AX: Safari crashed once in WebCore::AccessibilityObject::ariaIsHidden
authorcfleizach@apple.com <cfleizach@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 16 Jun 2014 21:44:16 +0000 (21:44 +0000)
committercfleizach@apple.com <cfleizach@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 16 Jun 2014 21:44:16 +0000 (21:44 +0000)
commit8df1366345dc3d3bc3c69b3e76da9661f03e8f84
treec2eef8de3dcba6568f450edd731f3aefce3557c7
parentf6ef5b9dc2c6c4a3f5a7f36cd1ef2a203894b9b3
AX: Safari crashed once in WebCore::AccessibilityObject::ariaIsHidden
https://bugs.webkit.org/show_bug.cgi?id=133825

Reviewed by Enrica Casucci.

Sometimes asking accessibilityIsIgnored() will cause a newObject to be detached immediately after its created.
The creation function holds a reference with RefPtr as long as it lives, but when that method returns, the object goes away.

With that out of the way, I saw the same backtrace lead to updateLayoutIgnorePendingStylesheets being called while still inLayout.

I tried my best but could not create a reproducible layout test.

* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::getOrCreate):
* accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::updateBackingStore):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@170028 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/accessibility/AXObjectCache.cpp
Source/WebCore/accessibility/AccessibilityObject.cpp