Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2317483005:
Clear LifecycleObserver::m_context when LifecycleObserver::contextDestroyed gets called (Closed)
DescriptionClear LifecycleObserver::m_context when LifecycleObserver::contextDestroyed gets called
This CL clears LifecycleObserver::m_context when LifecycleObserver::contextDestroyed gets called.
This means that LifecycleObserver::context() starts returning false after the context gets destroyed.
The new behavior makes a lot of more sense, but the problem is that some existing code is assuming that
LifecycleObserver::context() keeps returning the context even after the context gets destroyed.
This CL fixed the problematic code to make all layout tests pass, but I'm not sure if I've updated all of the problematic code
(because the coverage of the layout tests is not sufficient).
However, the worst thing that can happen is that code that had been assuming that LifecycleObserver::context()
returns a context even after the context gets destroyed will stop working (it may cause a null-deref crash).
I think the risk is low.
BUG=610176
Committed: https://crrev.com/b729a998b05ec916731171d59de95e0aea31bbac
Cr-Commit-Position: refs/heads/master@{#419951}
Patch Set 1 #Patch Set 2 : temp #Patch Set 3 : temp #Patch Set 4 : temp #Patch Set 5 : temp #Patch Set 6 : temp #Patch Set 7 : temp #Patch Set 8 : temp #Patch Set 9 : temp #Patch Set 10 : temp #Patch Set 11 : temp #
Total comments: 1
Messages
Total messages: 60 (46 generated)
The CQ bit was checked by haraken@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: cast_shell_android on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/cast_shell_a...)
The CQ bit was checked by haraken@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: chromeos_x86-generic_chromium_compile_only_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromeos_x86-ge...)
The CQ bit was checked by haraken@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: cast_shell_android on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/cast_shell_a...) linux_chromium_chromeos_ozone_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by haraken@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: cast_shell_linux on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/cast_shell_linu...)
The CQ bit was checked by haraken@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
The CQ bit was checked by haraken@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)
The CQ bit was checked by haraken@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_chromeos_ozone_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by haraken@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)
The CQ bit was checked by haraken@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by haraken@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
Description was changed from ========== Clear LifecycleObserver::m_context when the context gets destroyed BUG= ========== to ========== Clear LifecycleObserver::m_context when LifecycleObserver::contextDestroyed gets called This CL clears LifecycleObserver::m_context when LifecycleObserver::contextDestroyed gets called. This means that LifecycleObserver::context() starts returning false after the context gets destroyed. The new behavior makes a lot of more sense, but the problem is that some existing code is assuming that LifecycleObserver::context() keeps returning the context even after the context gets destroyed. This CL fixed the problematic code to make all layout tests pass, but I'm not sure if I've updated all of the problematic code (because the coverage of the layout tests is not sufficient). However, the worst thing that can happen is that code that had been assuming that LifecycleObserver::context() returns a context even after the context gets destroyed will stop working (it may cause a null-deref crash). I think the risk is low. BUG=610176 ==========
haraken@chromium.org changed reviewers: + dcheng@chromium.org
PTAL I'll send a PSA before landing this CL because it may cause null-deref crashes (which I'll fix asap once I receive crash reports).
https://codereview.chromium.org/2317483005/diff/200001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp (right): https://codereview.chromium.org/2317483005/diff/200001/third_party/WebKit/Sou... third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp:654: throwForLoadFailureIfNeeded(exceptionState, "Document is already detached."); Is this something required by the spec? I read https://xhr.spec.whatwg.org/#the-send()-method, and I don't see any reference to this.
On 2016/09/16 22:49:52, dcheng wrote: > https://codereview.chromium.org/2317483005/diff/200001/third_party/WebKit/Sou... > File third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp (right): > > https://codereview.chromium.org/2317483005/diff/200001/third_party/WebKit/Sou... > third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp:654: > throwForLoadFailureIfNeeded(exceptionState, "Document is already detached."); > Is this something required by the spec? I read > https://xhr.spec.whatwg.org/#the-send()-method, and I don't see any reference to > this. Yeah, I couldn't find any description in the spec either. However, the throwForLoadFailureIfNeeded is needed to pass fast/xmlhttprequest/xmlhttprequest-detached-mixedcontent-no-crash.html. The behavior also matches what Firefox does. In any case, it's needed to keep the existing behavior.
