102576 – REGRESSION(r134817): Broke iframes and causing tons of crashes on ClusterFuzz (Requested by inferno-sec on #webkit).

RESOLVED FIXED 102576

REGRESSION(r134817): Broke iframes and causing tons of crashes on ClusterFuzz (Requested by inferno-sec on #webkit).

https://bugs.webkit.org/show_bug.cgi?id=102576

Summary REGRESSION(r134817): Broke iframes and causing tons of crashes on ClusterFuzz...

WebKit Review Bot

Reported 2012-11-16 18:31:08 PST

http://trac.webkit.org/changeset/134817 broke the build: Broke iframes and causing tons of crashes on ClusterFuzz (Requested by inferno-sec on #webkit). This is an automatic bug report generated by the sheriff-bot. If this bug report was created because of a flaky test, please file a bug for the flaky test (if we don't already have one on file) and dup this bug against that bug so that we can track how often these flaky tests case pain. "Only you can prevent forest fires." -- Smokey the Bear

Attachments
ROLLOUT of r134817 (10.90 KB, patch) 2012-11-16 18:31 PST, WebKit Review Bot	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

WebKit Review Bot

Comment 1 2012-11-16 18:31:50 PST

Created attachment 174792 [details] ROLLOUT of r134817 Any committer can land this patch automatically by marking it commit-queue+. The commit-queue will build and test the patch before landing to ensure that the rollout will be successful. This process takes approximately 15 minutes. If you would like to land the rollout faster, you can use the following command: webkit-patch land-attachment ATTACHMENT_ID where ATTACHMENT_ID is the ID of this attachment.

Elliott Sprehn

Comment 2 2012-11-16 18:37:18 PST

Note that iframes still work properly, the issue is malformed HTML and adoption agency algorithm which moves the frame around without unloading it first. This is because ContainerNode::parserRemoveChild doesn't do frame disconnection. We should override HTMLFrameOwnerElement::removedFrom() to walk up the tree and decrement the counters if the contentFrame() is still set.

Abhishek Arya

Comment 3 2012-11-16 18:52:27 PST

Comment on attachment 174792 [details] ROLLOUT of r134817 Elliot knows the patch to fix this and plans to put it up Monday.

WebKit Review Bot

Comment 4 2012-11-16 18:53:18 PST

Comment on attachment 174792 [details] ROLLOUT of r134817 Clearing flags on attachment: 174792 Committed r135030: <http://trac.webkit.org/changeset/135030>

WebKit Review Bot

Comment 5 2012-11-16 18:53:21 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

WebKit Review Bot

Reported

2012-11-16 18:31 PST

Modified

2012-11-16 18:53 PST History

CC List

2 users Show

URL

Keywords

Depends on

Blocks

101821

Dependencies

tree graph