Issue 465593003: Merge 178976 "Call insertedInto or removedFrom before childrenCh..."

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 465593003: Merge 178976 "Call insertedInto or removedFrom before childrenCh..." (Closed)

Created:
6 years, 4 months ago by esprehn

Modified:
6 years, 4 months ago

Reviewers:
esprehn

CC:
blink-reviews, blink-reviews-dom_chromium.org, blink-reviews-html_chromium.org, dglazkov+blink, eae+blinkwatch, rwlbuis, sof

Base URL:
svn://svn.chromium.org/blink/branches/chromium/2062/

Project:
blink

Visibility:
Public.

More Reviews

Description

Merge 178976 "Call insertedInto or removedFrom before childrenCh..." > Call insertedInto or removedFrom before childrenChanged > > We must notify nodes that they were removed before calling childrenChanged > because childrenChanged could run script. If don't then the script can remove > the parent and then Element::removedFrom doesn't think the parent is > inTreeScope or inDocument so it'll fail to clean up the TreeScope hash maps > like the id map. > > I tried this once before for a different reason in: > https://src.chromium.org/viewvc/blink?revision=175732&view=revision > but that got rolled out because it caused crashes http://crbug.com/382160 > > By looking at the code it appears that the reason for this is that > m_element in the WebPluginContainerImpl is a raw ptr, and so nothing is > keeping the element alive inside the UpdateSuspendScope. In this patch > I didn't remove the NodeVector, a future patch will attempt to do that. > > Unfortunately even when I did remove the NodeVector I couldn't reproduce > the crashes mentioned in the bug, but by code inspection and the crash > stacks it appears to be the situation I described. > > BUG=387389 > > Review URL: https://codereview.chromium.org/418133003 TBR=esprehn@chromium.org

Patch Set 1 #

Created: 6 years, 4 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+35 lines, -16 lines)			Patch
A +	LayoutTests/fast/dom/script-remove-child-id-map.html	View	0 chunks	+-1 lines, --1 lines	0 comments	Download
A +	LayoutTests/fast/dom/script-remove-child-id-map-expected.txt	View	0 chunks	+-1 lines, --1 lines	0 comments	Download
M	Source/core/dom/ContainerNode.cpp	View	8 chunks	+29 lines, -18 lines	0 comments	Download
M	Source/core/html/HTMLOptionElement.cpp	View	1 chunk	+8 lines, -0 lines	0 comments	Download

Messages

Total messages: 2 (0 generated)

Expand Messages | Collapse Messages

esprehn

6 years, 4 months ago (2014-08-12 23:16:19 UTC) #2

Landed as http://src.chromium.org/viewvc/blink?view=revision&revision=180117

Expand Messages | Collapse Messages