Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(206)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1313443003: Fix crash when removing stylesheets from shadow tree. (Closed)

Created:
5 years, 4 months ago by rune
Modified:
5 years, 4 months ago
Reviewers:
esprehn
CC:
darktears, apavlov+blink_chromium.org, blink-reviews, blink-reviews-css, blink-reviews-dom_chromium.org, blink-reviews-style_chromium.org, dglazkov+blink, eae+blinkwatch, rwlbuis, sof
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Target Ref:
refs/heads/master
Project:
blink
Visibility:
Public.

Description

Fix crash when removing stylesheets from shadow tree. The added sheets passed into StyleSheetInvalidationAnalysis may either be added or removed. When they are removed style elements from a shadow tree, the style element may no longer have a containingShadowRoot if the element has already been removed. That caused a crash when the containingShadowRoot was accessed without a nullptr check. Instead of deducing the scope from the style element, pass the stylesheet collection TreeScope to the analysis object. The m_scopingNodes, which is probably a left-over from <style scoped> has been removed. Now, the shadow tree root node, or outermost shadow host if ::content rules makes that necessary, is always marked sub-tree dirty. The previous code-path could trigger id/class invalidation of separate elements when the stylesheet contents had multiple owner nodes, but that was most likely wrong if it could ever happen. BUG=522860 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=201058

Patch Set 1 #

Total comments: 6

Patch Set 2 : Addressed review issues and added test. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+109 lines, -34 lines) Patch
A LayoutTests/fast/css/invalidation/shadow-add-sheet-content.html View 1 1 chunk +43 lines, -0 lines 0 comments Download
A LayoutTests/fast/css/invalidation/shadow-add-sheet-content-expected.txt View 1 1 chunk +12 lines, -0 lines 0 comments Download
A LayoutTests/fast/dom/shadow/remove-styles-in-shadow-crash-3.html View 1 chunk +18 lines, -0 lines 0 comments Download
A LayoutTests/fast/dom/shadow/remove-styles-in-shadow-crash-3-expected.txt View 1 chunk +3 lines, -0 lines 0 comments Download
M Source/core/css/invalidation/StyleSheetInvalidationAnalysis.h View 1 chunk +7 lines, -4 lines 0 comments Download
M Source/core/css/invalidation/StyleSheetInvalidationAnalysis.cpp View 1 4 chunks +24 lines, -28 lines 0 comments Download
M Source/core/dom/TreeScopeStyleSheetCollection.cpp View 1 chunk +2 lines, -2 lines 0 comments Download

Messages

Total messages: 20 (9 generated)
commit-bot: I haz the power
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1313443003/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1313443003/1
5 years, 4 months ago (2015-08-23 14:20:57 UTC) #2
rune
5 years, 4 months ago (2015-08-23 14:24:45 UTC) #3
esprehn
lgtm w/ fixes. https://codereview.chromium.org/1313443003/diff/1/Source/core/css/invalidation/StyleSheetInvalidationAnalysis.cpp File Source/core/css/invalidation/StyleSheetInvalidationAnalysis.cpp (right): https://codereview.chromium.org/1313443003/diff/1/Source/core/css/invalidation/StyleSheetInvalidationAnalysis.cpp#newcode180 Source/core/css/invalidation/StyleSheetInvalidationAnalysis.cpp:180: static ContainerNode* outermostShadowHost(const ShadowRoot& root) Do ...
5 years, 4 months ago (2015-08-23 15:34:52 UTC) #5
commit-bot: I haz the power
Dry run: Try jobs failed on following builders: linux_android_rel_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_android_rel_ng/builds/59631)
5 years, 4 months ago (2015-08-23 18:47:33 UTC) #7
rune
https://codereview.chromium.org/1313443003/diff/1/Source/core/css/invalidation/StyleSheetInvalidationAnalysis.cpp File Source/core/css/invalidation/StyleSheetInvalidationAnalysis.cpp (right): https://codereview.chromium.org/1313443003/diff/1/Source/core/css/invalidation/StyleSheetInvalidationAnalysis.cpp#newcode180 Source/core/css/invalidation/StyleSheetInvalidationAnalysis.cpp:180: static ContainerNode* outermostShadowHost(const ShadowRoot& root) On 2015/08/23 15:34:51, esprehn ...
5 years, 4 months ago (2015-08-23 20:21:47 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1313443003/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1313443003/20001
5 years, 4 months ago (2015-08-23 20:22:42 UTC) #11
commit-bot: I haz the power
Try jobs failed on following builders: mac_chromium_rel_ng on tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_ng/builds/102866)
5 years, 4 months ago (2015-08-23 22:02:16 UTC) #13
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1313443003/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1313443003/20001
5 years, 4 months ago (2015-08-23 22:19:54 UTC) #15
commit-bot: I haz the power
Try jobs failed on following builders: mac_chromium_rel_ng on tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_ng/builds/102874)
5 years, 4 months ago (2015-08-23 23:45:49 UTC) #17
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1313443003/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1313443003/20001
5 years, 4 months ago (2015-08-24 10:38:45 UTC) #19
commit-bot: I haz the power
5 years, 4 months ago (2015-08-24 11:32:57 UTC) #20
Message was sent while issue was closed. 
Committed patchset #2 (id:20001) as
https://src.chromium.org/viewvc/blink?view=rev&revision=201058

Powered by Google App Engine
This is Rietveld 408576698