Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(397)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2084913005: Revert of Make previousLinePosition() not to use dangling RootInlineBox (Closed)

Created:
4 years, 6 months ago by dgozman
Modified:
4 years, 6 months ago
Reviewers:
yoichio, yosin_UTC9
CC:
blink-reviews, chromium-reviews, tfarina
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Revert of Make previousLinePosition() not to use dangling RootInlineBox (patchset #1 id:1 of https://codereview.chromium.org/2082893005/ ) Reason for revert: New test editing/selection/modify_move/move_backward_line_import_crash.html fails on WebKit Linux MSAN. Dashboard: https://test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=editing%2Fselection%2Fmodify_move%2Fmove_backward_line_import_crash.html&testType=webkit_tests First failed build: https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20MSAN/builds/10718 Original issue's description: > Make previousLinePosition() not to use dangling RootInlineBox > > This patch makes |previousLinePosition()| not to use dangling |RootInlineBox| > pointer to avoid use-after-free. > > Before this patch, |isEditablePosition()| is called with |DoUpdateStyle| > parameter to update layout tree if needed. Usually, layout tree isn't updated > by this |isEditablePosition()| call since |previousLinePosition()| updates > layout tree at entry. However, if there are pending style sheet, e.g. @import > directive, and HTML import, e.g link rel=import, layout tree is updated since > document isn't rendering ready, |haveImportLoaded()| && > |haveRenderBlockingStyleSheetsLoaded()|. > > BUG=618237 > TEST=LayoutTests/editing/selection/modify_move/move_backward_line_import_crash.html > > Committed: https://crrev.com/fb81c66590538c2487a34b8623066a22d0b27dff > Cr-Commit-Position: refs/heads/master@{#401231} TBR=yoichio@chromium.org,yosin@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=618237 Committed: https://crrev.com/f60b4eb00abc12a1fa2575890f7c77b373a1bedc Cr-Commit-Position: refs/heads/master@{#401319}

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+1 line, -29 lines) Patch
D third_party/WebKit/LayoutTests/editing/selection/modify_move/move_backward_line_import_crash.html View 1 chunk +0 lines, -28 lines 0 comments Download
M third_party/WebKit/Source/core/editing/VisibleUnits.cpp View 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 7 (3 generated)
dgozman
Created Revert of Make previousLinePosition() not to use dangling RootInlineBox
4 years, 6 months ago (2016-06-22 17:08:54 UTC) #2
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/2084913005/1
4 years, 6 months ago (2016-06-22 17:09:26 UTC) #3
commit-bot: I haz the power
Committed patchset #1 (id:1)
4 years, 6 months ago (2016-06-22 17:11:11 UTC) #5
commit-bot: I haz the power
4 years, 6 months ago (2016-06-22 17:13:41 UTC) #7
Message was sent while issue was closed. 
Patchset 1 (id:??) landed as
https://crrev.com/f60b4eb00abc12a1fa2575890f7c77b373a1bedc
Cr-Commit-Position: refs/heads/master@{#401319}

Powered by Google App Engine
This is Rietveld 408576698