Bug 248451

Summary:

AX: AXIsolatedObject::m_childrenIDs is cleared too early when processing AXIsolatedTree::m_pendingSubtreeRemovals

Product:

WebKit

Reporter:

Tyler Wilcock <tyler_w>

Component:

Accessibility

Assignee:

Tyler Wilcock <tyler_w>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

aboxhall, andresg_22, apinheiro, cfleizach, dmazzoni, ews-watchlist, jcraig, jdiggs, samuel_white, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

Other

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none

Tyler Wilcock

Reported 2022-11-28 18:09:08 PST

In AXIsolatedTree::applyPendingChanges(), when processing m_pendingSubtreeRemovals, we start by taking the last axID in the Vector and using it to get the associated nodeForID(). Then we call AXCoreObject::detach(AccessibilityDetachmentType::ElementDestroyed), which in turn calls AXIsolatedObject::detachRemoteParts. Currently, the implementation of this function loops over m_childrenIDs and detaches those children from `this`, and then clears m_childrenIDs. Then, we jump back to AXIsolatedTree::applyPendingChanges() and run this line of code: m_pendingSubtreeRemovals.appendVector(object->m_childrenIDs); Which does nothing because we cleared m_childrenIDs as part of detachRemoteParts.

Attachments
Patch (6.93 KB, patch) 2022-11-28 19:09 PST, Tyler Wilcock	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2022-11-28 18:09:34 PST

<rdar://problem/102743478>

Tyler Wilcock

Comment 2 2022-11-28 19:09:14 PST

Created attachment 463777 [details] Patch

EWS

Comment 3 2022-11-30 20:03:26 PST

Committed 257217@main (b095a6aaca26): <https://commits.webkit.org/257217@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 463777 [details].

Note You need to log in before you can comment on or make changes to this bug.