DescriptionRevert of Don't check for layout in a canvas if it it's already needed (patchset #3 id:40001 of https://codereview.chromium.org/828163002/)
Reason for revert:
Speculative revert for crashes on WinXP bots. See crbug.com/446834
I will re-land if this does not fix the crashes.
Original issue's description:
> Don't check for layout in a canvas if it it's already needed
>
> In this clusterfuzz test case a float is deleted but its entry in the floating
> objects list of a sibling renderer is accessed before layout has had time to
> remove reference to it. The read attempt pre-empts layout because the change in
> zoom factor prompts the canvas renderer to recompute its width/height to check
> if layout is required. If layout is already required this isn't necessary and,
> what's more, if layout is already required it may be because renderer(s) in its
> floating object list have been deleted and aren't safe to access while computing
> offset as part of the width calculations.
>
> So return early when the check for layout is unnecessary and may even crash.
>
> BUG=445285
>
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=187935
TBR=dsinclair@chromium.org,inferno@chromium.org,jchaffraix@chromium.org,jshin@chromium.org,pdr@chromium.org,robhogan@gmail.com
NOTREECHECKS=true
NOTRY=true
BUG=445285
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=187981
Patch Set 1 #
Created: 5 years, 11 months ago
(Patch set is too large to download)
Messages
Total messages: 5 (0 generated)
|