Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(347)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 185403016: Oilpan: Use weak pointers in StyleSheetContents caches. (Closed)

Created:
6 years, 9 months ago by Mads Ager (chromium)
Modified:
6 years, 9 months ago
CC:
blink-reviews, sof, eae+blinkwatch, ed+blinkwatch_opera.com, dglazkov+blink, apavlov+blink_chromium.org, adamk+blink_chromium.org, darktears, rune+blink, Inactive, rwlbuis, oilpan-reviews
Visibility:
Public.

Description

Oilpan: Use weak pointers in StyleSheetContents caches. This fixes use-after-free that could occur when StyleSheetContents dies when an allocation happens during insertion of a new StyleSheetContents. Using the built-in weak processing this will not happen because the iterator used during insertion will keep the StyleSheetContents alive. R=erik.corry@gmail.com, haraken@chromium.org, vegorov@chromium.org NOTRY=true Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=168444

Patch Set 1 #

Total comments: 5

Patch Set 2 : Fix compilation #

Unified diffs Side-by-side diffs Delta from patch set Stats (+17 lines, -7 lines) Patch
M Source/core/css/StyleSheetContents.cpp View 1 chunk +1 line, -1 line 0 comments Download
M Source/core/dom/StyleEngine.cpp View 1 3 chunks +16 lines, -6 lines 0 comments Download

Messages

Total messages: 18 (0 generated)
Mads Ager (chromium)
6 years, 9 months ago (2014-03-04 13:47:58 UTC) #1
Vyacheslav Egorov (Chromium)
lgtm
6 years, 9 months ago (2014-03-04 13:50:53 UTC) #2
haraken
LGTM
6 years, 9 months ago (2014-03-04 13:55:32 UTC) #3
Mads Ager (chromium)
The CQ bit was checked by ager@chromium.org
6 years, 9 months ago (2014-03-04 13:56:18 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/ager@chromium.org/185403016/1
6 years, 9 months ago (2014-03-04 13:56:33 UTC) #5
zerny-chromium
lgtm https://codereview.chromium.org/185403016/diff/1/Source/core/dom/StyleEngine.cpp File Source/core/dom/StyleEngine.cpp (right): https://codereview.chromium.org/185403016/diff/1/Source/core/dom/StyleEngine.cpp#newcode57 Source/core/dom/StyleEngine.cpp:57: static WillBeHeapHashMap<AtomicString, RawPtrWillBeWeakMember<StyleSheetContents> >& textToSheetCache() Nit: use the ...
6 years, 9 months ago (2014-03-04 13:59:45 UTC) #6
Mads Ager (chromium)
https://codereview.chromium.org/185403016/diff/1/Source/core/dom/StyleEngine.cpp File Source/core/dom/StyleEngine.cpp (right): https://codereview.chromium.org/185403016/diff/1/Source/core/dom/StyleEngine.cpp#newcode57 Source/core/dom/StyleEngine.cpp:57: static WillBeHeapHashMap<AtomicString, RawPtrWillBeWeakMember<StyleSheetContents> >& textToSheetCache() On 2014/03/04 13:59:46, zerny-chromium ...
6 years, 9 months ago (2014-03-04 14:03:33 UTC) #7
Erik Corry
lgtm https://codereview.chromium.org/185403016/diff/1/Source/core/dom/StyleEngine.cpp File Source/core/dom/StyleEngine.cpp (right): https://codereview.chromium.org/185403016/diff/1/Source/core/dom/StyleEngine.cpp#newcode61 Source/core/dom/StyleEngine.cpp:61: DEFINE_STATIC_LOCAL(Persistent<TextToSheetCache>, cache, (new TextToSheetCache)); I think in another ...
6 years, 9 months ago (2014-03-04 14:09:27 UTC) #8
Mads Ager (chromium)
https://codereview.chromium.org/185403016/diff/1/Source/core/dom/StyleEngine.cpp File Source/core/dom/StyleEngine.cpp (right): https://codereview.chromium.org/185403016/diff/1/Source/core/dom/StyleEngine.cpp#newcode61 Source/core/dom/StyleEngine.cpp:61: DEFINE_STATIC_LOCAL(Persistent<TextToSheetCache>, cache, (new TextToSheetCache)); On 2014/03/04 14:09:27, Erik Corry ...
6 years, 9 months ago (2014-03-04 14:13:36 UTC) #9
commit-bot: I haz the power
The CQ bit was unchecked by commit-bot@chromium.org
6 years, 9 months ago (2014-03-04 15:02:10 UTC) #10
commit-bot: I haz the power
Retried try job too often on linux_blink_rel for step(s) blink_heap_unittests, blink_platform_unittests, webkit_lint, webkit_python_tests, webkit_tests, webkit_unit_tests, ...
6 years, 9 months ago (2014-03-04 15:02:10 UTC) #11
Mads Ager (chromium)
The CQ bit was checked by ager@chromium.org
6 years, 9 months ago (2014-03-04 15:19:48 UTC) #12
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/ager@chromium.org/185403016/10001
6 years, 9 months ago (2014-03-04 15:19:56 UTC) #13
Mads Ager (chromium)
The CQ bit was unchecked by ager@chromium.org
6 years, 9 months ago (2014-03-05 07:50:17 UTC) #14
Mads Ager (chromium)
The CQ bit was checked by ager@chromium.org
6 years, 9 months ago (2014-03-05 07:50:40 UTC) #15
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/ager@chromium.org/185403016/10001
6 years, 9 months ago (2014-03-05 07:51:57 UTC) #16
commit-bot: I haz the power
Change committed as 168444
6 years, 9 months ago (2014-03-05 07:53:32 UTC) #17
Mads Ager (chromium)
6 years, 9 months ago (2014-03-05 09:37:18 UTC) #18
Message was sent while issue was closed. 
A revert of this CL has been created in
https://codereview.chromium.org/187473003/ by ager@chromium.org.

The reason for reverting is: This patch seems to have made a number of layout
tests fail on the oilpan bots. Reverting while I investigate..

Powered by Google App Engine
This is Rietveld 408576698