyler_w at apple.com>
Date: 2023-06-20 (Tue, 20 Jun 2023)
Changed paths:
M Source/WebCore/accessibility/AXTextMarker.cpp
Log Message:
-----------
AX: AXTextMarker::boundaryPoint() can nullptr crash after WeakPtr<Node> is destroyed
https://bugs.webkit.org/show_bug.cgi?id=258291
rdar://110921085
Reviewed by Chris Fleizach.
After creating a `WeakPtr` to a `Node`, `AXTextMarker::boundaryPoint()` calls `AccessibilityObject::replacedNodeNeedsCharacter`
with that node, which in turn calls `accessibilityIsIgnored`, which can cause side effects that destroy the original `WeakPtr` `Node`.
We need to re-check that the `Node` didn't become nullptr (get destroyed) after calling `AccessibilityObject::replacedNodeNeedsCharacter`.
* Source/WebCore/accessibility/AXTextMarker.cpp:
(WebCore::AXTextMarker::boundaryPoint const):
Canonical link: https://commits.webkit.org/265315@main
More information about the webkit-changes
mailing list