Speculative fix for WebPluginContainerImpl::calculateGeometry nullptr crashes.

Speculative fix for WebPluginContainerImpl::calculateGeometry nullptr crashes.

I think this is the reason for the crash linked in the bug. I'm not sure why
reportGeometry() is even called after m_element is nullptr, but this crash has been around since M33.

BUG=485909
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=195331

[tommycli, 2015-05-12 22:16:32]

tommycli@chromium.org changed reviewers:
+ japhet@chromium.org

[tommycli, 2015-05-12 22:16:33]

japhet: PTAL speculative fix for a crash that's been around since M33

[Nate Chapin, 2015-05-12 22:27:14]

Do we have anything at all to go on as to how this is happening?

[Nate Chapin, 2015-05-12 22:27:21]

Do we have anything at all to go on as to how this is happening?

[tommycli, 2015-05-12 22:36:07]

On 2015/05/12 22:27:21, Nate Chapin wrote:
> Do we have anything at all to go on as to how this is happening?

Mostly a guess from looking at the crash reports:

Thread 0 CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x0000000c]MAGIC SIGNATURE
THREAD

https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.ptype%3D%...

It tried to access something slightly offset from 0x0, which indicated to me it
was trying to get a member of a nullptr.

[Nate Chapin, 2015-05-13 19:50:36]

On 2015/05/12 22:36:07, tommycli wrote:
> On 2015/05/12 22:27:21, Nate Chapin wrote:
> > Do we have anything at all to go on as to how this is happening?
> 
> Mostly a guess from looking at the crash reports:
> 
> Thread 0 CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x0000000c]MAGIC SIGNATURE
> THREAD
> 
>
https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.ptype%3D%...
> 
> It tried to access something slightly offset from 0x0, which indicated to me
it
> was trying to get a member of a nullptr.

I'm more concerned about the lack of a test case or repro steps. The fix lgtm,
but I'm just wondering whether there's any hope of getting a regression test
here.

[tommycli, 2015-05-13 20:53:21]

On 2015/05/13 19:50:36, Nate Chapin wrote:
> On 2015/05/12 22:36:07, tommycli wrote:
> > On 2015/05/12 22:27:21, Nate Chapin wrote:
> > > Do we have anything at all to go on as to how this is happening?
> > 
> > Mostly a guess from looking at the crash reports:
> > 
> > Thread 0 CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x0000000c]MAGIC
SIGNATURE
> > THREAD
> > 
> >
>
https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.ptype%3D%...
> > 
> > It tried to access something slightly offset from 0x0, which indicated to me
> it
> > was trying to get a member of a nullptr.
> 
> I'm more concerned about the lack of a test case or repro steps. The fix lgtm,
> but I'm just wondering whether there's any hope of getting a regression test
> here.

Hmm. I see what you're saying. I don't know much about this area of the code.
I'm +ccing pdr on the bug, as he might know more about this.

[tommycli, 2015-05-13 20:53:26]

The CQ bit was checked by tommycli@chromium.org

[commit-bot: I haz the power, 2015-05-13 20:53:45]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1139983002/1

[tommycli, 2015-05-13 20:54:22]

pdr: Do you know what may have caused this / if we could build a regression
test?

I'm fixing the symptom in this patch, but I'm not sure what the root cause is.

Thanks!

[commit-bot: I haz the power, 2015-05-14 00:29:44]

Committed patchset #1 (id:1) as
https://src.chromium.org/viewvc/blink?view=rev&revision=195331

[pdr., 2015-05-19 22:06:28]

On 2015/05/13 at 20:54:22, tommycli wrote:
> pdr: Do you know what may have caused this / if we could build a regression
test?
> 
> I'm fixing the symptom in this patch, but I'm not sure what the root cause is.
> 
> Thanks!

(Sorry for the slow reply--been away in Sydney at Blinkon)

I was never able to find a repro for this, nor determine the root cause :(