Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(234)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 837233002: Revert of Revert of Don't check for layout in a canvas if it it's already needed (Closed)

Created:
5 years, 11 months ago by Justin Novosad
Modified:
5 years, 11 months ago
CC:
blink-reviews, blink-reviews-rendering, Dominik Röttsches, eae+blinkwatch, jchaffraix+rendering, leviw+renderwatch, pdr+renderingwatchlist_chromium.org, zoltan1
Target Ref:
refs/heads/master
Project:
blink
Visibility:
Public.

Description

Revert of Revert of Don't check for layout in a canvas if it it's already needed (patchset #1 id:1 of https://codereview.chromium.org/810943003/) Reason for revert: Speculative revert did not fix crbug.com/446834 Original issue's description: > Revert of Don't check for layout in a canvas if it it's already needed (patchset #3 id:40001 of https://codereview.chromium.org/828163002/) > > Reason for revert: > Speculative revert for crashes on WinXP bots. See crbug.com/446834 > I will re-land if this does not fix the crashes. > > Original issue's description: > > Don't check for layout in a canvas if it it's already needed > > > > In this clusterfuzz test case a float is deleted but its entry in the floating > > objects list of a sibling renderer is accessed before layout has had time to > > remove reference to it. The read attempt pre-empts layout because the change in > > zoom factor prompts the canvas renderer to recompute its width/height to check > > if layout is required. If layout is already required this isn't necessary and, > > what's more, if layout is already required it may be because renderer(s) in its > > floating object list have been deleted and aren't safe to access while computing > > offset as part of the width calculations. > > > > So return early when the check for layout is unnecessary and may even crash. > > > > BUG=445285 > > > > Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=187935 > > TBR=dsinclair@chromium.org,inferno@chromium.org,jchaffraix@chromium.org,jshin@chromium.org,pdr@chromium.org,robhogan@gmail.com > NOTREECHECKS=true > NOTRY=true > BUG=445285 > > Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=187981 TBR=dsinclair@chromium.org,inferno@chromium.org,jchaffraix@chromium.org,jshin@chromium.org,pdr@chromium.org,robhogan@gmail.com NOTREECHECKS=true NOTRY=true BUG=445285 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=187985

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+33 lines, -2 lines) Patch
A LayoutTests/fast/block/crash-when-element-becomes-positioned-and-doesnt-clear-floating-objects.html View 1 chunk +24 lines, -0 lines 0 comments Download
A LayoutTests/fast/block/crash-when-element-becomes-positioned-and-doesnt-clear-floating-objects-expected.txt View 1 chunk +5 lines, -0 lines 0 comments Download
M Source/core/rendering/RenderHTMLCanvas.cpp View 1 chunk +4 lines, -2 lines 0 comments Download

Messages

Total messages: 3 (0 generated)
Justin Novosad
Created Revert of Revert of Don't check for layout in a canvas if it it's ...
5 years, 11 months ago (2015-01-07 18:07:23 UTC) #1
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/837233002/1
5 years, 11 months ago (2015-01-07 18:07:42 UTC) #2
commit-bot: I haz the power
5 years, 11 months ago (2015-01-07 18:08:10 UTC) #3
Message was sent while issue was closed. 
Committed patchset #1 (id:1) as
https://src.chromium.org/viewvc/blink?view=rev&revision=187985

Powered by Google App Engine
This is Rietveld 408576698