RESOLVED FIXED 167011
FrameView shouldn't keep dangling pointers into dead render trees. 
https://bugs.webkit.org/show_bug.cgi?id=167011
Summary FrameView shouldn't keep dangling pointers into dead render trees.
Andreas Kling
Reported 2017-01-13 11:14:41 PST
I added some assertions that all the RenderFoo* pointers in FrameView were gone after a render tree teardown and they caught a bunch of errors.
Attachments
Patch for EWS (2.78 KB, patch)
2017-01-13 11:21 PST, Andreas Kling 		no flags
DetailsFormatted DiffDiff
Patch for EWS II (3.83 KB, patch)
2017-01-13 14:36 PST, Andreas Kling 		no flags
DetailsFormatted DiffDiff
Patch for EWS III (4.78 KB, patch)
2017-01-13 22:24 PST, Andreas Kling 		no flags
DetailsFormatted DiffDiff
Patch (6.58 KB, patch)
2017-01-14 21:49 PST, Andreas Kling 		koivisto: review+
buildbot: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ews117 for mac-elcapitan (1.81 MB, application/zip)
2017-01-14 23:10 PST, Build Bot 		no flags
Details
Patch for landing (6.84 KB, patch)
2017-01-15 02:13 PST, Andreas Kling 		no flags
DetailsFormatted DiffDiff
Show Obsolete (5) View All Add attachment proposed patch, testcase, etc.
Andreas Kling
Comment 1 2017-01-13 11:21:36 PST
Created attachment 298772 [details] Patch for EWS
Andreas Kling
Comment 2 2017-01-13 14:36:36 PST
Created attachment 298788 [details] Patch for EWS II
Andreas Kling
Comment 3 2017-01-13 22:24:43 PST
Created attachment 298848 [details] Patch for EWS III Also check for composite animations getting destroyed.
Andreas Kling
Comment 4 2017-01-14 21:49:00 PST
Created attachment 298886 [details] Patch
WebKit Commit Bot
Comment 5 2017-01-14 21:50:30 PST
Attachment 298886 [details] did not pass style-queue: ERROR: Source/WebCore/ChangeLog:3: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: dangling pointer, dangling pointer [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 7 files If any of these errors are false positives, please file a bug against check-webkit-style.
Darin Adler
Comment 6 2017-01-14 22:34:16 PST
Comment on attachment 298886 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=298886&action=review > Source/WebCore/ChangeLog:25 > + (WebCore::AnimationController::hasAnimations): Added a helper do check if there are "do" -> "to" --- "doh!"
Build Bot
Comment 7 2017-01-14 23:10:18 PST
Comment on attachment 298886 [details] Patch Attachment 298886 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/2892252 New failing tests: fast/css/getComputedStyle/getComputedStyle-background-shorthand.html
Build Bot
Comment 8 2017-01-14 23:10:24 PST
Created attachment 298889 [details] Archive of layout-test-results from ews117 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews117 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Andreas Kling
Comment 9 2017-01-15 02:13:06 PST
Created attachment 298897 [details] Patch for landing
WebKit Commit Bot
Comment 10 2017-01-15 02:49:11 PST
Comment on attachment 298897 [details] Patch for landing Clearing flags on attachment: 298897 Committed r210777: <http://trac.webkit.org/changeset/210777>
WebKit Commit Bot
Comment 11 2017-01-15 02:49:17 PST
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 12 2017-01-25 07:45:41 PST
<rdar://problem/30186526>
Simon Fraser (smfr)
Comment 13 2017-01-25 07:46:19 PST
*** Bug 167295 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.