[Webkit-unassigned] [Bug 143188] AX: WebKitWebProcess crashes in a11y code for some websites
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 15 14:25:04 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=143188
Ahmad Saleem <ahmad.saleem792 at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ahmad.saleem792 at gmail.com
--- Comment #2 from Ahmad Saleem <ahmad.saleem792 at gmail.com> ---
It is something which was detected by fuzzer in Chrome / Blink and fixed in this commit:
Link - https://src.chromium.org/viewvc/blink?view=revision&revision=194543
https://github.com/WebKit/WebKit/blob/d5220e254917f82a86e5d6235224f82a03d25acb/Source/WebCore/accessibility/AccessibilityMenuList.cpp#L45
Adding
if(!renderer)
return false;
https://github.com/WebKit/WebKit/blob/d5220e254917f82a86e5d6235224f82a03d25acb/Source/WebCore/accessibility/AccessibilityMenuList.cpp#L89
Adding
if (!renderer)
return true;
It fixed crashes in - AccessibilityMenuList::isCollapsed
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221115/3563a6ae/attachment.htm>
More information about the webkit-unassigned
mailing list