[ATK] Protect entry points in the ATK wrapper against outdated render trees
authormario@webkit.org <mario@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 27 Sep 2013 09:44:20 +0000 (09:44 +0000)
committermario@webkit.org <mario@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 27 Sep 2013 09:44:20 +0000 (09:44 +0000)
commit05b3b31f4bdaba9baa0b673ca68d0a40f8e13a02
tree5ee0df782a73c633c206b9d9488277e2df16c8d4
parenta7aede68d8b3d3f4b31a07f444fc7a1ac81ea9f4
[ATK] Protect entry points in the ATK wrapper against outdated render trees
https://bugs.webkit.org/show_bug.cgi?id=121558

Reviewed by Chris Fleizach.

Source/WebCore:

Make sure that we protect every entry point in the ATK wrapper
against outdated render trees, before using the WebCore's
accessibility API, since that might lead to problems (and crashes)
if the render and accessibility trees are not stable.

Thus, call AccessibilityObject::updateBackingStore() in those
entry points and check whether the ATK wrapper is detached or not
after that, to decide whether to continue or not.

Besides providing a new test to check that it WebKit does not
crash in a given scenario (which actually triggered the
investigation here), solving this situation also fixes other tests
that were previously failing (aria-used-on-image-maps.html) or
that were printing wrong results, not detected until now due to
wrong platform specific expectations (file-upload-button-stringvalue
and deleting-iframe-destroys-axcache).

Test: accessibility/heading-crash-after-hidden.html

* accessibility/atk/WebKitAccessibleUtil.h: Added two new macros
to inject the needed code at the beginning of each entry point to
allow gracefully exit those functions when the render tree is
unstable. Inspired by g_return_if_fail and g_return_val_if_fail, we
called them returnIfWebKitAccessibleIsInvalid and returnValIfWebKitAccessibleIsInvalid.

