Bug 17654 - CSSRuleSet::~CSSRuleSet() ownership rules are error prone
Summary: CSSRuleSet::~CSSRuleSet() ownership rules are error prone
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.5
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-03-03 14:38 PST by Eric Seidel (no email)
Modified: 2008-03-03 15:11 PST (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Eric Seidel (no email) 2008-03-03 14:38:16 PST 
CSSRuleSet::~CSSRuleSet() ownership rules are error prone

I saw a crash last night (sadly, I can't seem to find the crash log!) where ~CSSRuleSet()  was deleting values underneath recalcStyleSelector.  Looking @ ~CSSRuleSet()  this morning, the ownership rules for the various rulesets seems error prone.

We should find a way to either refcount these CSSRuleDataList objects, or to make them so that they are created by the CSSRuleSet and never owned by anyone else, or some other model where by none of these rule set maps could ever point to the same CSSRuleDataList object, or whereby anyone else could ever incorrectly delete a CSSRuleDataList.

If I'm able to reproduce the crash or find the darn crash log, I'll post it here.

This bug is NOT about the crash however, it's about the design of CSSRuleSet and its interaction with CSSRuleDataList.
Comment 1 Eric Seidel (no email) 2008-03-03 14:56:40 PST 
Actually, I was misinformed.  CSSRuleDataList are only ever created inside CSSRuleSet(), not yet sure how one could have already been deleted during ~CSSRuleSet()... investigating.
Comment 2 Eric Seidel (no email) 2008-03-03 15:11:10 PST 
Ok, I think this bug is bogus.  I understand the system better now.  I'm not sure the crash I saw would have had anything to do with this class.