diff options
| author | jam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-27 02:12:08 +0000 |
|---|---|---|
| committer | jam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-27 02:12:08 +0000 |
| commit | f6c1f2470b243628a36981efae7c3a6ce3914a92 (patch) | |
| tree | 3b16e7ec1f9b1185af8b9087bf16ce25c926c720 | |
| parent | 1d279431cd41b8760bd4a8c2a66cab106ca201f5 (diff) | |
| download | chromium_src-f6c1f2470b243628a36981efae7c3a6ce3914a92.zip chromium_src-f6c1f2470b243628a36981efae7c3a6ce3914a92.tar.gz chromium_src-f6c1f2470b243628a36981efae7c3a6ce3914a92.tar.bz2 | |
Fix null dereference that happens in accessibilty because FrameView is gone during a nested message loop.
I also fixed another null dereference in InitAccessibilityRoot that I saw during debugging.
BUG=4582
Review URL: http://codereview.chromium.org/10418
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@6098 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | webkit/glue/glue_accessibility.cc | 13 | ||||
| -rw-r--r-- | webkit/glue/glue_accessibility.h | 10 |
2 files changed, 11 insertions, 12 deletions
diff --git a/webkit/glue/glue_accessibility.cc b/webkit/glue/glue_accessibility.cc index 370bbdb..7119358 100644 --- a/webkit/glue/glue_accessibility.cc +++ b/webkit/glue/glue_accessibility.cc @@ -41,6 +41,10 @@ GlueAccessibility::~GlueAccessibility() { bool GlueAccessibility::GetAccessibilityInfo(WebView* view, const ViewMsg_Accessibility_In_Params& in_params, ViewHostMsg_Accessibility_Out_Params* out_params) { + WebFrame* main_frame = view->GetMainFrame(); + if (!main_frame || !static_cast<WebFrameImpl*>(main_frame)->frameview()) + return false; + if (!root_->accessibility_root_ && !InitAccessibilityRoot(view)) { // Failure in retrieving the root. return false; @@ -218,16 +222,11 @@ bool GlueAccessibility::InitAccessibilityRoot(WebView* view) { iaccessible_id_ = 0; WebFrame* main_frame = view->GetMainFrame(); - - if (!main_frame) - return false; - WebFrameImpl* main_frame_impl = static_cast<WebFrameImpl*>(main_frame); WebCore::Frame* frame = main_frame_impl->frame(); - WebCore::Document* currentDocument = frame->document(); - if (!currentDocument) { - root_->accessibility_root_ = 0; + + if (!currentDocument || !currentDocument->renderer()) { return false; } else if (!root_->accessibility_root_ || root_->accessibility_root_->document() != currentDocument) { diff --git a/webkit/glue/glue_accessibility.h b/webkit/glue/glue_accessibility.h index 576ccc4..918e71e 100644 --- a/webkit/glue/glue_accessibility.h +++ b/webkit/glue/glue_accessibility.h @@ -35,17 +35,17 @@ class GlueAccessibility { const ViewMsg_Accessibility_In_Params& in_params, ViewHostMsg_Accessibility_Out_Params* out_params); - // Retrieves the RenderObject associated with this WebView, and uses it to - // initialize the root of the render-side MSAA tree with the associated - // accessibility information. Returns true if successful, false otherwise. - bool InitAccessibilityRoot(WebView* view); - // Erases the entry identified by the |iaccessible_id| from the hash map. If // |clear_all| is true, all entries are erased. Returns true if successful, // false otherwise. bool ClearIAccessibleMap(int iaccessible_id, bool clear_all); private: + // Retrieves the RenderObject associated with this WebView, and uses it to + // initialize the root of the render-side MSAA tree with the associated + // accessibility information. Returns true if successful, false otherwise. + bool InitAccessibilityRoot(WebView* view); + // Wrapper around the COM pointer that holds the root of the MSAA tree, to // ensure that we are not requiring WebKit includes outside of glue. struct GlueAccessibilityRoot; |