/[blink]
Chromium logo

Revision 185598


Jump to revision: Previous Next
Author: kochi@chromium.org
Date: Wed Nov 19 14:47:23 2014 UTC (8 years, 6 months ago)
Changed paths: 6
Log Message:
Fix lifespan of ScopedStyleResolver

When a Shadow Tree is moved between different documents
(e.g. document <-> iframe), ScopedStyleResolver can remain
registered from its original document, which can result in
duplicate registration and possibly cause double-free etc.

This CL fixes it by clearing a shadow tree's
ScopedStyleResolver when the ShadowRoot is removed.

BUG=427249
TEST=pass the new layout test

Review URL: https://codereview.chromium.org/721103002

Changed paths

Path Details
Directorytrunk/LayoutTests/fast/dom/StyleSheet/resources/stylesheet-move-iframe1.xml added
Directorytrunk/LayoutTests/fast/dom/StyleSheet/resources/stylesheet-move-iframe2.html added
Directorytrunk/LayoutTests/fast/dom/StyleSheet/stylesheet-move-between-documents-crash-expected.txt
(Copied from trunk/LayoutTests/web-animations-api/element-animate-position-crash-expected.txt, r185597)
added
Directorytrunk/LayoutTests/fast/dom/StyleSheet/stylesheet-move-between-documents-crash.html added
Directorytrunk/Source/core/css/resolver/StyleResolver.cpp modified , text changed
Directorytrunk/Source/core/dom/shadow/ShadowRoot.cpp modified , text changed

Properties

Name Value
commit-bot commit-bot@chromium.org

Powered by ViewVC 1.1.26 ViewVC Help