[Webkit-unassigned] [Bug 248451] New: AX: AXIsolatedObject::m_childrenIDs is cleared too early when processing AXIsolatedTree::m_pendingSubtreeRemovals

Mon Nov 28 18:09:08 PST 2022

https://bugs.webkit.org/show_bug.cgi?id=248451

            Bug ID: 248451
           Summary: AX: AXIsolatedObject::m_childrenIDs is cleared too
                    early when processing
                    AXIsolatedTree::m_pendingSubtreeRemovals
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Accessibility
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: tyler_w at apple.com
                CC: andresg_22 at apple.com,
                    webkit-bug-importer at group.apple.com

In AXIsolatedTree::applyPendingChanges(), when processing m_pendingSubtreeRemovals, we start by taking the last axID in the Vector and using it to get the associated nodeForID(). Then we call AXCoreObject::detach(AccessibilityDetachmentType::ElementDestroyed), which in turn calls AXIsolatedObject::detachRemoteParts. Currently, the implementation of this function loops over m_childrenIDs and detaches those children from `this`, and then clears m_childrenIDs.

Then, we jump back to AXIsolatedTree::applyPendingChanges() and run this line of code:

m_pendingSubtreeRemovals.appendVector(object->m_childrenIDs);

Which does nothing because we cleared m_childrenIDs as part of detachRemoteParts.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221129/b420d688/attachment.htm>