RESOLVED FIXED 179844
REGRESSION(r224390): Revert unneeded Ref use 
https://bugs.webkit.org/show_bug.cgi?id=179844
Summary REGRESSION(r224390): Revert unneeded Ref use
Brent Fulgham
Reported 2017-11-17 14:47:49 PST
In Bug 179218, raw auto* pointers were converted to RefPtrs using makeRefPtr. However, in one place it was accidentally typed "makeRef", leading to nullptr crashes.
Attachments
Patch (2.19 KB, patch)
2017-11-17 14:53 PST, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Patch (2.19 KB, patch)
2017-11-17 15:26 PST, Brent Fulgham 		cdumez: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2017-11-17 14:50:18 PST
<rdar://problem/35624718>
Brent Fulgham
Comment 2 2017-11-17 14:53:04 PST
Created attachment 327248 [details] Patch
Brent Fulgham
Comment 3 2017-11-17 14:54:04 PST
It's not really clear to me what the benefit of the original change was, but this prevents it from crashing when contentDocument is nullptr.
Chris Dumez
Comment 4 2017-11-17 14:57:43 PST
Comment on attachment 327248 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=327248&action=review > Source/WebCore/html/HTMLFrameOwnerElement.cpp:117 > + auto document = makeRef(*contentDocument); Why do we even want a Refptr here? This seems to cause churn for no reason.
Chris Dumez
Comment 5 2017-11-17 14:59:03 PST
Comment on attachment 327248 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=327248&action=review >> Source/WebCore/html/HTMLFrameOwnerElement.cpp:117 >> + auto document = makeRef(*contentDocument); > > Why do we even want a Refptr here? This seems to cause churn for no reason. I suggest: auto* document = contentDocument(); if (is<SVGDocument>(document)) return *document; return Exception { NotSupportedError };
Chris Dumez
Comment 6 2017-11-17 15:01:12 PST
Comment on attachment 327248 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=327248&action=review >>> Source/WebCore/html/HTMLFrameOwnerElement.cpp:117 >>> + auto document = makeRef(*contentDocument); >> >> Why do we even want a Refptr here? This seems to cause churn for no reason. > > I suggest: > auto* document = contentDocument(); > if (is<SVGDocument>(document)) > return *document; > return Exception { NotSupportedError }; If you insist on using a RefPtr for some reason, then I'd suggest: auto document = makeRefPtr(contentDocument()); if (is<SVGDocument>(document)) return *document; return Exception { NotSupportedError }; But honestly, it is really not useful to hold a strong reference just to do a type check IMO.
Jiewen Tan
Comment 7 2017-11-17 15:07:49 PST
Comment on attachment 327248 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=327248&action=review >>>> Source/WebCore/html/HTMLFrameOwnerElement.cpp:117 >>>> + auto document = makeRef(*contentDocument); >>> >>> Why do we even want a Refptr here? This seems to cause churn for no reason. >> >> I suggest: >> auto* document = contentDocument(); >> if (is<SVGDocument>(document)) >> return *document; >> return Exception { NotSupportedError }; > > If you insist on using a RefPtr for some reason, then I'd suggest: > auto document = makeRefPtr(contentDocument()); > if (is<SVGDocument>(document)) > return *document; > return Exception { NotSupportedError }; > > But honestly, it is really not useful to hold a strong reference just to do a type check IMO. My bad. I agree it is not necessary to do the RefPtr thing in this particular spot.
Jiewen Tan
Comment 8 2017-11-17 15:09:41 PST
Comment on attachment 327248 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=327248&action=review >>>>> Source/WebCore/html/HTMLFrameOwnerElement.cpp:117 >>>>> + auto document = makeRef(*contentDocument); >>>> >>>> Why do we even want a Refptr here? This seems to cause churn for no reason. >>> >>> I suggest: >>> auto* document = contentDocument(); >>> if (is<SVGDocument>(document)) >>> return *document; >>> return Exception { NotSupportedError }; >> >> If you insist on using a RefPtr for some reason, then I'd suggest: >> auto document = makeRefPtr(contentDocument()); >> if (is<SVGDocument>(document)) >> return *document; >> return Exception { NotSupportedError }; >> >> But honestly, it is really not useful to hold a strong reference just to do a type check IMO. > > My bad. I agree it is not necessary to do the RefPtr thing in this particular spot. I suggest we could just revert my change in this particular spot.
Brent Fulgham
Comment 9 2017-11-17 15:23:26 PST
Comment on attachment 327248 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=327248&action=review >>>>>> Source/WebCore/html/HTMLFrameOwnerElement.cpp:117 >>>>>> + auto document = makeRef(*contentDocument); >>>>> >>>>> Why do we even want a Refptr here? This seems to cause churn for no reason. >>>> >>>> I suggest: >>>> auto* document = contentDocument(); >>>> if (is<SVGDocument>(document)) >>>> return *document; >>>> return Exception { NotSupportedError }; >>> >>> If you insist on using a RefPtr for some reason, then I'd suggest: >>> auto document = makeRefPtr(contentDocument()); >>> if (is<SVGDocument>(document)) >>> return *document; >>> return Exception { NotSupportedError }; >>> >>> But honestly, it is really not useful to hold a strong reference just to do a type check IMO. >> >> My bad. I agree it is not necessary to do the RefPtr thing in this particular spot. > > I suggest we could just revert my change in this particular spot. Cool. I'll land a revert.
Brent Fulgham
Comment 10 2017-11-17 15:26:34 PST
Created attachment 327253 [details] Patch
Chris Dumez
Comment 11 2017-11-17 15:27:53 PST
Comment on attachment 327253 [details] Patch r=me
Brent Fulgham
Comment 12 2017-11-17 15:34:11 PST
Committed r224995: <https://trac.webkit.org/changeset/224995>
zalan
Comment 13 2017-11-17 17:11:21 PST
*** Bug 179854 has been marked as a duplicate of this bug. ***
Ryosuke Niwa
Comment 14 2017-11-18 01:56:07 PST
I think Zalan had a repro for the crash. Could someone add a test case so that we don't introduce the same bug in the future?
zalan
Comment 15 2017-11-18 06:56:17 PST
(In reply to Ryosuke Niwa from comment #14) > I think Zalan had a repro for the crash. Could someone add a test case so > that we don't introduce the same bug in the future? I already did; see https://trac.webkit.org/changeset/225012/webkit
Note You need to log in before you can comment on or make changes to this bug.