git://git.webkit.org / WebKit-https.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 891f1cd) | patch
CrashTracer: 1,382 crashes in Safari at com.apple.WebCore: WebCore::VisiblePosition...
authorcfleizach@apple.com <cfleizach@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 28 Sep 2010 17:59:32 +0000 (17:59 +0000)
committercfleizach@apple.com <cfleizach@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 28 Sep 2010 17:59:32 +0000 (17:59 +0000)
commit3278ed882c3d8ed157adf8f7e31dc172f268db2a
tree9f02b9a5fc92eb682cbeafe0dc3c25228394f1d3tree | snapshot
parent891f1cda8195cf50ecd24628d39a824454e40c30commit | diff
CrashTracer: 1,382 crashes in Safari at com.apple.WebCore: WebCore::VisiblePosition::canonicalPosition + 78
https://bugs.webkit.org/show_bug.cgi?id=45927

Reviewed by Beth Dakin.

WebCore:

AXTextMarkers store pointers to Nodes without any retain or reference. If a Node is deallocated and then
a client tries to use a text marker that references that node, it leads to this crash.

The AXObjectCache instance now keeps a HashSet of Node's being used. When a node becomes deallocated, it removes itself
from the HashSet. When creating a VisiblePosition from an AXTextMarker, the cache can then check if the node is valid
before proceeding.

Test: platform/mac/accessibility/crash-invalid-text-marker-node.html

* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::visiblePositionForTextMarkerData):
(WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
    Modify to check whether a node is valid before proceeeding.
* accessibility/AXObjectCache.h:
(WebCore::AXObjectCache::setNodeInUse):
(WebCore::AXObjectCache::removeNodeForUse):
(WebCore::AXObjectCache::isNodeInUse):
    Methods for managing whether a node is in use by text markers.
* accessibility/mac/AccessibilityObjectWrapper.mm:
(textMarkerForVisiblePosition):
(-[AccessibilityObjectWrapper textMarkerForVisiblePosition:]):
(visiblePositionForTextMarker):
(-[AccessibilityObjectWrapper visiblePositionForTextMarker:]):
(visiblePositionForStartOfTextMarkerRange):
(visiblePositionForEndOfTextMarkerRange):
(-[AccessibilityObjectWrapper doAXAttributedStringForTextMarkerRange:]):
(textMarkerRangeFromVisiblePositions):
(-[AccessibilityObjectWrapper textMarkerRangeFromVisiblePositions:endPosition:]):
(-[AccessibilityObjectWrapper visiblePositionRangeForTextMarkerRange:]):
(-[AccessibilityObjectWrapper textMarkerRangeForSelection]):
(-[AccessibilityObjectWrapper accessibilityAttributeValue:]):
(-[AccessibilityObjectWrapper doAXAttributedStringForRange:]):
(-[AccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
     Change these calls so that the axObjectCache() can be passed in to create the visible position.
* dom/Document.cpp:
(WebCore::Document::axObjectCacheExists):
* dom/Document.h:
* dom/Node.cpp:
(WebCore::Node::~Node):
     If accessibility is enabled, inform the axObjectCache() that this node is disappearing.

LayoutTests:

* platform/mac/accessibility/crash-invalid-text-marker-node-expected.txt: Added.
* platform/mac/accessibility/crash-invalid-text-marker-node.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@68541 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog diff | blob | history
LayoutTests/platform/mac/accessibility/crash-invalid-text-marker-node-expected.txt [new file with mode: 0644] blob
LayoutTests/platform/mac/accessibility/crash-invalid-text-marker-node.html [new file with mode: 0644] blob
WebCore/ChangeLog diff | blob | history
WebCore/accessibility/AXObjectCache.cpp diff | blob | history
WebCore/accessibility/AXObjectCache.h diff | blob | history
WebCore/accessibility/mac/AccessibilityObjectWrapper.mm diff | blob | history
WebCore/dom/Document.cpp diff | blob | history
WebCore/dom/Document.h diff | blob | history
WebCore/dom/Node.cpp diff | blob | history
Mirror of the WebKit open source project from svn.webkit.org.