Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(82)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/css/resolver/StyleResolver.cpp

Issue 1556963002: Avoid crash when updating stylesheets during a remove operation. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/fast/css/remove-stylesheet-from-shadow-form-crash-expected.txt ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 2004-2005 Allan Sandfeld Jensen (kde@carewolf.com) 3 * (C) 2004-2005 Allan Sandfeld Jensen (kde@carewolf.com)
4 * Copyright (C) 2006, 2007 Nicholas Shanks (webkit@nickshanks.com) 4 * Copyright (C) 2006, 2007 Nicholas Shanks (webkit@nickshanks.com)
5 * Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Apple Inc. All rights reserved. 5 * Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Apple Inc. All rights reserved.
6 * Copyright (C) 2007 Alexey Proskuryakov <ap@webkit.org> 6 * Copyright (C) 2007 Alexey Proskuryakov <ap@webkit.org>
7 * Copyright (C) 2007, 2008 Eric Seidel <eric@webkit.org> 7 * Copyright (C) 2007, 2008 Eric Seidel <eric@webkit.org>
8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) 8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)
9 * Copyright (c) 2011, Code Aurora Forum. All rights reserved. 9 * Copyright (c) 2011, Code Aurora Forum. All rights reserved.
10 * Copyright (C) Research In Motion Limited 2011. All rights reserved. 10 * Copyright (C) Research In Motion Limited 2011. All rights reserved.
(...skipping 187 matching lines...) Expand 10 before | Expand all | Expand 10 after
198 { 198 {
199 ASSERT(!cssSheet.disabled()); 199 ASSERT(!cssSheet.disabled());
200 ASSERT(cssSheet.ownerDocument()); 200 ASSERT(cssSheet.ownerDocument());
201 ASSERT(cssSheet.ownerNode()); 201 ASSERT(cssSheet.ownerNode());
202 ASSERT(isHTMLStyleElement(cssSheet.ownerNode()) || isSVGStyleElement(cssShee t.ownerNode()) || cssSheet.ownerNode()->treeScope() == cssSheet.ownerDocument()) ; 202 ASSERT(isHTMLStyleElement(cssSheet.ownerNode()) || isSVGStyleElement(cssShee t.ownerNode()) || cssSheet.ownerNode()->treeScope() == cssSheet.ownerDocument()) ;
203 203
204 if (cssSheet.mediaQueries() && !m_medium->eval(cssSheet.mediaQueries(), &m_v iewportDependentMediaQueryResults)) 204 if (cssSheet.mediaQueries() && !m_medium->eval(cssSheet.mediaQueries(), &m_v iewportDependentMediaQueryResults))
205 return; 205 return;
206 206
207 TreeScope* treeScope = &cssSheet.ownerNode()->treeScope(); 207 TreeScope* treeScope = &cssSheet.ownerNode()->treeScope();
208 // TODO(rune@opera.com): This is a workaround for crbug.com/559292
209 // when we're in the middle of removing a subtree with a style element
210 // and the treescope has been changed but inDocument and isInShadowTree
211 // are not.
212 //
213 // This check can be removed when crbug.com/567021 is fixed.
214 if (cssSheet.ownerNode()->isInShadowTree() && treeScope->rootNode().isDocume ntNode())
215 return;
216
208 // Sheets in the document scope of HTML imports apply to the main document 217 // Sheets in the document scope of HTML imports apply to the main document
209 // (m_document), so we override it for all document scoped sheets. 218 // (m_document), so we override it for all document scoped sheets.
210 if (treeScope->rootNode().isDocumentNode()) 219 if (treeScope->rootNode().isDocumentNode())
211 treeScope = m_document; 220 treeScope = m_document;
212 treeScope->ensureScopedStyleResolver().appendCSSStyleSheet(cssSheet, *m_medi um); 221 treeScope->ensureScopedStyleResolver().appendCSSStyleSheet(cssSheet, *m_medi um);
213 } 222 }
214 223
215 void StyleResolver::appendPendingAuthorStyleSheets() 224 void StyleResolver::appendPendingAuthorStyleSheets()
216 { 225 {
217 for (const auto& styleSheet : m_pendingStyleSheets) 226 for (const auto& styleSheet : m_pendingStyleSheets)
(...skipping 1338 matching lines...) Expand 10 before | Expand all | Expand 10 after
1556 visitor->trace(m_uncommonAttributeRuleSet); 1565 visitor->trace(m_uncommonAttributeRuleSet);
1557 visitor->trace(m_watchedSelectorsRules); 1566 visitor->trace(m_watchedSelectorsRules);
1558 visitor->trace(m_treeBoundaryCrossingScopes); 1567 visitor->trace(m_treeBoundaryCrossingScopes);
1559 visitor->trace(m_styleSharingLists); 1568 visitor->trace(m_styleSharingLists);
1560 visitor->trace(m_pendingStyleSheets); 1569 visitor->trace(m_pendingStyleSheets);
1561 visitor->trace(m_document); 1570 visitor->trace(m_document);
1562 #endif 1571 #endif
1563 } 1572 }
1564 1573
1565 } // namespace blink 1574 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/fast/css/remove-stylesheet-from-shadow-form-crash-expected.txt ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698