Bug 1320192: Ensure that we return a null native accessible if GetWindow(GW_CHILD) on a windowed plugin fails; r=tbsaunde
authorAaron Klotz <aklotz@mozilla.com>
Wed, 07 Dec 2016 09:37:36 -1000
changeset 325388 653e7327b3f835cdc42de5632f8831f1616fcddc
parent 325387 4ed75a24f8b5bd3b400ec44a5c3a3a48575347ff
child 325389 2ff0d7460eb608032bce7a991b0d95ca78794dda
push id24
push usermaklebus@msu.edu
push dateTue, 20 Dec 2016 03:11:33 +0000
reviewerstbsaunde
bugs1320192
milestone53.0a1
Bug 1320192: Ensure that we return a null native accessible if GetWindow(GW_CHILD) on a windowed plugin fails; r=tbsaunde MozReview-Commit-ID: 1Fe8xwS3dWc
accessible/ipc/DocAccessibleParent.cpp
accessible/windows/msaa/HTMLWin32ObjectAccessible.cpp
--- a/accessible/ipc/DocAccessibleParent.cpp
+++ b/accessible/ipc/DocAccessibleParent.cpp
@@ -491,17 +491,19 @@ mozilla::ipc::IPCResult
 DocAccessibleParent::RecvGetWindowedPluginIAccessible(
       const WindowsHandle& aHwnd, IAccessibleHolder* aPluginCOMProxy)
 {
 #if defined(MOZ_CONTENT_SANDBOX)
   // We don't actually want the accessible object for aHwnd, but rather the
   // one that belongs to its child (see HTMLWin32ObjectAccessible).
   HWND childWnd = ::GetWindow(reinterpret_cast<HWND>(aHwnd), GW_CHILD);
   if (!childWnd) {
-    return IPC_FAIL(this, "GetWindow failed");
+    // We're seeing this in the wild - the plugin is windowed but we no longer
+    // have a window.
+    return IPC_OK();
   }
 
   IAccessible* rawAccPlugin = nullptr;
   HRESULT hr = ::AccessibleObjectFromWindow(childWnd, OBJID_WINDOW,
                                             IID_IAccessible,
                                             (void**)&rawAccPlugin);
   if (FAILED(hr)) {
     // This might happen if the plugin doesn't handle WM_GETOBJECT properly.
--- a/accessible/windows/msaa/HTMLWin32ObjectAccessible.cpp
+++ b/accessible/windows/msaa/HTMLWin32ObjectAccessible.cpp
@@ -80,20 +80,17 @@ HTMLWin32ObjectAccessible::HTMLWin32Obje
       return;
     }
 #endif
 
     // The plugin is not windowless. In this situation we use 
     // use its inner child owned by the plugin so that we don't get
     // in an infinite loop, where the WM_GETOBJECT's get forwarded
     // back to us and create another HTMLWin32ObjectAccessible
-    HWND childWnd = ::GetWindow((HWND)aHwnd, GW_CHILD);
-    if (childWnd) {
-      mHwnd = childWnd;
-    }
+    mHwnd = ::GetWindow((HWND)aHwnd, GW_CHILD);
   }
 }
 
 void
 HTMLWin32ObjectAccessible::GetNativeInterface(void** aNativeAccessible)
 {
 #if defined(MOZ_CONTENT_SANDBOX)
   if (XRE_IsContentProcess()) {