[iOS WK2] Web process crashes after changing selection to the end of the document...
authorwenson_hsieh@apple.com <wenson_hsieh@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 28 Aug 2017 01:22:55 +0000 (01:22 +0000)
committerwenson_hsieh@apple.com <wenson_hsieh@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 28 Aug 2017 01:22:55 +0000 (01:22 +0000)
commit63f9a7f47c232ddc31ad893f75673f8dedfe82e5
tree956189c0b8579e1f374d5aeb8fc0b0b6127457ec
parentbb6e140db27339884f3eeb53a74280a7ae19b013
[iOS WK2] Web process crashes after changing selection to the end of the document when speaking a selection
https://bugs.webkit.org/show_bug.cgi?id=176011
<rdar://problem/32614095>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Adds a null check to visiblePositionForPositionWithOffset. This is a crash point for accessibility codepaths,
since indexForVisiblePosition is not guaranteed to set the given `root` outparam to a non-null value, yet
visiblePositionForIndex requires root to be non-null. This causes a crash when selecting some text, hitting
'Speak', and then changing the selection to somewhere near the end of the document, since accessibility code
will attempt to speak words at an offset past the end of the document. While this is a bug in and of itself, the
web process should still handle this case gracefully and not crash. To fix this, we simply bail and return a
null VisiblePosition if a root container node was not found.

Currently, visiblePositionForPositionWithOffset is implemented twice, in WebCore (AXObjectCache.cpp) and also in
WebKit (WebPageIOS.mm), as identical static functions. This patch moves this helper into Editing.cpp and removes
it from AXObjectCache and WebPageIOS.

Tests: AccessibilityTests.RectsForSpeakingSelectionBasic
       AccessibilityTests.RectsForSpeakingSelectionWithLineWrapping
       AccessibilityTests.RectsForSpeakingSelectionDoNotCrashWhenChangingSelection

* accessibility/AXObjectCache.cpp:
(WebCore::visiblePositionForPositionWithOffset): Deleted.
* editing/Editing.cpp:
(WebCore::visiblePositionForPositionWithOffset):
* editing/Editing.h:

Source/WebKit:

Adds an SPI hook to test accessibility codepaths when speaking selected content. This patch does some minor
refactoring by introducing _accessibilityRetrieveRectsAtSelectionOffset:withText:completionHandler:, which takes
and invokes a completion handler block. The existing _accessibilityRetrieveRectsAtSelectionOffset:withText:
method simply turns around and calls the former variant with `nil` as a completion handler.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _accessibilityRetrieveRectsAtSelectionOffset:withText:completionHandler:]):
* UIProcess/API/Cocoa/WKWebViewPrivate.h:
* UIProcess/ios/WKContentViewInteraction.h:
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView _accessibilityRetrieveRectsAtSelectionOffset:withText:]):
(-[WKContentView _accessibilityRetrieveRectsAtSelectionOffset:withText:completionHandler:]):
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::visiblePositionForPositionWithOffset): Deleted.

Tools:

Introduces AccessibilityTests, and adds three new tests that traverse selection-rect-finding codepaths when
speaking selected content. See WebKit and WebCore ChangeLogs for more detail.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/ios/AccessibilityTestsIOS.mm: Added.
(-[WKWebView rectsAtSelectionOffset:withText:]):
(checkCGRectValueAtIndex):
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@221233 268f45cc-cd09-0410-ab3c-d52691b4dbfc
13 files changed:
Source/WebCore/ChangeLog
Source/WebCore/accessibility/AXObjectCache.cpp
Source/WebCore/editing/Editing.cpp
Source/WebCore/editing/Editing.h
Source/WebKit/ChangeLog
Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h
Source/WebKit/UIProcess/ios/WKContentViewInteraction.h
Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm
Tools/ChangeLog
Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
Tools/TestWebKitAPI/Tests/ios/AccessibilityTestsIOS.mm [new file with mode: 0644]