Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(838)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 16695002: Uptake WebKit Changeset r149185. (Closed)

Created:
7 years, 6 months ago by inferno
Modified:
7 years, 6 months ago
CC:
blink-reviews, kenneth.christiansen, eae+blinkwatch, leviw+renderwatch, dglazkov+blink, adamk+blink_chromium.org, jchaffraix+rendering
Visibility:
Public.

Description

Uptake WebKit Changeset r149185. Object elements have the tendency to modify or even fully remove the containing Document inside beforeload callback. While Document is removed, RenderArena gets destroyed. Retained RenderWidgets fails to function with NULL arena. Protect RendereArena from getting wiped out, when Document is removed during FrameView::updateWidget(). BUG=226696 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=152086

Patch Set 1 #

Patch Set 2 : Add missing tests #

Patch Set 3 : Fix tests location #

Patch Set 4 : Refetch render view and null check AXObjectCache #

Unified diffs Side-by-side diffs Delta from patch set Stats (+26 lines, -17 lines) Patch
A + LayoutTests/fast/frames/crash-remove-iframe-during-object-beforeload-2.html View 1 2 1 chunk +1 line, -1 line 0 comments Download
A + LayoutTests/fast/frames/crash-remove-iframe-during-object-beforeload-2-expected.txt View 1 2 1 chunk +1 line, -0 lines 0 comments Download
M Source/core/dom/Document.h View 1 chunk +1 line, -1 line 0 comments Download
M Source/core/dom/Document.cpp View 1 2 3 2 chunks +10 lines, -8 lines 0 comments Download
M Source/core/page/FrameView.cpp View 1 2 3 3 chunks +5 lines, -2 lines 0 comments Download
M Source/core/rendering/RenderArena.h View 2 chunks +8 lines, -5 lines 0 comments Download

Messages

Total messages: 13 (0 generated)
inferno
7 years, 6 months ago (2013-06-08 19:59:19 UTC) #1
eseidel
I don't really like this change, but I agree it's safe.
7 years, 6 months ago (2013-06-08 20:22:38 UTC) #2
eseidel
lgtm As in, I agree it fixes the bug. Just don't like the idea of ...
7 years, 6 months ago (2013-06-08 20:23:23 UTC) #3
eseidel
lgtm lgtm As in, I agree it fixes the bug. Just don't like the idea ...
7 years, 6 months ago (2013-06-08 20:23:23 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/inferno@chromium.org/16695002/5001
7 years, 6 months ago (2013-06-08 20:23:34 UTC) #5
commit-bot: I haz the power
Retried try job too often on linux_layout_rel for step(s) webkit_tests http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=linux_layout_rel&number=12061
7 years, 6 months ago (2013-06-08 21:12:42 UTC) #6
inferno
On 2013/06/08 21:12:42, I haz the power (commit-bot) wrote: > Retried try job too often ...
7 years, 6 months ago (2013-06-08 22:23:57 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/inferno@chromium.org/16695002/13001
7 years, 6 months ago (2013-06-08 22:57:49 UTC) #8
commit-bot: I haz the power
Retried try job too often on linux_layout_rel for step(s) webkit_tests http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=linux_layout_rel&number=12067
7 years, 6 months ago (2013-06-08 23:50:22 UTC) #9
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/inferno@chromium.org/16695002/13001
7 years, 6 months ago (2013-06-09 03:33:27 UTC) #10
commit-bot: I haz the power
Retried try job too often on linux_layout_rel for step(s) webkit_tests http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=linux_layout_rel&number=12074
7 years, 6 months ago (2013-06-09 04:23:11 UTC) #11
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/inferno@chromium.org/16695002/13001
7 years, 6 months ago (2013-06-09 15:16:25 UTC) #12
commit-bot: I haz the power
7 years, 6 months ago (2013-06-09 17:14:39 UTC) #13
Message was sent while issue was closed. 
Change committed as 152086

Powered by Google App Engine
This is Rietveld 408576698