Bug 167011 - FrameView shouldn't keep dangling pointers into dead render trees.
Summary: FrameView shouldn't keep dangling pointers into dead render trees.
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Andreas Kling
URL:
Keywords: InRadar
: 167295 (view as bug list)
Depends on:
Blocks:
 
Reported: 2017-01-13 11:14 PST by Andreas Kling
Modified: 2017-01-25 07:46 PST (History)
12 users (show)

See Also:


Attachments
Patch for EWS (2.78 KB, patch)
2017-01-13 11:21 PST, Andreas Kling
no flags Details | Formatted Diff | Diff
Patch for EWS II (3.83 KB, patch)
2017-01-13 14:36 PST, Andreas Kling
no flags Details | Formatted Diff | Diff
Patch for EWS III (4.78 KB, patch)
2017-01-13 22:24 PST, Andreas Kling
no flags Details | Formatted Diff | Diff
Patch (6.58 KB, patch)
2017-01-14 21:49 PST, Andreas Kling
koivisto: review+
buildbot: commit-queue-
Details | Formatted Diff | Diff
Archive of layout-test-results from ews117 for mac-elcapitan (1.81 MB, application/zip)
2017-01-14 23:10 PST, Build Bot
no flags Details
Patch for landing (6.84 KB, patch)
2017-01-15 02:13 PST, Andreas Kling
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Kling 2017-01-13 11:14:41 PST
I added some assertions that all the RenderFoo* pointers in FrameView were gone after a render tree teardown and they caught a bunch of errors.
Comment 1 Andreas Kling 2017-01-13 11:21:36 PST
Created attachment 298772 [details]
Patch for EWS
Comment 2 Andreas Kling 2017-01-13 14:36:36 PST
Created attachment 298788 [details]
Patch for EWS II
Comment 3 Andreas Kling 2017-01-13 22:24:43 PST
Created attachment 298848 [details]
Patch for EWS III

Also check for composite animations getting destroyed.
Comment 4 Andreas Kling 2017-01-14 21:49:00 PST
Created attachment 298886 [details]
Patch
Comment 5 WebKit Commit Bot 2017-01-14 21:50:30 PST
Attachment 298886 [details] did not pass style-queue:


ERROR: Source/WebCore/ChangeLog:3:  Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: dangling pointer, dangling pointer  [changelog/unwantedsecurityterms] [3]
Total errors found: 1 in 7 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 6 Darin Adler 2017-01-14 22:34:16 PST
Comment on attachment 298886 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=298886&action=review

> Source/WebCore/ChangeLog:25
> +        (WebCore::AnimationController::hasAnimations): Added a helper do check if there are

"do" -> "to" --- "doh!"
Comment 7 Build Bot 2017-01-14 23:10:18 PST
Comment on attachment 298886 [details]
Patch

Attachment 298886 [details] did not pass mac-debug-ews (mac):
Output: http://webkit-queues.webkit.org/results/2892252

New failing tests:
fast/css/getComputedStyle/getComputedStyle-background-shorthand.html
Comment 8 Build Bot 2017-01-14 23:10:24 PST
Created attachment 298889 [details]
Archive of layout-test-results from ews117 for mac-elcapitan

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews117  Port: mac-elcapitan  Platform: Mac OS X 10.11.6
Comment 9 Andreas Kling 2017-01-15 02:13:06 PST
Created attachment 298897 [details]
Patch for landing
Comment 10 WebKit Commit Bot 2017-01-15 02:49:11 PST
Comment on attachment 298897 [details]
Patch for landing

Clearing flags on attachment: 298897

Committed r210777: <http://trac.webkit.org/changeset/210777>
Comment 11 WebKit Commit Bot 2017-01-15 02:49:17 PST
All reviewed patches have been landed.  Closing bug.
Comment 12 Radar WebKit Bug Importer 2017-01-25 07:45:41 PST
<rdar://problem/30186526>
Comment 13 Simon Fraser (smfr) 2017-01-25 07:46:19 PST
*** Bug 167295 has been marked as a duplicate of this bug. ***