Bug 120479 - Possible dangling CachedResourceClient of StyleRuleImport and XSLImportRule
Summary: Possible dangling CachedResourceClient of StyleRuleImport and XSLImportRule
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Leo Yang
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-08-29 10:41 PDT by Leo Yang
Modified: 2013-08-30 09:39 PDT (History)
8 users (show)

See Also:

Attachments
Patch (3.41 KB, patch)
2013-08-29 10:58 PDT, Leo Yang 		no flags Details | Formatted Diff | Diff
Patch v2 (3.46 KB, patch)
2013-08-30 07:01 PDT, Leo Yang 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Leo Yang 2013-08-29 10:41:34 PDT 
In StyleRuleImport::requestStyleSheet() and XSLImportRule::loadSheet() we don't call removeClient() for m_cachedSheet before assign m_cachedSheet a new value. This could leave *this* as a client of the old cached sheet and dangling after *this* is deleted.
Comment 1 Leo Yang 2013-08-29 10:58:03 PDT 
Created attachment 210003 [details]
Patch
Comment 2 Darin Adler 2013-08-29 11:58:01 PDT 
Comment on attachment 210003 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=210003&action=review

Fix looks good, but needs a test or an explanation of why there is no test.

> Source/WebCore/ChangeLog:14
> +        No functionalities changed no new tests.

This fixes a bug. It’s not right to say “no functionalities changed”. I am guessing you noticed the bug by code inspection. Once you knew the bug existed, did you try to make a test case? Why were you unable to do so? The comment here should address those questions, rather than incorrectly saying that nothing was changed.
Comment 3 Leo Yang 2013-08-29 12:07:41 PDT 
Comment on attachment 210003 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=210003&action=review

>> Source/WebCore/ChangeLog:14
>> +        No functionalities changed no new tests.
> 
> This fixes a bug. It’s not right to say “no functionalities changed”. I am guessing you noticed the bug by code inspection. Once you knew the bug existed, did you try to make a test case? Why were you unable to do so? The comment here should address those questions, rather than incorrectly saying that nothing was changed.

Yes I found the bug by code inspection. I tried to make a test case but I don't know how I can manipulate import rules by Javascript. Is there a way to do that or should I just say no way to test it automatically?
Comment 4 Leo Yang 2013-08-30 07:01:28 PDT 
Created attachment 210102 [details]
Patch v2
Comment 5 Darin Adler 2013-08-30 09:16:01 PDT 
Comment on attachment 210102 [details]
Patch v2

View in context: https://bugs.webkit.org/attachment.cgi?id=210102&action=review

> Source/WebCore/ChangeLog:14
> +        Found by code inspection. Seems no way to test it automatically.

I don’t think we should give up on figuring out what the actual symptom of this is. I suspect eventually we could come up with a way to test it.
Comment 6 WebKit Commit Bot 2013-08-30 09:38:59 PDT 
Comment on attachment 210102 [details]
Patch v2

Clearing flags on attachment: 210102

Committed r154889: <http://trac.webkit.org/changeset/154889>
Comment 7 WebKit Commit Bot 2013-08-30 09:39:01 PDT 
All reviewed patches have been landed.  Closing bug.