Bug 179844 - REGRESSION(r224390): Revert unneeded Ref use
Summary: REGRESSION(r224390): Revert unneeded Ref use
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Brent Fulgham
URL:
Keywords: InRadar
Depends on: 179218
Blocks:
  Show dependency treegraph
 
Reported: 2017-11-17 14:47 PST by Brent Fulgham
Modified: 2017-11-18 06:56 PST (History)
9 users (show)

See Also:

Attachments
Patch (2.19 KB, patch)
2017-11-17 14:53 PST, Brent Fulgham 		no flags Details | Formatted Diff | Diff
Patch (2.19 KB, patch)
2017-11-17 15:26 PST, Brent Fulgham 		cdumez: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Brent Fulgham 2017-11-17 14:47:49 PST 
In Bug 179218, raw auto* pointers were converted to RefPtrs using makeRefPtr. However, in one place it was accidentally typed "makeRef", leading to nullptr crashes.
Comment 1 Radar WebKit Bug Importer 2017-11-17 14:50:18 PST 
<rdar://problem/35624718>
Comment 2 Brent Fulgham 2017-11-17 14:53:04 PST 
Created attachment 327248 [details]
Patch
Comment 3 Brent Fulgham 2017-11-17 14:54:04 PST 
It's not really clear to me what the benefit of the original change was, but this prevents it from crashing when contentDocument is nullptr.
Comment 4 Chris Dumez 2017-11-17 14:57:43 PST 
Comment on attachment 327248 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=327248&action=review

> Source/WebCore/html/HTMLFrameOwnerElement.cpp:117
> +        auto document = makeRef(*contentDocument);

Why do we even want a Refptr here? This seems to cause churn for no reason.
Comment 5 Chris Dumez 2017-11-17 14:59:03 PST 
Comment on attachment 327248 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=327248&action=review

>> Source/WebCore/html/HTMLFrameOwnerElement.cpp:117
>> +        auto document = makeRef(*contentDocument);
> 
> Why do we even want a Refptr here? This seems to cause churn for no reason.

I suggest:
auto* document = contentDocument();
if (is<SVGDocument>(document))
   return *document;
return Exception { NotSupportedError };
Comment 6 Chris Dumez 2017-11-17 15:01:12 PST 
Comment on attachment 327248 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=327248&action=review

>>> Source/WebCore/html/HTMLFrameOwnerElement.cpp:117
>>> +        auto document = makeRef(*contentDocument);
>> 
>> Why do we even want a Refptr here? This seems to cause churn for no reason.
> 
> I suggest:
> auto* document = contentDocument();
> if (is<SVGDocument>(document))
>    return *document;
> return Exception { NotSupportedError };

If you insist on using a RefPtr for some reason, then I'd suggest:
auto document = makeRefPtr(contentDocument());
if (is<SVGDocument>(document))
    return *document;
return Exception { NotSupportedError };

But honestly, it is really not useful to hold a strong reference just to do a type check IMO.
Comment 7 Jiewen Tan 2017-11-17 15:07:49 PST 
Comment on attachment 327248 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=327248&action=review

>>>> Source/WebCore/html/HTMLFrameOwnerElement.cpp:117
>>>> +        auto document = makeRef(*contentDocument);
>>> 
>>> Why do we even want a Refptr here? This seems to cause churn for no reason.
>> 
>> I suggest:
>> auto* document = contentDocument();
>> if (is<SVGDocument>(document))
>>    return *document;
>> return Exception { NotSupportedError };
> 
> If you insist on using a RefPtr for some reason, then I'd suggest:
> auto document = makeRefPtr(contentDocument());
> if (is<SVGDocument>(document))
>     return *document;
> return Exception { NotSupportedError };
> 
> But honestly, it is really not useful to hold a strong reference just to do a type check IMO.

My bad. I agree it is not necessary to do the RefPtr thing in this particular spot.
Comment 8 Jiewen Tan 2017-11-17 15:09:41 PST 
Comment on attachment 327248 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=327248&action=review

>>>>> Source/WebCore/html/HTMLFrameOwnerElement.cpp:117
>>>>> +        auto document = makeRef(*contentDocument);
>>>> 
>>>> Why do we even want a Refptr here? This seems to cause churn for no reason.
>>> 
>>> I suggest:
>>> auto* document = contentDocument();
>>> if (is<SVGDocument>(document))
>>>    return *document;
>>> return Exception { NotSupportedError };
>> 
>> If you insist on using a RefPtr for some reason, then I'd suggest:
>> auto document = makeRefPtr(contentDocument());
>> if (is<SVGDocument>(document))
>>     return *document;
>> return Exception { NotSupportedError };
>> 
>> But honestly, it is really not useful to hold a strong reference just to do a type check IMO.
> 
> My bad. I agree it is not necessary to do the RefPtr thing in this particular spot.

I suggest we could just revert my change in this particular spot.
Comment 9 Brent Fulgham 2017-11-17 15:23:26 PST 
Comment on attachment 327248 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=327248&action=review

>>>>>> Source/WebCore/html/HTMLFrameOwnerElement.cpp:117
>>>>>> +        auto document = makeRef(*contentDocument);
>>>>> 
>>>>> Why do we even want a Refptr here? This seems to cause churn for no reason.
>>>> 
>>>> I suggest:
>>>> auto* document = contentDocument();
>>>> if (is<SVGDocument>(document))
>>>>    return *document;
>>>> return Exception { NotSupportedError };
>>> 
>>> If you insist on using a RefPtr for some reason, then I'd suggest:
>>> auto document = makeRefPtr(contentDocument());
>>> if (is<SVGDocument>(document))
>>>     return *document;
>>> return Exception { NotSupportedError };
>>> 
>>> But honestly, it is really not useful to hold a strong reference just to do a type check IMO.
>> 
>> My bad. I agree it is not necessary to do the RefPtr thing in this particular spot.
> 
> I suggest we could just revert my change in this particular spot.

Cool. I'll land a revert.
Comment 10 Brent Fulgham 2017-11-17 15:26:34 PST 
Created attachment 327253 [details]
Patch
Comment 11 Chris Dumez 2017-11-17 15:27:53 PST 
Comment on attachment 327253 [details]
Patch

r=me
Comment 12 Brent Fulgham 2017-11-17 15:34:11 PST 
Committed r224995: <https://trac.webkit.org/changeset/224995>
Comment 13 zalan 2017-11-17 17:11:21 PST 
*** Bug 179854 has been marked as a duplicate of this bug. ***
Comment 14 Ryosuke Niwa 2017-11-18 01:56:07 PST 
I think Zalan had a repro for the crash. Could someone add a test case so that we don't introduce the same bug in the future?
Comment 15 zalan 2017-11-18 06:56:17 PST 
(In reply to Ryosuke Niwa from comment #14)
> I think Zalan had a repro for the crash. Could someone add a test case so
> that we don't introduce the same bug in the future?
I already did; see https://trac.webkit.org/changeset/225012/webkit