Bug 1320192: Ensure that we return a null native accessible if GetWindow(GW_CHILD) on a windowed plugin fails; r=tbsaunde, a=jcristau
authorAaron Klotz <aklotz@mozilla.com>
Wed, 07 Dec 2016 09:37:36 -1000
changeset 352924 00ced46aa9d09f6db2f9d9aa2483aaf9cf66e460
parent 352923 0644964811f1423a2c0958e141fa92ee41695279
child 352925 3873f6f9aacf915d5da9ff96ef0cdf6971fe52b2
push id6795
push userjlund@mozilla.com
push dateMon, 23 Jan 2017 14:19:46 +0000
treeherdermozilla-esr52@76101b503191 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstbsaunde, jcristau
bugs1320192
milestone52.0a2
Bug 1320192: Ensure that we return a null native accessible if GetWindow(GW_CHILD) on a windowed plugin fails; r=tbsaunde, a=jcristau MozReview-Commit-ID: 1Fe8xwS3dWc
accessible/ipc/DocAccessibleParent.cpp
accessible/windows/msaa/HTMLWin32ObjectAccessible.cpp
--- a/accessible/ipc/DocAccessibleParent.cpp
+++ b/accessible/ipc/DocAccessibleParent.cpp
@@ -486,16 +486,18 @@ bool
 DocAccessibleParent::RecvGetWindowedPluginIAccessible(
       const WindowsHandle& aHwnd, IAccessibleHolder* aPluginCOMProxy)
 {
 #if defined(MOZ_CONTENT_SANDBOX)
   // We don't actually want the accessible object for aHwnd, but rather the
   // one that belongs to its child (see HTMLWin32ObjectAccessible).
   HWND childWnd = ::GetWindow(reinterpret_cast<HWND>(aHwnd), GW_CHILD);
   if (!childWnd) {
+    // We're seeing this in the wild - the plugin is windowed but we no longer
+    // have a window.
     return true;
   }
 
   IAccessible* rawAccPlugin = nullptr;
   HRESULT hr = ::AccessibleObjectFromWindow(childWnd, OBJID_WINDOW,
                                             IID_IAccessible,
                                             (void**)&rawAccPlugin);
   if (FAILED(hr)) {
--- a/accessible/windows/msaa/HTMLWin32ObjectAccessible.cpp
+++ b/accessible/windows/msaa/HTMLWin32ObjectAccessible.cpp
@@ -80,20 +80,17 @@ HTMLWin32ObjectAccessible::HTMLWin32Obje
       return;
     }
 #endif
 
     // The plugin is not windowless. In this situation we use 
     // use its inner child owned by the plugin so that we don't get
     // in an infinite loop, where the WM_GETOBJECT's get forwarded
     // back to us and create another HTMLWin32ObjectAccessible
-    HWND childWnd = ::GetWindow((HWND)aHwnd, GW_CHILD);
-    if (childWnd) {
-      mHwnd = childWnd;
-    }
+    mHwnd = ::GetWindow((HWND)aHwnd, GW_CHILD);
   }
 }
 
 void
 HTMLWin32ObjectAccessible::GetNativeInterface(void** aNativeAccessible)
 {
 #if defined(MOZ_CONTENT_SANDBOX)
   if (XRE_IsContentProcess()) {