[Webkit-unassigned] [Bug 143188] AX: WebKitWebProcess crashes in a11y code for some websites
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 16 13:59:28 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=143188
Tyler Wilcock <tyler_w at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tyler_w at apple.com
--- Comment #4 from Tyler Wilcock <tyler_w at apple.com> ---
(In reply to Ahmad Saleem from comment #2)
> It is something which was detected by fuzzer in Chrome / Blink and fixed in
> this commit:
>
> Link - https://src.chromium.org/viewvc/blink?view=revision&revision=194543
>
> https://github.com/WebKit/WebKit/blob/
> d5220e254917f82a86e5d6235224f82a03d25acb/Source/WebCore/accessibility/
> AccessibilityMenuList.cpp#L45
>
> Adding
>
> if(!renderer)
> return false;
>
> https://github.com/WebKit/WebKit/blob/
> d5220e254917f82a86e5d6235224f82a03d25acb/Source/WebCore/accessibility/
> AccessibilityMenuList.cpp#L89
>
> Adding
>
> if (!renderer)
> return true;
>
> It fixed crashes in - AccessibilityMenuList::isCollapsed
Both of your suggested changes sound good to me. Would you be interested in submitting a patch for them?
Also, were you able to reproduce this crash? Your comment implies so, but want to confirm.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221116/3e2e7cc4/attachment.htm>
More information about the webkit-unassigned
mailing list