Issue 490473003: Defer call to updateWidgetPositions() outside of RenderLayerScrollableArea.

Issue 490473003: Defer call to updateWidgetPositions() outside of RenderLayerScrollableArea. (Closed)

Created:
6 years, 4 months ago by hartmanng

Modified:
6 years, 4 months ago

Reviewers:
Ian Vollick

CC:
blink-layers+watch_chromium.org, blink-reviews, blink-reviews-rendering, eae+blinkwatch, jchaffraix+rendering, leviw+renderwatch, pdr., rune+blink, zoltan1

Base URL:
svn://svn.chromium.org/blink/trunk

Project:
blink

Visibility:
Public.

More Reviews

Description

Defer call to updateWidgetPositions() outside of RenderLayerScrollableArea. updateWidgetPositions() can destroy the render tree, so it should never be called from inside RenderLayerScrollableArea. Leaving it there allows for the potential of use-after-free bugs. BUG=402407 R=vollick@chromium.org Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=180681

Patch Set 1 #

Patch Set 2 : add layout test #

Patch Set 3 : remove release-assert #

Total comments: 5

Patch Set 4 : fix style #

Patch Set 5 : doctype #

Created: 6 years, 4 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+93 lines, -4 lines)			Patch
A	LayoutTests/compositing/overflow/do-not-crash-use-after-free-update-widget-positions.html	View	1 2 3 4	1 chunk	+60 lines, -0 lines	0 comments	Download
A	LayoutTests/compositing/overflow/do-not-crash-use-after-free-update-widget-positions-expected.txt	View	1 2 3	1 chunk	+2 lines, -0 lines	0 comments	Download
A	LayoutTests/compositing/overflow/resources/do-not-crash-use-after-free-update-widget-positions.svg	View	1 2 3	1 chunk	+7 lines, -0 lines	0 comments	Download
A	LayoutTests/compositing/overflow/resources/do-not-crash-use-after-free-update-widget-positions-iframe.html	View	1 2 3	1 chunk	+4 lines, -0 lines	0 comments	Download
M	Source/core/frame/FrameView.h	View		3 chunks	+6 lines, -0 lines	0 comments	Download
M	Source/core/frame/FrameView.cpp	View		3 chunks	+13 lines, -0 lines	0 comments	Download
M	Source/core/rendering/RenderLayerScrollableArea.cpp	View	1 2	1 chunk	+1 line, -4 lines	0 comments	Download

Messages

Total messages: 20 (0 generated)

Expand Messages | Collapse Messages

Ian Vollick

On 2014/08/19 at 20:37:37, hartmanng wrote: > This change seems quite straightforward and reasonable, but ...

6 years, 4 months ago (2014-08-19 21:07:10 UTC) #2

hartmanng

On 2014/08/19 21:07:10, vollick wrote: > On 2014/08/19 at 20:37:37, hartmanng wrote: > > > ...

6 years, 4 months ago (2014-08-20 15:33:10 UTC) #3

Ian Vollick

lgtm. Thanks for the test! https://codereview.chromium.org/490473003/diff/40001/LayoutTests/compositing/overflow/resources/do-not-crash-use-after-free-update-widget-positions-iframe.html File LayoutTests/compositing/overflow/resources/do-not-crash-use-after-free-update-widget-positions-iframe.html (right): https://codereview.chromium.org/490473003/diff/40001/LayoutTests/compositing/overflow/resources/do-not-crash-use-after-free-update-widget-positions-iframe.html#newcode1 LayoutTests/compositing/overflow/resources/do-not-crash-use-after-free-update-widget-positions-iframe.html:1: <html> DOCTYPE, and probably ...

6 years, 4 months ago (2014-08-20 17:42:59 UTC) #4

hartmanng

Thanks! https://codereview.chromium.org/490473003/diff/40001/LayoutTests/compositing/overflow/resources/do-not-crash-use-after-free-update-widget-positions-iframe.html File LayoutTests/compositing/overflow/resources/do-not-crash-use-after-free-update-widget-positions-iframe.html (right): https://codereview.chromium.org/490473003/diff/40001/LayoutTests/compositing/overflow/resources/do-not-crash-use-after-free-update-widget-positions-iframe.html#newcode1 LayoutTests/compositing/overflow/resources/do-not-crash-use-after-free-update-widget-positions-iframe.html:1: <html> On 2014/08/20 17:42:59, vollick wrote: > DOCTYPE, ...

6 years, 4 months ago (2014-08-20 17:59:50 UTC) #5