http://trac.webkit.org/changeset/134817 broke the build: Broke iframes and causing tons of crashes on ClusterFuzz (Requested by inferno-sec on #webkit). This is an automatic bug report generated by the sheriff-bot. If this bug report was created because of a flaky test, please file a bug for the flaky test (if we don't already have one on file) and dup this bug against that bug so that we can track how often these flaky tests case pain. "Only you can prevent forest fires." -- Smokey the Bear
Created attachment 174792 [details] ROLLOUT of r134817 Any committer can land this patch automatically by marking it commit-queue+. The commit-queue will build and test the patch before landing to ensure that the rollout will be successful. This process takes approximately 15 minutes. If you would like to land the rollout faster, you can use the following command: webkit-patch land-attachment ATTACHMENT_ID where ATTACHMENT_ID is the ID of this attachment.
Note that iframes still work properly, the issue is malformed HTML and adoption agency algorithm which moves the frame around without unloading it first. This is because ContainerNode::parserRemoveChild doesn't do frame disconnection. We should override HTMLFrameOwnerElement::removedFrom() to walk up the tree and decrement the counters if the contentFrame() is still set.
Comment on attachment 174792 [details] ROLLOUT of r134817 Elliot knows the patch to fix this and plans to put it up Monday.
Comment on attachment 174792 [details] ROLLOUT of r134817 Clearing flags on attachment: 174792 Committed r135030: <http://trac.webkit.org/changeset/135030>
All reviewed patches have been landed. Closing bug.