AX: CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::Accessibi...
authorcfleizach@apple.com <cfleizach@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 20 Oct 2015 21:34:23 +0000 (21:34 +0000)
committercfleizach@apple.com <cfleizach@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 20 Oct 2015 21:34:23 +0000 (21:34 +0000)
commit0f0572a7435ff067f6077d41d7eb2a2ed797d08a
treeb83a6abeff4a95f559cec996141d50f554b2e52a
parente10730f389e09f7bf542be9ad40986c2ec1097c8
AX: CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::AccessibilityTable::tableElement const + 116
https://bugs.webkit.org/show_bug.cgi?id=150349

Reviewed by Brent Fulgham.

The crash point for this bug says that the parentElement of the firstBody is garbage when it's accessed.
Unfortunately, I could not reproduce this in-situ or with a test.
So my speculative solution is to recalculate those body elements to ensure that they're valid before we access.

* accessibility/AccessibilityTable.cpp:
(WebCore::AccessibilityTable::tableElement):
(WebCore::AccessibilityTable::isDataTable):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@191357 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/accessibility/AccessibilityTable.cpp