Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1006)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 49093005: Fix memory error during selector matching due to getMatchedCSSRules. (Closed)

Created:
7 years, 1 month ago by ojan
Modified:
7 years, 1 month ago
Reviewers:
esprehn, eseidel
CC:
blink-reviews, devtools-reviews_chromium.org, caseq+blink_chromium.org, loislo+blink_chromium.org, eustas+blink_chromium.org, alph+blink_chromium.org, yurys+blink_chromium.org, lushnikov+blink_chromium.org, vsevik+blink_chromium.org, pfeldman+blink_chromium.org, dglazkov+blink, paulirish+reviews_chromium.org, apavlov+blink_chromium.org, darktears, aandrey+blink_chromium.org
Visibility:
Public.

Description

Fix memory error during selector matching due to getMatchedCSSRules. The issue is that getMatchedCSSRules wasn't correctly pointing at its parent stylesheet, which meant that it didn't mark the style resolver as changed when it's selectorText was updated. This in turn meant that we had two RuleDatas for a rule that now only had one selector (i.e. it should only have one RuleData) and we'd try to access the selector at and index that didn't exist. Instead, when creating the CSSOM wrappers for getMatchedCSSRules, find the stylesheet corresponding to each rule and register the wrapper appropriately with it. We still need to leave in the codepath for lacking a sheet because we won't file a stylesheet for rules that are not CSSStyleRules (e.g. @import). We also leave in the lacking a sheet codepath for the inspector and editing. I'm not convinced the inspector code is correct, but this patch at least fixes the error that is accessible from JS. The editing code really shouldn't be creating CSSOM wrappers. BUG=297976 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=160879

Patch Set 1 #

Total comments: 2

Patch Set 2 : stop calling willMutateRules #

Total comments: 7

Patch Set 3 : address review comments #

Unified diffs Side-by-side diffs Delta from patch set Stats (+138 lines, -16 lines) Patch
LayoutTests/fast/css/get-matched-css-rules-set-selector-text.html View 1 chunk +13 lines, -0 lines 0 comments Download
LayoutTests/fast/css/get-matched-css-rules-set-selector-text-expected.html View 1 chunk +7 lines, -0 lines 0 comments Download
Source/core/core.gypi View 1 1 chunk +1 line, -0 lines 0 comments Download
Source/core/css/CSSStyleSheet.h View 1 3 chunks +8 lines, -1 line 0 comments Download
Source/core/css/CSSStyleSheet.cpp View 1 2 5 chunks +42 lines, -2 lines 0 comments Download
Source/core/css/ElementRuleCollector.h View 4 chunks +5 lines, -1 line 0 comments Download
Source/core/css/ElementRuleCollector.cpp View 1 5 chunks +38 lines, -3 lines 0 comments Download
Source/core/css/resolver/StyleResolver.h View 2 chunks +3 lines, -2 lines 0 comments Download
Source/core/css/resolver/StyleResolver.cpp View 1 2 chunks +4 lines, -4 lines 0 comments Download
Source/core/css/resolver/StyleResolverIncludes.h View 1 chunk +13 lines, -0 lines 0 comments Download
Source/core/inspector/InspectorCSSAgent.cpp View 1 2 chunks +4 lines, -3 lines 0 comments Download

Messages

Total messages: 14 (0 generated)
ojan
7 years, 1 month ago (2013-10-28 20:37:16 UTC) #1
esprehn
lgtm, but I think you want to move that call to the end of the ...
7 years, 1 month ago (2013-10-28 23:54:08 UTC) #2
ojan
https://codereview.chromium.org/49093005/diff/1/Source/core/css/ElementRuleCollector.cpp File Source/core/css/ElementRuleCollector.cpp (right): https://codereview.chromium.org/49093005/diff/1/Source/core/css/ElementRuleCollector.cpp#newcode215 Source/core/css/ElementRuleCollector.cpp:215: sheet->didMutateRules(); On 2013/10/28 23:54:08, esprehn wrote: > I think ...
7 years, 1 month ago (2013-10-28 23:59:58 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/ojan@chromium.org/49093005/1
7 years, 1 month ago (2013-10-29 00:00:23 UTC) #4
commit-bot: I haz the power
Retried try job too often on linux_blink_rel for step(s) webkit_tests http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=linux_blink_rel&number=10074
7 years, 1 month ago (2013-10-29 01:21:41 UTC) #5
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/ojan@chromium.org/49093005/1
7 years, 1 month ago (2013-10-29 01:27:09 UTC) #6
ojan
Ugh. I'm an idiot. Surprised only one test caught this. didMutateRules invalidates the StyleRules that ...
7 years, 1 month ago (2013-10-29 01:39:37 UTC) #7
ojan
Back to the drawing board on this whole approach.
7 years, 1 month ago (2013-10-29 01:39:53 UTC) #8
ojan
OK. Take 3. Calling willMutateRules/didMutateRules during rule matching is not safe. Instead, make update the ...
7 years, 1 month ago (2013-10-29 19:58:53 UTC) #9
ojan
On 2013/10/29 19:58:53, ojan wrote: > OK. Take 3. Calling willMutateRules/didMutateRules during rule matching is ...
7 years, 1 month ago (2013-10-29 19:59:05 UTC) #10
esprehn
lgtm, I'd return a const ref though instead. https://codereview.chromium.org/49093005/diff/240001/Source/core/css/CSSStyleSheet.cpp File Source/core/css/CSSStyleSheet.cpp (right): https://codereview.chromium.org/49093005/diff/240001/Source/core/css/CSSStyleSheet.cpp#newcode122 Source/core/css/CSSStyleSheet.cpp:122: m_extraChildRuleCSSOMWrappers[i]->setParentStyleSheet(0); ...
7 years, 1 month ago (2013-10-29 20:08:44 UTC) #11
ojan
https://codereview.chromium.org/49093005/diff/240001/Source/core/css/CSSStyleSheet.cpp File Source/core/css/CSSStyleSheet.cpp (right): https://codereview.chromium.org/49093005/diff/240001/Source/core/css/CSSStyleSheet.cpp#newcode122 Source/core/css/CSSStyleSheet.cpp:122: m_extraChildRuleCSSOMWrappers[i]->setParentStyleSheet(0); On 2013/10/29 20:08:44, esprehn wrote: > braces are ...
7 years, 1 month ago (2013-10-29 20:35:14 UTC) #12
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/ojan@chromium.org/49093005/310001
7 years, 1 month ago (2013-10-29 20:53:47 UTC) #13
commit-bot: I haz the power
7 years, 1 month ago (2013-10-29 23:56:40 UTC) #14
Message was sent while issue was closed. 
Change committed as 160879

Powered by Google App Engine
This is Rietveld 408576698