RESOLVED FIXED 177603
Use smart pointers for creating, adding and removing renderers 
https://bugs.webkit.org/show_bug.cgi?id=177603
Summary Use smart pointers for creating, adding and removing renderers
Antti Koivisto
Reported 2017-09-28 07:29:36 PDT
RenderPtr everywhere.
Attachments
patch (136.44 KB, patch)
2017-09-28 07:30 PDT, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
patch (136.42 KB, patch)
2017-09-28 07:52 PDT, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
patch (136.04 KB, patch)
2017-09-29 02:07 PDT, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
patch (146.39 KB, patch)
2017-09-29 06:51 PDT, Antti Koivisto 		zalan: review+
commit-queue: commit-queue-
DetailsFormatted DiffDiff
patch (146.29 KB, patch)
2017-09-29 23:05 PDT, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Antti Koivisto
Comment 1 2017-09-28 07:30:01 PDT
Created attachment 322080 [details] patch
Antti Koivisto
Comment 2 2017-09-28 07:52:25 PDT
Created attachment 322083 [details] patch
Brent Fulgham
Comment 3 2017-09-28 09:01:55 PDT
Yes, please! :-)
zalan
Comment 4 2017-09-28 10:11:25 PDT
Comment on attachment 322083 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=322083&action=review > Source/WebCore/rendering/RenderBlock.cpp:815 > + auto toBeDeleted = parent.removeChildInternal(child, child.hasLayer() ? NotifyChildren : DontNotifyChildren); I am a bit worried about the potential UAF errors this introduces. (takeInternal might make it less error prone) ... RenderObject* nextSibling = child.nextSibling(); ... // We need to scope here because of reasons. { reasonForScoping(); ... parent.removeChildInternal(child); ... } child.deleteLines(); > Source/WebCore/rendering/RenderGrid.cpp:71 > + auto& child = baseAddChild<RenderBlock>(WTFMove(newChild), beforeChild); I wish there was a better way to write this. I am sure we'll see problems like the moved newChild used later accidentally (I know this is a general problem, the only reason I am picking on this is because newChild is an argument). I've run into problems like this in the past.
Antti Koivisto
Comment 5 2017-09-28 13:42:25 PDT
> I am a bit worried about the potential UAF errors this introduces. > (takeInternal might make it less error prone) One thing we can do is to use an annotation to make compiler warns on unused return value.
zalan
Comment 6 2017-09-28 13:43:19 PDT
(In reply to Antti Koivisto from comment #5) > > I am a bit worried about the potential UAF errors this introduces. > > (takeInternal might make it less error prone) > > One thing we can do is to use an annotation to make compiler warns on unused > return value. Yeah, that's a good idea.
Antti Koivisto
Comment 7 2017-09-29 02:07:21 PDT
Created attachment 322181 [details] patch
Antti Koivisto
Comment 8 2017-09-29 06:51:23 PDT
Created attachment 322182 [details] patch
Radar WebKit Bug Importer
Comment 9 2017-09-29 10:48:24 PDT
<rdar://problem/34742406>
WebKit Commit Bot
Comment 10 2017-09-29 10:51:39 PDT
Comment on attachment 322182 [details] patch Rejecting attachment 322182 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-01', 'apply-attachment', '--no-update', '--non-interactive', 322182, '--port=mac']" exit_code: 2 cwd: /Volumes/Data/EWS/WebKit Last 500 characters of output: eePosition.h patching file Source/WebCore/style/RenderTreeUpdater.cpp patching file Source/WebCore/style/RenderTreeUpdaterFirstLetter.cpp patching file Source/WebCore/style/RenderTreeUpdaterGeneratedContent.cpp patching file Source/WebCore/style/RenderTreeUpdaterListItem.cpp patching file Source/WebCore/style/RenderTreeUpdaterMultiColumn.cpp Failed to run "[u'/Volumes/Data/EWS/WebKit/Tools/Scripts/svn-apply', '--force', '--reviewer', u'Zalan Bujtas']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit Full output: http://webkit-queues.webkit.org/results/4699618
Antti Koivisto
Comment 11 2017-09-29 23:05:47 PDT
Created attachment 322283 [details] patch
WebKit Commit Bot
Comment 12 2017-09-29 23:46:04 PDT
Comment on attachment 322283 [details] patch Clearing flags on attachment: 322283 Committed r222679: <http://trac.webkit.org/changeset/222679>
WebKit Commit Bot
Comment 13 2017-09-29 23:46:06 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.