From ea7dd2e2cd31af69993d5e8111822db4cea437a0 Mon Sep 17 00:00:00 2001 From: James Teh Date: Thu, 8 Sep 2022 23:47:01 +0000 Subject: [PATCH] Bug 1789396: Null check acc before calling AsLocal() in RemoteAccessibleBase::BoundsWithOffset. r=morgan We expect acc to be a local OuterDocAccessible. However, the OuterDocAccessible might die before the top level DocAccessibleParent, in which case acc will be null. In this case, the DocAccessibleParent is about to die anyway, so it doesn't matter that the bounds we return are slightly wrong (since they can't take the OuterDoc into account). Differential Revision: https://phabricator.services.mozilla.com/D156773 --- accessible/ipc/RemoteAccessibleBase.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/accessible/ipc/RemoteAccessibleBase.cpp b/accessible/ipc/RemoteAccessibleBase.cpp index bd609df9c271..026d5158309f 100644 --- a/accessible/ipc/RemoteAccessibleBase.cpp +++ b/accessible/ipc/RemoteAccessibleBase.cpp @@ -614,7 +614,10 @@ LayoutDeviceIntRect RemoteAccessibleBase::BoundsWithOffset( // This block is not thread safe because it queries a LocalAccessible. // It is also not needed in Android since the only local accessible is // the outer doc browser that has an offset of 0. - if (LocalAccessible* localAcc = const_cast(acc)->AsLocal()) { + // acc could be null if the OuterDocAccessible died before the top level + // DocAccessibleParent. + if (LocalAccessible* localAcc = + acc ? const_cast(acc)->AsLocal() : nullptr) { // LocalAccessible::Bounds returns screen-relative bounds in // dev pixels. LayoutDeviceIntRect localBounds = localAcc->Bounds();