Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(5)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: ui/accessibility/ax_tree.cc

Issue 2377443002: Fix another bug in AXTree caught by libfuzzer (Closed)
Patch Set: Address feedback Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | ui/accessibility/ax_tree_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "ui/accessibility/ax_tree.h" 5 #include "ui/accessibility/ax_tree.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 8
9 #include <set> 9 #include <set>
10 10
(...skipping 225 matching lines...) Expand 10 before | Expand all | Expand 10 after
236 update_state->new_nodes.insert(node); 236 update_state->new_nodes.insert(node);
237 node->SetData(src); 237 node->SetData(src);
238 } 238 }
239 239
240 if (delegate_) 240 if (delegate_)
241 delegate_->OnNodeChanged(this, node); 241 delegate_->OnNodeChanged(this, node);
242 242
243 // First, delete nodes that used to be children of this node but aren't 243 // First, delete nodes that used to be children of this node but aren't
244 // anymore. 244 // anymore.
245 if (!DeleteOldChildren(node, src.child_ids, update_state)) { 245 if (!DeleteOldChildren(node, src.child_ids, update_state)) {
246 // If DeleteOldChildren failed, we need to carefully clean up before
247 // returning false as well. In particular, if this node was a new root,
248 // we need to safely destroy the whole tree.
246 if (update_state->new_root) { 249 if (update_state->new_root) {
247 AXNode* old_root = root_; 250 AXNode* old_root = root_;
248 root_ = nullptr; 251 root_ = nullptr;
249 252
250 DestroySubtree(old_root, update_state); 253 DestroySubtree(old_root, update_state);
251 if (node != old_root && 254
255 // Delete |node|'s subtree too as long as it wasn't already removed
256 // or added elsewhere in the tree.
257 if (update_state->removed_node_ids.find(src.id) ==
258 update_state->removed_node_ids.end() &&
252 update_state->new_nodes.find(node) != update_state->new_nodes.end()) { 259 update_state->new_nodes.find(node) != update_state->new_nodes.end()) {
253 DestroySubtree(node, update_state); 260 DestroySubtree(node, update_state);
254 } 261 }
255 } 262 }
256 return false; 263 return false;
257 } 264 }
258 265
259 // Now build a new children vector, reusing nodes when possible, 266 // Now build a new children vector, reusing nodes when possible,
260 // and swap it in. 267 // and swap it in.
261 std::vector<AXNode*> new_children; 268 std::vector<AXNode*> new_children;
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after
360 update_state->pending_nodes.insert(child); 367 update_state->pending_nodes.insert(child);
361 update_state->new_nodes.insert(child); 368 update_state->new_nodes.insert(child);
362 } 369 }
363 new_children->push_back(child); 370 new_children->push_back(child);
364 } 371 }
365 372
366 return success; 373 return success;
367 } 374 }
368 375
369 } // namespace ui 376 } // namespace ui
OLDNEW
« no previous file with comments | « no previous file | ui/accessibility/ax_tree_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698