| Summary: | AX: WebAccessibilityObjectWrapperBase and WKAccessibilityWebPageObjectBase should hold WeakPtrs to their associated backing objects | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Tyler Wilcock <tyler_w> | ||||||||||||
| Component: | Accessibility | Assignee: | Tyler Wilcock <tyler_w> | ||||||||||||
| Status: | RESOLVED FIXED | ||||||||||||||
| Severity: | Normal | CC: | aboxhall, andresg_22, apinheiro, benjamin, cdumez, cfleizach, cmarcelo, dmazzoni, ews-watchlist, jcraig, jdiggs, samuel_white, webkit-bug-importer | ||||||||||||
| Priority: | P2 | Keywords: | InRadar | ||||||||||||
| Version: | Other | ||||||||||||||
| Hardware: | Unspecified | ||||||||||||||
| OS: | Unspecified | ||||||||||||||
| Attachments: |
|
||||||||||||||
|
Description
Tyler Wilcock
2023-05-19 18:17:47 PDT
Created attachment 466429 [details]
Patch
Created attachment 466430 [details]
Patch
Created attachment 466434 [details]
Patch
(In reply to Tyler Wilcock from comment #5) > Created attachment 466434 [details] > Patch --- a/Source/WTF/wtf/ThreadSafeWeakPtr.h +++ b/Source/WTF/wtf/ThreadSafeWeakPtr.h + size_t strongRefCount() const + { + Locker locker { m_lock }; + return m_strongReferenceCount; + } + We shouldn't do this because immediately after releasing the lock, this value can change, so the returned value is meaningless as pointed out by @Alex Christensen in a previous review. Created attachment 466449 [details]
Patch
Created attachment 466455 [details]
Patch
(In reply to Tyler Wilcock from comment #8) > Created attachment 466455 [details] > Patch --- a/Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperBase.mm +++ b/Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperBase.mm @@ -377,11 +377,11 @@ - (id)attachmentView - (WebCore::AXCoreObject*)axBackingObject { if (isMainThread()) - return m_axObject; + return m_axObject.get(); #if ENABLE(ACCESSIBILITY_ISOLATED_TREE) ASSERT(AXObjectCache::isIsolatedTreeEnabled()); - return m_isolatedObject; + return m_isolatedObject.get().get(); I think we need to change this method to return a RefPtr instead of a raw pointer. Between the + return m_isolatedObject.get().get(); and the initialization of the RefPtr in the caller (e.g., accessibilityAttributeValue), this guy can go null. The same applies to updateObjectBackingStore. (In reply to Andres Gonzalez from comment #9) > (In reply to Tyler Wilcock from comment #8) > > Created attachment 466455 [details] > > Patch > > --- a/Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperBase.mm > +++ b/Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperBase.mm > > @@ -377,11 +377,11 @@ - (id)attachmentView > - (WebCore::AXCoreObject*)axBackingObject > { > if (isMainThread()) > - return m_axObject; > + return m_axObject.get(); > > #if ENABLE(ACCESSIBILITY_ISOLATED_TREE) > ASSERT(AXObjectCache::isIsolatedTreeEnabled()); > - return m_isolatedObject; > + return m_isolatedObject.get().get(); > > I think we need to change this method to return a RefPtr instead of a raw > pointer. Between the > > + return m_isolatedObject.get().get(); > > and the initialization of the RefPtr in the caller (e.g., > accessibilityAttributeValue), this guy can go null. > The same applies to updateObjectBackingStore. We'll do this in a separate patch to minimize risk. Committed 264429@main (9c6ff227993d): <https://commits.webkit.org/264429@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 466455 [details]. |