Add connected-paranoia in SVGElement::UpdateRelativeLengthsInformation

Add connected-paranoia in SVGElement::UpdateRelativeLengthsInformation

When (animated attribute) mutations are trigger by a 'id' change (via
an IdTargetObserver), relative lengths state may be revalidated while
the element are in the process of being removed from the document, but
has not yet been marked as such. If relative length state is updated in
such a case, the |elements_with_relative_lengths_| set could end up in
an inconsistent state.
Instead of only relying on the connected bit of the current element,
also check all the ancestors to make sure.

BUG=705200
Review-Url: https://codereview.chromium.org/2817913002
Cr-Commit-Position: refs/heads/master@{#464408}
Committed: https://chromium.googlesource.com/chromium/src/+/9fb4d73eca12f0a247bf8b2c36e8d347f272354a

[fs, 2017-04-13 11:49:47]

The CQ bit was checked by fs@opera.com to run a CQ dry run

[commit-bot: I haz the power, 2017-04-13 11:50:03]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[fs, 2017-04-13 13:11:09]

fs@opera.com changed reviewers:
+ pdr@chromium.org, schenney@chromium.org

[fs, 2017-04-13 13:11:11]

https://codereview.chromium.org/2817913002/diff/1/third_party/WebKit/Source/c...
File third_party/WebKit/Source/core/svg/SVGElement.cpp (right):

https://codereview.chromium.org/2817913002/diff/1/third_party/WebKit/Source/c...
third_party/WebKit/Source/core/svg/SVGElement.cpp:538: // Through an unfortunate
chain of events, we can end up calling this while a
My plan for a way to better address this is crbug.com/709437.

[commit-bot: I haz the power, 2017-04-13 13:28:05]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-04-13 13:28:06]

Dry run: This issue passed the CQ dry run.

[Stephen Chennney, 2017-04-13 14:45:42]

In effect we're doubling the time spent walking the tree through ancestors.
That's probably not too bad, and if performance regresses I suppose you could
build a list of ancestors that are SVGElement in the first walk and then process
the list.

lgtm

[fs, 2017-04-13 14:48:13]

The CQ bit was checked by fs@opera.com

[commit-bot: I haz the power, 2017-04-13 14:48:41]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-04-13 15:18:08]

CQ is committing da patch.

Bot data: {"patchset_id": 1, "attempt_start_ts": 1492094893650480, "parent_rev":
"2d3892d948b084bc87d55e87f9e9745df77b8fc4", "commit_rev":
"9fb4d73eca12f0a247bf8b2c36e8d347f272354a"}

[commit-bot: I haz the power, 2017-04-13 15:19:11]

Description was changed from

==========
Add connected-paranoia in SVGElement::UpdateRelativeLengthsInformation

When (animated attribute) mutations are trigger by a 'id' change (via
an IdTargetObserver), relative lengths state may be revalidated while
the element are in the process of being removed from the document, but
has not yet been marked as such. If relative length state is updated in
such a case, the |elements_with_relative_lengths_| set could end up in
an inconsistent state.
Instead of only relying on the connected bit of the current element,
also check all the ancestors to make sure.

BUG=705200
==========

to

==========
Add connected-paranoia in SVGElement::UpdateRelativeLengthsInformation

When (animated attribute) mutations are trigger by a 'id' change (via
an IdTargetObserver), relative lengths state may be revalidated while
the element are in the process of being removed from the document, but
has not yet been marked as such. If relative length state is updated in
such a case, the |elements_with_relative_lengths_| set could end up in
an inconsistent state.
Instead of only relying on the connected bit of the current element,
also check all the ancestors to make sure.

BUG=705200

Review-Url: https://codereview.chromium.org/2817913002
Cr-Commit-Position: refs/heads/master@{#464408}
Committed:
https://chromium.googlesource.com/chromium/src/+/9fb4d73eca12f0a247bf8b2c36e8...
==========

[commit-bot: I haz the power, 2017-04-13 15:19:11]

Committed patchset #1 (id:1) as
https://chromium.googlesource.com/chromium/src/+/9fb4d73eca12f0a247bf8b2c36e8...