On 2016/09/16 23:41:18, haraken wrote: > On 2016/09/16 22:49:52, dcheng wrote: > > > https://codereview.chromium.org/2317483005/diff/200001/third_party/WebKit/Sou... > > File third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp (right): > > > > > https://codereview.chromium.org/2317483005/diff/200001/third_party/WebKit/Sou... > > third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp:654: > > throwForLoadFailureIfNeeded(exceptionState, "Document is already detached."); > > Is this something required by the spec? I read > > https://xhr.spec.whatwg.org/#the-send()-method, and I don't see any reference > to > > this. > > Yeah, I couldn't find any description in the spec either. > > However, the throwForLoadFailureIfNeeded is needed to pass > fast/xmlhttprequest/xmlhttprequest-detached-mixedcontent-no-crash.html. The > behavior also matches what Firefox does. In any case, it's needed to keep the > existing behavior. What happens if we don't call this? The old code just returned false in this case, I thought?
On 2016/09/17 00:17:41, dcheng wrote: > On 2016/09/16 23:41:18, haraken wrote: > > On 2016/09/16 22:49:52, dcheng wrote: > > > > > > https://codereview.chromium.org/2317483005/diff/200001/third_party/WebKit/Sou... > > > File third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp > (right): > > > > > > > > > https://codereview.chromium.org/2317483005/diff/200001/third_party/WebKit/Sou... > > > third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp:654: > > > throwForLoadFailureIfNeeded(exceptionState, "Document is already > detached."); > > > Is this something required by the spec? I read > > > https://xhr.spec.whatwg.org/#the-send()-method, and I don't see any > reference > > to > > > this. > > > > Yeah, I couldn't find any description in the spec either. > > > > However, the throwForLoadFailureIfNeeded is needed to pass > > fast/xmlhttprequest/xmlhttprequest-detached-mixedcontent-no-crash.html. The > > behavior also matches what Firefox does. In any case, it's needed to keep the > > existing behavior. > > What happens if we don't call this? The old code just returned false in this > case, I thought? PS9 does this, and fast/xmlhttprequest/xmlhttprequest-detached-mixedcontent-no-crash.html fails.
OK, I see, this used to error out inside createRequest(), but that doesn't work because we'll crash before we get there now. LGTM
Description was changed from ========== Clear LifecycleObserver::m_context when LifecycleObserver::contextDestroyed gets called This CL clears LifecycleObserver::m_context when LifecycleObserver::contextDestroyed gets called. This means that LifecycleObserver::context() starts returning false after the context gets destroyed. The new behavior makes a lot of more sense, but the problem is that some existing code is assuming that LifecycleObserver::context() keeps returning the context even after the context gets destroyed. This CL fixed the problematic code to make all layout tests pass, but I'm not sure if I've updated all of the problematic code (because the coverage of the layout tests is not sufficient). However, the worst thing that can happen is that code that had been assuming that LifecycleObserver::context() returns a context even after the context gets destroyed will stop working (it may cause a null-deref crash). I think the risk is low. BUG=610176 ========== to ========== Clear LifecycleObserver::m_context when LifecycleObserver::contextDestroyed gets called This CL clears LifecycleObserver::m_context when LifecycleObserver::contextDestroyed gets called. This means that LifecycleObserver::context() starts returning false after the context gets destroyed. The new behavior makes a lot of more sense, but the problem is that some existing code is assuming that LifecycleObserver::context() keeps returning the context even after the context gets destroyed. This CL fixed the problematic code to make all layout tests pass, but I'm not sure if I've updated all of the problematic code (because the coverage of the layout tests is not sufficient). However, the worst thing that can happen is that code that had been assuming that LifecycleObserver::context() returns a context even after the context gets destroyed will stop working (it may cause a null-deref crash). I think the risk is low. BUG=610176 ==========
The CQ bit was checked by haraken@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Message was sent while issue was closed.
