[webkit-changes] [WebKit/WebKit] d15c4b: [Remote Inspection] Refactor ElementTargetingContr...

Wenson Hsieh noreply at github.com
Tue Jul 30 16:19:05 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: d15c4b4addcad589c6dda36bc3bde03a78da1e10
      https://github.com/WebKit/WebKit/commit/d15c4b4addcad589c6dda36bc3bde03a78da1e10
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-07-30 (Tue, 30 Jul 2024)

  Changed paths:
    M Source/WebCore/page/ElementTargetingController.cpp

  Log Message:
  -----------
  [Remote Inspection] Refactor ElementTargetingController to avoid a rare nullptr crash
https://bugs.webkit.org/show_bug.cgi?id=277371
rdar://132831879

Reviewed by Aditya Keerthi.

This is a speculative fix for a `nullptr` (or `CheckedPtr`) crash, due to the fact that `renderer`
is a `CheckedPtr` below:

```
    CheckedPtr renderer = element.renderer();

    …

    return {
        .elementIdentifier = element.identifier(),
        .documentIdentifier = element.document().identifier(),
        .offsetEdges = computeOffsetEdges(renderer->style()),               // <--- A
        .renderedText = WTFMove(renderedText),
        .searchableText = searchableTextForTarget(element),                 // <--- B
        .screenReaderText = WTFMove(screenReaderText),
        .selectors = selectorsForTarget(element, cache),
        .boundsInRootView = element.boundingBoxInRootViewCoordinates(),
        .boundsInClientCoordinates = computeClientRect(*renderer),          // <--- C

        …
    };
```

Because we may update layout in (B) (and rebuild parts of the render tree in the process), it's
possible for the renderer to become null by the time we get to line (C). To address this, we make
the `renderer` a `WeakPtr` and limit its lifetime to only code that accesses information from
`RenderStyle` and geometry information, without updating layout.

No new test case, since it only seemed to reproduce once.

* Source/WebCore/page/ElementTargetingController.cpp:
(WebCore::targetedElementInfo):
(WebCore::ElementTargetingController::extractTargets):

Canonical link: https://commits.webkit.org/281613@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list