Google Git
Sign in
webkit / WebKit / 7e3614ea417465ef2fd3b61e848caf85a49ac6de^! / . / LayoutTests / ChangeLog
commit7e3614ea417465ef2fd3b61e848caf85a49ac6de[log] [tgz]
authorzalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Mon May 08 15:33:47 2017 +0000
committerzalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Mon May 08 15:33:47 2017 +0000
tree1a01e324428a91da2e9f850b39995027663e8f25
parent036ffde6a3e9291d232166d4dfb26d01ea275eb3 [diff] [blame]
Ensure clean tree before AX cache update.
https://bugs.webkit.org/show_bug.cgi?id=171546
<rdar://problem/31934942>

Source/WebCore:

While updating an accessibility object state, we might
perform unintentional style updates. This style update could
end up destroying renderes that are still referenced by function calls
on the callstack.
To avoid that, AXObjectCache should operate on a clean tree only.

Reviewed by Chris Fleizach.

Test: accessibility/crash-when-render-tree-is-not-clean.html

* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::checkedStateChanged):
(WebCore::AXObjectCache::selectedChildrenChanged):
(WebCore::AXObjectCache::handleAriaExpandedChange):
(WebCore::AXObjectCache::handleActiveDescendantChanged):
(WebCore::AXObjectCache::handleAriaRoleChanged):
(WebCore::AXObjectCache::handleAttributeChanged):
(WebCore::AXObjectCache::handleAriaModalChange):
(WebCore::AXObjectCache::labelChanged):
* accessibility/AXObjectCache.h:
(WebCore::AXObjectCache::checkedStateChanged):
(WebCore::AXObjectCache::handleActiveDescendantChanged):
(WebCore::AXObjectCache::handleAriaExpandedChange):
(WebCore::AXObjectCache::handleAriaRoleChanged):
(WebCore::AXObjectCache::handleAriaModalChange):
(WebCore::AXObjectCache::handleAttributeChanged):
(WebCore::AXObjectCache::selectedChildrenChanged):
* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::handleAriaExpandedChanged):
* dom/Element.cpp:
(WebCore::Element::attributeChanged):
* html/HTMLInputElement.cpp:
(WebCore::HTMLInputElement::setChecked):

LayoutTests:

Reviewed by Chris Fleizach.

* accessibility/crash-when-render-tree-is-not-clean.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@216419 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 3361b43..d77c22a 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog

@@ -1,3 +1,13 @@
+2017-05-06  Zalan Bujtas  <zalan@apple.com>
+
+        Ensure clean tree before AX cache update.
+        https://bugs.webkit.org/show_bug.cgi?id=171546
+        <rdar://problem/31934942>
+
+        Reviewed by Chris Fleizach.
+
+        * accessibility/crash-when-render-tree-is-not-clean.html: Added.
+
 2017-05-08  Myles C. Maxfield  <mmaxfield@apple.com>
 
         Unprefix unicode-bidi CSS values