Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-24 05:11:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1751943: Fix doc tree mutation during AddChildDoc. r=nlapre

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D173916
This commit is contained in:
James Teh 2023-04-19 23:16:15 +00:00
parent 623f4ac2d3
commit 4ea1fca123
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
accessible/ipc/DocAccessibleParent.cpp
View File

@ -906,11 +906,13 @@ ipc::IPCResult DocAccessibleParent::AddChildDoc(DocAccessibleParent* aChildDoc,
if (bridge) {
#if defined(XP_WIN)
if (!StaticPrefs::accessibility_cache_enabled_AtStartup()) {
RefPtr<DocAccessibleParent> thisDoc = this;
RefPtr<DocAccessibleParent> childDoc = aChildDoc;
// Send a COM proxy for the embedded document to the embedder process
// hosting the iframe. This will be returned as the child of the
// embedder OuterDocAccessible.
RefPtr<IDispatch> docAcc;
aChildDoc->GetCOMInterface((void**)getter_AddRefs(docAcc));
childDoc->GetCOMInterface((void**)getter_AddRefs(docAcc));
MOZ_ASSERT(docAcc);
if (docAcc) {
RefPtr<IDispatch> docWrapped(
@ -920,30 +922,39 @@ ipc::IPCResult DocAccessibleParent::AddChildDoc(DocAccessibleParent* aChildDoc,
IDispatchHolder docHolder(std::move(docPtr));
if (bridge->SendSetEmbeddedDocAccessibleCOMProxy(docHolder)) {
# if defined(MOZ_SANDBOX)
aChildDoc->mDocProxyStream = docHolder.GetPreservedStream();
childDoc->mDocProxyStream = docHolder.GetPreservedStream();
# endif // defined(MOZ_SANDBOX)
}
}
if (!outerDoc) {
return IPC_FAIL(this, "OuterDoc removed while adding child doc");
}
if (childDoc->IsShutdown()) {
return IPC_FAIL(this, "Child doc removed while adding it");
}
// Send a COM proxy for the embedder OuterDocAccessible to the embedded
// document process. This will be returned as the parent of the
// embedded document.
aChildDoc->SendParentCOMProxy(outerDoc);
childDoc->SendParentCOMProxy(outerDoc);
if (childDoc->IsShutdown()) {
return IPC_FAIL(this, "Child doc removed while adding it");
}
if (nsWinUtils::IsWindowEmulationStarted()) {
// The embedded document should use the same emulated window handle as
// its embedder. It will return the embedder document (not a window
// accessible) as the parent accessible, so we pass a null accessible
// when sending the window to the embedded document.
Unused << aChildDoc->SendEmulatedWindow(
Unused << childDoc->SendEmulatedWindow(
reinterpret_cast<uintptr_t>(mEmulatedWindowHandle), nullptr);
}
if (thisDoc->IsShutdown()) {
return IPC_FAIL(this, "Parent doc removed while adding child doc");
}
// Send a COM proxy for the top level document to the embedded document
// process. This will be returned when the client calls QueryService
// with SID_IAccessibleContentDocument on an accessible in the embedded
// document.
DocAccessibleParent* topDoc = this;
DocAccessibleParent* topDoc = thisDoc;
while (DocAccessibleParent* parentDoc = topDoc->ParentDoc()) {
topDoc = parentDoc;
}
@ -957,7 +968,7 @@ ipc::IPCResult DocAccessibleParent::AddChildDoc(DocAccessibleParent* aChildDoc,
IAccessibleHolder::COMPtrType topDocPtr(
mscom::ToProxyUniquePtr(std::move(topDocWrapped)));
IAccessibleHolder topDocHolder(std::move(topDocPtr));
if (aChildDoc->SendTopLevelDocCOMProxy(topDocHolder)) {
if (childDoc->SendTopLevelDocCOMProxy(topDocHolder)) {
# if defined(MOZ_SANDBOX)
aChildDoc->mTopLevelDocProxyStream =
topDocHolder.GetPreservedStream();
@ -967,6 +978,9 @@ ipc::IPCResult DocAccessibleParent::AddChildDoc(DocAccessibleParent* aChildDoc,
if (!outerDoc) {
return IPC_FAIL(this, "OuterDoc removed while adding child doc");
}
if (childDoc->IsShutdown()) {
return IPC_FAIL(this, "Child doc removed while adding it");
}
}
if (nsWinUtils::IsWindowEmulationStarted()) {
aChildDoc->SetEmulatedWindowHandle(mEmulatedWindowHandle);