Description was changed from ========== Clear LifecycleObserver::m_context when LifecycleObserver::contextDestroyed gets called This CL clears LifecycleObserver::m_context when LifecycleObserver::contextDestroyed gets called. This means that LifecycleObserver::context() starts returning false after the context gets destroyed. The new behavior makes a lot of more sense, but the problem is that some existing code is assuming that LifecycleObserver::context() keeps returning the context even after the context gets destroyed. This CL fixed the problematic code to make all layout tests pass, but I'm not sure if I've updated all of the problematic code (because the coverage of the layout tests is not sufficient). However, the worst thing that can happen is that code that had been assuming that LifecycleObserver::context() returns a context even after the context gets destroyed will stop working (it may cause a null-deref crash). I think the risk is low. BUG=610176 ========== to ========== Clear LifecycleObserver::m_context when LifecycleObserver::contextDestroyed gets called This CL clears LifecycleObserver::m_context when LifecycleObserver::contextDestroyed gets called. This means that LifecycleObserver::context() starts returning false after the context gets destroyed. The new behavior makes a lot of more sense, but the problem is that some existing code is assuming that LifecycleObserver::context() keeps returning the context even after the context gets destroyed. This CL fixed the problematic code to make all layout tests pass, but I'm not sure if I've updated all of the problematic code (because the coverage of the layout tests is not sufficient). However, the worst thing that can happen is that code that had been assuming that LifecycleObserver::context() returns a context even after the context gets destroyed will stop working (it may cause a null-deref crash). I think the risk is low. BUG=610176 ==========
Message was sent while issue was closed.
Committed patchset #11 (id:200001)
Message was sent while issue was closed.
Description was changed from ========== Clear LifecycleObserver::m_context when LifecycleObserver::contextDestroyed gets called This CL clears LifecycleObserver::m_context when LifecycleObserver::contextDestroyed gets called. This means that LifecycleObserver::context() starts returning false after the context gets destroyed. The new behavior makes a lot of more sense, but the problem is that some existing code is assuming that LifecycleObserver::context() keeps returning the context even after the context gets destroyed. This CL fixed the problematic code to make all layout tests pass, but I'm not sure if I've updated all of the problematic code (because the coverage of the layout tests is not sufficient). However, the worst thing that can happen is that code that had been assuming that LifecycleObserver::context() returns a context even after the context gets destroyed will stop working (it may cause a null-deref crash). I think the risk is low. BUG=610176 ========== to ========== Clear LifecycleObserver::m_context when LifecycleObserver::contextDestroyed gets called This CL clears LifecycleObserver::m_context when LifecycleObserver::contextDestroyed gets called. This means that LifecycleObserver::context() starts returning false after the context gets destroyed. The new behavior makes a lot of more sense, but the problem is that some existing code is assuming that LifecycleObserver::context() keeps returning the context even after the context gets destroyed. This CL fixed the problematic code to make all layout tests pass, but I'm not sure if I've updated all of the problematic code (because the coverage of the layout tests is not sufficient). However, the worst thing that can happen is that code that had been assuming that LifecycleObserver::context() returns a context even after the context gets destroyed will stop working (it may cause a null-deref crash). I think the risk is low. BUG=610176 Committed: https://crrev.com/b729a998b05ec916731171d59de95e0aea31bbac Cr-Commit-Position: refs/heads/master@{#419951} ==========
Message was sent while issue was closed.
Patchset 11 (id:??) landed as https://crrev.com/b729a998b05ec916731171d59de95e0aea31bbac Cr-Commit-Position: refs/heads/master@{#419951}
Message was sent while issue was closed.
Looks like this CL causes webkit_tests to fail on Linux https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Leak/b... https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Leak/b... Any ideas?
Message was sent while issue was closed.
On 2016/09/21 04:20:20, loyso wrote: > Looks like this CL causes webkit_tests to fail on Linux > https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Leak/b... > https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Leak/b... > Any ideas? Looking
Message was sent while issue was closed.
On 2016/09/21 04:29:51, haraken wrote: > On 2016/09/21 04:20:20, loyso wrote: > > Looks like this CL causes webkit_tests to fail on Linux > > > https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Leak/b... > > > https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Leak/b... > > Any ideas? > > Looking Landing a fix: https://codereview.chromium.org/2357833002/
Message was sent while issue was closed.
On 2016/09/21 04:40:47, haraken wrote: > Landing a fix: https://codereview.chromium.org/2357833002/ Thanks for the prompt fix!
Message was sent while issue was closed.
A revert of this CL (patchset #11 id:200001) has been created in https://codereview.chromium.org/2365463004/ by dcheng@chromium.org. The reason for reverting is: Speculatively reverting for https://crbug.com/649272. |
