1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
commit 8ba0e2ee02b0
Author: Aaron Klotz <aklotz@mozilla.com>
Date: Wed Oct 4 09:12:25 2017 -0600
Bug 1383501 - Do not crash when TabParent::RecvPDocAccessibleConstructor receives a null COM proxy sent to the parent process. r=jimm, a=ritu
MozReview-Commit-ID: 5IOuLXc375T
--HG--
extra : source : e2a6e2ddfa184b5a1f410408d7232ed0041a360f
---
accessible/ipc/win/ProxyAccessible.cpp | 2 +-
accessible/ipc/win/ProxyAccessible.h | 13 ++++++++++++-
dom/ipc/TabParent.cpp | 2 ++
3 files changed, 15 insertions(+), 2 deletions(-)
diff --git accessible/ipc/win/ProxyAccessible.cpp accessible/ipc/win/ProxyAccessible.cpp
index 0942e280ea30..383ece99fb0c 100644
--- accessible/ipc/win/ProxyAccessible.cpp
+++ accessible/ipc/win/ProxyAccessible.cpp
@@ -34,7 +34,7 @@ ProxyAccessible::GetCOMInterface(void** aOutAccessible) const
return false;
}
- if (!mCOMProxy) {
+ if (!mCOMProxy && mSafeToRecurse) {
// See if we can lazily obtain a COM proxy
AccessibleWrap* wrap = WrapperFor(this);
bool isDefunct = false;
diff --git accessible/ipc/win/ProxyAccessible.h accessible/ipc/win/ProxyAccessible.h
index 83f1e6093253..4fd897e588fe 100644
--- accessible/ipc/win/ProxyAccessible.h
+++ accessible/ipc/win/ProxyAccessible.h
@@ -27,6 +27,7 @@ public:
ProxyAccessible(uint64_t aID, ProxyAccessible* aParent,
DocAccessibleParent* aDoc, role aRole, uint32_t aInterfaces)
: ProxyAccessibleBase(aID, aParent, aDoc, aRole, aInterfaces)
+ , mSafeToRecurse(true)
{
MOZ_COUNT_CTOR(ProxyAccessible);
}
@@ -40,7 +41,16 @@ public:
bool GetCOMInterface(void** aOutAccessible) const;
void SetCOMInterface(const RefPtr<IAccessible>& aIAccessible)
- { mCOMProxy = aIAccessible; }
+ {
+ if (aIAccessible) {
+ mCOMProxy = aIAccessible;
+ } else {
+ // If we were supposed to be receiving an interface (hence the call to
+ // this function), but the interface turns out to be null, then we're
+ // broken for some reason.
+ mSafeToRecurse = false;
+ }
+ }
protected:
explicit ProxyAccessible(DocAccessibleParent* aThisAsDoc)
@@ -49,6 +59,7 @@ protected:
private:
RefPtr<IAccessible> mCOMProxy;
+ bool mSafeToRecurse;
};
}
diff --git dom/ipc/TabParent.cpp dom/ipc/TabParent.cpp
index 7fc5689e6211..d8733a377219 100644
--- dom/ipc/TabParent.cpp
+++ dom/ipc/TabParent.cpp
@@ -972,9 +972,11 @@ TabParent::RecvPDocAccessibleConstructor(PDocAccessibleParent* aDoc,
#ifdef XP_WIN
a11y::WrapperFor(doc)->SetID(aMsaaID);
MOZ_ASSERT(!aDocCOMProxy.IsNull());
+#ifdef NIGHTLY_BUILD
if (aDocCOMProxy.IsNull()) {
return IPC_FAIL(this, "Constructing a top-level PDocAccessible with null COM proxy");
}
+#endif
RefPtr<IAccessible> proxy(aDocCOMProxy.Get());
doc->SetCOMInterface(proxy);
|