Chromium Code Reviews
DescriptionUse correct WebView from AccessibilityController.
Before this CL AccessibilityController would act on the WebView
associated with the main test window, rather than acting on the WebView
associated with the frame owning the AccessibilityController's
javascript bindings. This could lead to UaF in
AccessibilityController::NotificationReceived where it was trying to use
web_view_->mainFrame on an already destroyed view (no good repro at ToT
- repro would happen after other OOPIF refactorings when running in
--site-per-process mode).
Changes in the current CL:
- AccessibilityController's lifetime is now owned by WebViewTestProxy
(rather than having AccessibilityController owned by the global
TestInterfaces object).
- AccessibilityController now uses WebView from the correct
WebViewTestProxy (rather than one associted with the main test window).
- TestInterfaces object no longer has a pointer to an
AccessibilityController object (because there is no longer a
central/global AccessibilityController object). This means having to
move code that calls AccessibilityController::Install and
AccessibilityController::Reset away from TestInterfaces.
Additional changes:
- AccessibilityController does not need to inherit from
base::SupportsWeakPtr<...> (because AccessibilityController already
has a weak_factory_ field).
BUG=595089
Committed: https://crrev.com/8ee983a2a52420c843fc4ed0de1ee3c107ef00b8
Cr-Commit-Position: refs/heads/master@{#389156}
Patch Set 1 #Patch Set 2 : Rebasing + self-review. #Patch Set 3 : Rebasing... #Depends on Patchset: Dependent Patchsets: Messages
Total messages: 13 (6 generated)
|