Bug 100455 - [Shadow]: removing styles in shadow dom subtree causes crash.
Summary: [Shadow]: removing styles in shadow dom subtree causes crash.
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Takashi Sakamoto
URL:
Keywords:
: 100246 (view as bug list)
Depends on:
Blocks: 88606
  Show dependency treegraph
 
Reported: 2012-10-25 21:32 PDT by Takashi Sakamoto
Modified: 2012-10-26 04:43 PDT (History)
7 users (show)

See Also:

Attachments
repro.html (398 bytes, text/html)
2012-10-25 21:32 PDT, Takashi Sakamoto 		no flags Details
Patch (7.63 KB, patch)
2012-10-25 23:17 PDT, Takashi Sakamoto 		no flags Details | Formatted Diff | Diff
Patch (11.25 KB, patch)
2012-10-26 01:09 PDT, Takashi Sakamoto 		no flags Details | Formatted Diff | Diff
Patch (12.55 KB, patch)
2012-10-26 01:33 PDT, Takashi Sakamoto 		no flags Details | Formatted Diff | Diff
Patch (10.50 KB, patch)
2012-10-26 02:16 PDT, Takashi Sakamoto 		no flags Details | Formatted Diff | Diff
Patch (11.03 KB, patch)
2012-10-26 02:57 PDT, Takashi Sakamoto 		no flags Details | Formatted Diff | Diff
Show Obsolete (4) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Takashi Sakamoto 2012-10-25 21:32:14 PDT 
Created attachment 170806 [details]
repro.html

The bug 100246, https://bugs.webkit.org/show_bug.cgi?id=100246, has already reported this as "The new test fast/dom/shadow/athost-atrules.html is crashing on our debug bot".

If shadow root has more than two styles and the styles are not direct children of the shadow root, removing the styles causes crashing. For example,

<#shadow-root>
   <div>
       <style>span { color: red; }</style>
       <span>Hello</span>
   </div>
   <div>
       <style>.world { color: blue; } </style>
        <span class="world">World</span>
   </div>
</#shadow-root>

So when removing <style>s (e.g. do shadowroot.innerHTML="" or something), chrome/DumpRenderTree crashes.
Comment 1 Takashi Sakamoto 2012-10-25 23:17:11 PDT 
Created attachment 170824 [details]
Patch
Comment 2 Takashi Sakamoto 2012-10-26 01:09:49 PDT 
Created attachment 170843 [details]
Patch
Comment 3 Early Warning System Bot 2012-10-26 01:20:26 PDT 
Comment on attachment 170843 [details]
Patch

Attachment 170843 [details] did not pass qt-ews (qt):
Output: http://queues.webkit.org/results/14543994
Comment 4 Early Warning System Bot 2012-10-26 01:20:54 PDT 
Comment on attachment 170843 [details]
Patch

Attachment 170843 [details] did not pass qt-wk2-ews (qt):
Output: http://queues.webkit.org/results/14564934
Comment 5 Takashi Sakamoto 2012-10-26 01:33:19 PDT 
Created attachment 170847 [details]
Patch
Comment 6 Build Bot 2012-10-26 02:06:17 PDT 
Comment on attachment 170847 [details]
Patch

Attachment 170847 [details] did not pass win-ews (win):
Output: http://queues.webkit.org/results/14572026
Comment 7 Takashi Sakamoto 2012-10-26 02:16:23 PDT 
Created attachment 170854 [details]
Patch
Comment 8 Takashi Sakamoto 2012-10-26 02:57:45 PDT 
Created attachment 170861 [details]
Patch
Comment 9 Takashi Sakamoto 2012-10-26 03:58:30 PDT 
*** Bug 100246 has been marked as a duplicate of this bug. ***
Comment 10 WebKit Review Bot 2012-10-26 04:43:10 PDT 
Comment on attachment 170861 [details]
Patch

Clearing flags on attachment: 170861

Committed r132621: <http://trac.webkit.org/changeset/132621>
Comment 11 WebKit Review Bot 2012-10-26 04:43:14 PDT 
All reviewed patches have been landed.  Closing bug.