Bug 1961452 - Don't call SetAttached until native handle is set. r=geckoview-reviewers,ohall

This issue is a possible crash case.

Actually `SessionAccessibility.NativeProvider.setAttached` is called in
C++ constructor of `SessionAccessibility`.  But native handle is set
after calling the constructor. So when `NativeProvider.setAttached` is
called, C++ side might not set native handle yet.

So we should not call `setAttached` in the constructor.

Differential Revision: https://phabricator.services.mozilla.com/D246070

accessible/android/SessionAccessibility.cpp

@@ -63,9 +63,7 @@ class Settings final
 SessionAccessibility::SessionAccessibility(
     jni::NativeWeakPtr<widget::GeckoViewSupport> aWindow,
     java::SessionAccessibility::NativeProvider::Param aSessionAccessibility)
-    : mWindow(aWindow), mSessionAccessibility(aSessionAccessibility) {
-  SetAttached(true, nullptr);
-}
+    : mWindow(aWindow), mSessionAccessibility(aSessionAccessibility) {}
 
 void SessionAccessibility::SetAttached(bool aAttached,
                                        already_AddRefed<Runnable> aRunnable) {

widget/android/nsWindow.cpp

@@ -1997,6 +1997,11 @@ void GeckoViewSupport::AttachAccessibility(
       jni::NativeWeakPtrHolder<a11y::SessionAccessibility>::Attach(
           sessionAccessibility, mWindow->mGeckoViewSupport,
           sessionAccessibility);
+
+  DispatchToUiThread(
+      "GeckoViewSupport::AttachAccessibility",
+      [sa = java::SessionAccessibility::NativeProvider::GlobalRef(
+           sessionAccessibility)] { sa->SetAttached(true); });
 }
 
 auto GeckoViewSupport::OnLoadRequest(mozilla::jni::String::Param aUri,