* accessibility/atk/WebKitAccessibleHyperlink.cpp:
(webkitAccessibleHyperlinkActionDoAction): Protect entry point.
(webkitAccessibleHyperlinkActionGetNActions): Ditto.
(webkitAccessibleHyperlinkActionGetDescription): Ditto.
(webkitAccessibleHyperlinkActionGetKeybinding): Ditto.
(webkitAccessibleHyperlinkActionGetName): Ditto.
(webkitAccessibleHyperlinkGetURI): Ditto.
(webkitAccessibleHyperlinkGetObject): Ditto.
(webkitAccessibleHyperlinkGetStartIndex): Ditto.
(webkitAccessibleHyperlinkGetEndIndex): Ditto.
(webkitAccessibleHyperlinkIsValid): Ditto.
(webkitAccessibleHyperlinkGetNAnchors): Ditto.
(webkitAccessibleHyperlinkIsSelectedLink): Ditto.
* accessibility/atk/WebKitAccessibleInterfaceAction.cpp:
(webkitAccessibleActionDoAction): Ditto.
(webkitAccessibleActionGetNActions): Ditto.
(webkitAccessibleActionGetDescription): Ditto.
(webkitAccessibleActionGetKeybinding): Ditto.
(webkitAccessibleActionGetName): Ditto.
* accessibility/atk/WebKitAccessibleInterfaceComponent.cpp:
(webkitAccessibleComponentRefAccessibleAtPoint): Ditto.
(webkitAccessibleComponentGetExtents): Ditto.
(webkitAccessibleComponentGrabFocus): Ditto.
* accessibility/atk/WebKitAccessibleInterfaceDocument.cpp:
(webkitAccessibleDocumentGetAttributeValue): Ditto.
(webkitAccessibleDocumentGetAttributes): Ditto.
(webkitAccessibleDocumentGetLocale): Ditto.
* accessibility/atk/WebKitAccessibleInterfaceEditableText.cpp:
(webkitAccessibleEditableTextSetRunAttributes): Ditto.
(webkitAccessibleEditableTextSetTextContents): Ditto.
(webkitAccessibleEditableTextInsertText): Ditto.
(webkitAccessibleEditableTextCopyText): Ditto.
(webkitAccessibleEditableTextCutText): Ditto.
(webkitAccessibleEditableTextDeleteText): Ditto.
(webkitAccessibleEditableTextPasteText): Ditto.
* accessibility/atk/WebKitAccessibleInterfaceHypertext.cpp:
(webkitAccessibleHypertextGetLink): Ditto.
(webkitAccessibleHypertextGetNLinks): Ditto.
(webkitAccessibleHypertextGetLinkIndex): Ditto.
* accessibility/atk/WebKitAccessibleInterfaceImage.cpp:
(webkitAccessibleImageGetImagePosition): Ditto.
(webkitAccessibleImageGetImageDescription): Ditto.
(webkitAccessibleImageGetImageSize): Ditto.
* accessibility/atk/WebKitAccessibleInterfaceSelection.cpp:
(webkitAccessibleSelectionAddSelection): Ditto.
(webkitAccessibleSelectionClearSelection): Ditto.
(webkitAccessibleSelectionRefSelection): Ditto.
(webkitAccessibleSelectionGetSelectionCount): Ditto.
(webkitAccessibleSelectionIsChildSelected): Ditto.
(webkitAccessibleSelectionRemoveSelection): Ditto.
(webkitAccessibleSelectionSelectAllSelection): Ditto.
* accessibility/atk/WebKitAccessibleInterfaceTable.cpp:
(webkitAccessibleTableRefAt): Ditto.
(webkitAccessibleTableGetIndexAt): Ditto.
(webkitAccessibleTableGetColumnAtIndex): Ditto.
(webkitAccessibleTableGetRowAtIndex): Ditto.
(webkitAccessibleTableGetNColumns): Ditto.
(webkitAccessibleTableGetNRows): Ditto.
(webkitAccessibleTableGetColumnExtentAt): Ditto.
(webkitAccessibleTableGetRowExtentAt): Ditto.
(webkitAccessibleTableGetColumnHeader): Ditto.
(webkitAccessibleTableGetRowHeader): Ditto.
(webkitAccessibleTableGetCaption): Ditto.
(webkitAccessibleTableGetColumnDescription): Ditto.
(webkitAccessibleTableGetRowDescription): Ditto.
* accessibility/atk/WebKitAccessibleInterfaceText.cpp:
(webkitAccessibleTextGetText): Ditto.
(webkitAccessibleTextGetTextAfterOffset): Ditto.
(webkitAccessibleTextGetTextAtOffset): Ditto.
(webkitAccessibleTextGetTextBeforeOffset): Ditto.
(webkitAccessibleTextGetCharacterAtOffset): Ditto.
(webkitAccessibleTextGetCaretOffset): Ditto.
(webkitAccessibleTextGetRunAttributes): Ditto.
(webkitAccessibleTextGetDefaultAttributes): Ditto.
(webkitAccessibleTextGetCharacterExtents): Ditto.
(webkitAccessibleTextGetRangeExtents): Ditto.
(webkitAccessibleTextGetCharacterCount): Ditto.
(webkitAccessibleTextGetOffsetAtPoint): Ditto.
(webkitAccessibleTextGetNSelections): Ditto.
(webkitAccessibleTextGetSelection): Ditto.
(webkitAccessibleTextAddSelection): Ditto.
(webkitAccessibleTextSetSelection): Ditto.
(webkitAccessibleTextRemoveSelection): Ditto.
(webkitAccessibleTextSetCaretOffset): Ditto.
* accessibility/atk/WebKitAccessibleInterfaceValue.cpp:
(webkitAccessibleValueGetCurrentValue): Ditto.
(webkitAccessibleValueGetMaximumValue): Ditto.
(webkitAccessibleValueGetMinimumValue): Ditto.
(webkitAccessibleValueSetCurrentValue): Ditto.
(webkitAccessibleValueGetMinimumIncrement): Ditto.
* accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
(core): Removed, as it's not actually needed.
(webkitAccessibleGetName):  Protect entry point.
(webkitAccessibleGetDescription): Ditto.
(webkitAccessibleGetParent): Ditto.
(webkitAccessibleGetNChildren): Ditto.
(webkitAccessibleRefChild): Ditto.
(webkitAccessibleGetIndexInParent): Ditto.
(webkitAccessibleGetAttributes): Ditto.
(webkitAccessibleGetRole): Ditto.
(webkitAccessibleRefStateSet): Ditto.
(webkitAccessibleRefRelationSet): Ditto.
(webkitAccessibleGetObjectLocale): Ditto.
(webkitAccessibleDetach): Ditto.
(webkitAccessibleIsDetached): New helper function, to be used from
the newly added macros. We need to check whether the wrapper is
detached and not just the wrapper AccessibilityObject since once
the detachment happens we can't trust anything but the AtkObject
from the wrapper (the AccessibilityObject might be invalid).
* accessibility/atk/WebKitAccessibleWrapperAtk.h:

Assert that the render tree is neither being updated nor in need
of being updated before trying to compute the text under a given
element, since that might lead to crashes due to the constructor
of TextIterator calling updateLayoutIgnorePendingStylesheets().

