Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(504)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/renderer/renderer_accessibility.cc

Issue 8772006: Fix a possible renderer hang due to an WebAccessibilityObject becoming invalid. (Closed) Base URL: http://git.chromium.org/git/chromium.git@trunk
Patch Set: Address comments. Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/renderer/renderer_accessibility.cc
diff --git a/content/renderer/renderer_accessibility.cc b/content/renderer/renderer_accessibility.cc
index 2ca15dd012f7e7e2d81f324b3c473671c7bbd8f0..4b9d7d00ed30fe5518ff24544cace749399bf104 100644
--- a/content/renderer/renderer_accessibility.cc
+++ b/content/renderer/renderer_accessibility.cc
@@ -213,14 +213,6 @@ void RendererAccessibility::SendPendingAccessibilityNotifications() {
WebAccessibilityObject obj = document.accessibilityObjectFromID(
notification.id);
- if (!obj.isValid()) {
-#ifndef NDEBUG
- if (logging_)
- LOG(WARNING) << "Got notification on invalid object id " << obj.axID();
-#endif
- continue;
- }
-
// The browser may not have this object yet, for example if we get a
// notification on an object that was recently added, or if we get a
// notification on a node before the page has loaded. Work our way
@@ -228,6 +220,7 @@ void RendererAccessibility::SendPendingAccessibilityNotifications() {
// we reach the root.
int root_id = document.accessibilityObject().axID();
while (browser_id_map_.find(obj.axID()) == browser_id_map_.end() &&
+ obj.isValid() &&
obj.axID() != root_id) {
obj = obj.parentObject();
includes_children = true;
@@ -237,6 +230,15 @@ void RendererAccessibility::SendPendingAccessibilityNotifications() {
}
}
+ if (!obj.isValid()) {
+#ifndef NDEBUG
+ if (logging_)
+ LOG(WARNING) << "Got notification on object that is invalid or has"
+ << " invalid ancestor. Id: " << obj.axID();
+#endif
+ continue;
+ }
+
// Another potential problem is that this notification may be on an
// object that is detached from the tree. Determine if this node is not a
// child of its parent, and if so move the notification to the parent.
@@ -244,10 +246,15 @@ void RendererAccessibility::SendPendingAccessibilityNotifications() {
// https://bugs.webkit.org/show_bug.cgi?id=68466 is fixed.
if (obj.axID() != root_id) {
WebAccessibilityObject parent = obj.parentObject();
- while (!parent.isNull() && parent.accessibilityIsIgnored())
+ while (!parent.isNull() &&
+ parent.isValid() &&
+ parent.accessibilityIsIgnored()) {
parent = parent.parentObject();
- if (parent.isNull()) {
+ }
+
+ if (parent.isNull() || !parent.isValid()) {
NOTREACHED();
+ continue;
}
bool is_child_of_parent = false;
for (unsigned int i = 0; i < parent.childCount(); ++i) {
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698