AX: should init an AXObject only after AXObjectCache has added it
authordmazzoni@google.com <dmazzoni@google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 24 Jan 2013 08:16:00 +0000 (08:16 +0000)
committerdmazzoni@google.com <dmazzoni@google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 24 Jan 2013 08:16:00 +0000 (08:16 +0000)
commitce2e8dace983d3ef2e9db0372851b08440525314
tree756d2566c0b7d394a64852fe9a63b0b790ea95d3
parentf6458c85a578f1d6fc5f74158ff3ca3040c59c52
AX: should init an AXObject only after AXObjectCache has added it
https://bugs.webkit.org/show_bug.cgi?id=107533

Reviewed by Chris Fleizach.

Source/WebCore:

Initialize each AXObject after the AXObjectCache has
finished adding it to its hash maps, so that it's
impossible for initialization of an AXObject to result in
exploring the tree and creating another AXObject instance
that points to the same renderer / node.

Test: accessibility/duplicate-axrenderobject-crash.html

* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::getOrCreate):
* accessibility/AccessibilityARIAGrid.cpp:
(WebCore::AccessibilityARIAGrid::create):
* accessibility/AccessibilityARIAGridCell.cpp:
(WebCore::AccessibilityARIAGridCell::create):
* accessibility/AccessibilityARIAGridRow.cpp:
(WebCore::AccessibilityARIAGridRow::create):
* accessibility/AccessibilityList.cpp:
(WebCore::AccessibilityList::create):
* accessibility/AccessibilityListBox.cpp:
(WebCore::AccessibilityListBox::create):
* accessibility/AccessibilityMediaControls.cpp:
(WebCore::AccessibilityMediaControl::create):
(WebCore::AccessibilityMediaControlsContainer::create):
(WebCore::AccessibilityMediaTimeline::create):
(WebCore::AccessibilityMediaTimeDisplay::create):
* accessibility/AccessibilityMenuList.cpp:
(WebCore::AccessibilityMenuList::create):
* accessibility/AccessibilityNodeObject.cpp:
(WebCore::AccessibilityNodeObject::create):
* accessibility/AccessibilityObject.h:
(WebCore::AccessibilityObject::init):
(AccessibilityObject):
* accessibility/AccessibilityProgressIndicator.cpp:
(WebCore::AccessibilityProgressIndicator::create):
* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::create):
(WebCore::AccessibilityRenderObject::accessibilityIsIgnored):
    assert that the object has been initialized
* accessibility/AccessibilitySVGRoot.cpp:
(WebCore::AccessibilitySVGRoot::create):
* accessibility/AccessibilitySlider.cpp:
(WebCore::AccessibilitySlider::create):
* accessibility/AccessibilityTable.cpp:
(WebCore::AccessibilityTable::create):
* accessibility/AccessibilityTableCell.cpp:
(WebCore::AccessibilityTableCell::create):
* accessibility/AccessibilityTableRow.cpp:
(WebCore::AccessibilityTableRow::create):

LayoutTests:

Adds a new test that demonstrates a crash if an AXObject
initializes itself before the AXObjectCache has added it to
the cache.

* accessibility/duplicate-axrenderobject-crash-expected.txt: Added.
* accessibility/duplicate-axrenderobject-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@140658 268f45cc-cd09-0410-ab3c-d52691b4dbfc
22 files changed:
LayoutTests/ChangeLog
LayoutTests/accessibility/duplicate-axrenderobject-crash-expected.txt [new file with mode: 0644]
LayoutTests/accessibility/duplicate-axrenderobject-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/accessibility/AXObjectCache.cpp
Source/WebCore/accessibility/AccessibilityARIAGrid.cpp
Source/WebCore/accessibility/AccessibilityARIAGridCell.cpp
Source/WebCore/accessibility/AccessibilityARIAGridRow.cpp
Source/WebCore/accessibility/AccessibilityList.cpp
Source/WebCore/accessibility/AccessibilityListBox.cpp
Source/WebCore/accessibility/AccessibilityMediaControls.cpp
Source/WebCore/accessibility/AccessibilityMenuList.cpp
Source/WebCore/accessibility/AccessibilityNodeObject.cpp
Source/WebCore/accessibility/AccessibilityNodeObject.h
Source/WebCore/accessibility/AccessibilityObject.h
Source/WebCore/accessibility/AccessibilityProgressIndicator.cpp
Source/WebCore/accessibility/AccessibilityRenderObject.cpp
Source/WebCore/accessibility/AccessibilitySVGRoot.cpp
Source/WebCore/accessibility/AccessibilitySlider.cpp
Source/WebCore/accessibility/AccessibilityTable.cpp
Source/WebCore/accessibility/AccessibilityTableCell.cpp
Source/WebCore/accessibility/AccessibilityTableRow.cpp