* accessibility/AccessibilityNodeObject.cpp:
(WebCore::AccessibilityNodeObject::textUnderElement): Assert that
the render tree is neither being updated nor needing updating.

LayoutTests:

Added a new test to check that we do not crash in certain
scenarios when hiding objects and retriving accessibility
information about it.

* accessibility/heading-crash-after-hidden-expected.txt: Added.
* accessibility/heading-crash-after-hidden.html: Added.

Rebaselined expectations that were wrong before, since they were
not returning the actual value that they should be returning when
called AccessibilityUIElement::stringValue().

* platform/efl-wk1/accessibility/file-upload-button-stringvalue-expected.txt:
Updated, since the actual text being returned should be the actual
value of the file chooser (e.g. "(None)") and not the text in the
upload botton (e.g. "Choose files").
* platform/efl-wk2/accessibility/file-upload-button-stringvalue-expected.txt: Ditto.
* platform/gtk-wk2/accessibility/file-upload-button-stringvalue-expected.txt: Ditto..
* platform/gtk/accessibility/file-upload-button-stringvalue-expected.txt: Ditto.

* platform/gtk/accessibility/deleting-iframe-destroys-axcache-expected.txt:
Updated, since the iframe should be exposed at all after deleting it.

Removed accesibility test now passing after fixing this issue.

* platform/gtk/TestExpectations: Removed accessibility/aria-used-on-image-maps.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@156532 268f45cc-cd09-0410-ab3c-d52691b4dbfc
25 files changed:
LayoutTests/ChangeLog
LayoutTests/accessibility/heading-crash-after-hidden-expected.txt [new file with mode: 0644]
LayoutTests/accessibility/heading-crash-after-hidden.html [new file with mode: 0644]
LayoutTests/platform/efl-wk1/accessibility/file-upload-button-stringvalue-expected.txt
LayoutTests/platform/efl-wk2/accessibility/file-upload-button-stringvalue-expected.txt
LayoutTests/platform/gtk-wk2/accessibility/file-upload-button-stringvalue-expected.txt
LayoutTests/platform/gtk/TestExpectations
LayoutTests/platform/gtk/accessibility/deleting-iframe-destroys-axcache-expected.txt
LayoutTests/platform/gtk/accessibility/file-upload-button-stringvalue-expected.txt
Source/WebCore/ChangeLog
Source/WebCore/accessibility/AccessibilityNodeObject.cpp
Source/WebCore/accessibility/atk/WebKitAccessibleHyperlink.cpp
Source/WebCore/accessibility/atk/WebKitAccessibleInterfaceAction.cpp
Source/WebCore/accessibility/atk/WebKitAccessibleInterfaceComponent.cpp
Source/WebCore/accessibility/atk/WebKitAccessibleInterfaceDocument.cpp
Source/WebCore/accessibility/atk/WebKitAccessibleInterfaceEditableText.cpp
Source/WebCore/accessibility/atk/WebKitAccessibleInterfaceHypertext.cpp
Source/WebCore/accessibility/atk/WebKitAccessibleInterfaceImage.cpp
Source/WebCore/accessibility/atk/WebKitAccessibleInterfaceSelection.cpp
Source/WebCore/accessibility/atk/WebKitAccessibleInterfaceTable.cpp
Source/WebCore/accessibility/atk/WebKitAccessibleInterfaceText.cpp
Source/WebCore/accessibility/atk/WebKitAccessibleInterfaceValue.cpp
Source/WebCore/accessibility/atk/WebKitAccessibleUtil.h
Source/WebCore/accessibility/atk/WebKitAccessibleWrapperAtk.cpp
Source/WebCore/accessibility/atk/WebKitAccessibleWrapperAtk.h