RESOLVED INVALID Bug 54680
Remove Invalid ASSERT in SubframeLoader::requestObject 
https://bugs.webkit.org/show_bug.cgi?id=54680
Summary Remove Invalid ASSERT in SubframeLoader::requestObject
Joseph Pecoraro
Reported 2011-02-17 12:32:10 PST
SubframeLoader::requestObject: // FIXME: None of this code should use renderers! RenderEmbeddedObject* renderer = ownerElement->renderEmbeddedObject(); if (!renderer) return false; renderEmbeddedObject may return 0 when the ownerElement is not an isEmbeddedObject, which may be the case if has fallback content. See HTMLPlugInImageElement::createRenderer, and the HTMLObjectElement subclass. This ASSERT is unnecessary. Also, there is no change since the condition is checked immediately afterwards. It can happen when an HTMLObjectElement (a subclass) is passed in as the HTMLPlugInImageElement parameter. In release builds this would act correctly and return, in which case the HTMLObjectElement will render its fallback content (see HTMLObjectElement::updateWidget).
Attachments
[PATCH] Remove ASSERT (1.38 KB, patch)
2011-02-17 12:37 PST, Joseph Pecoraro 		eric: commit-queue-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Joseph Pecoraro
Comment 1 2011-02-17 12:37:55 PST
Created attachment 82847 [details] [PATCH] Remove ASSERT
Joseph Pecoraro
Comment 2 2011-02-17 12:39:46 PST
Haha, I pasted the new code. The old code had an ASSERT! It looked like: // FIXME: None of this code should use renderers! RenderEmbeddedObject* renderer = ownerElement->renderEmbeddedObject(); ASSERT(renderer); if (!renderer) return false;
Alexey Proskuryakov
Comment 3 2011-02-17 20:52:10 PST
Can this be tested with a regression test? That seems quite important in this case.
Eric Seidel (no email)
Comment 4 2011-02-18 12:44:11 PST
This reminded me of bug 54711. (I think I edited these sections of code around the same time.)
Eric Seidel (no email)
Comment 5 2011-02-18 12:45:02 PST
Comment on attachment 82847 [details] [PATCH] Remove ASSERT Please replace the ASSERT with a comment explaining when it can return 0 there. The ASSERT clearly came from confusion here.
Joseph Pecoraro
Comment 6 2011-02-18 14:17:20 PST
Actually, this ASSERT would have helped catch situations like the following: <http://webkit.org/b/47550> For WebKit plug-ins, beforeload can be called recursively (esp. with AdBlock style extensions) I see now that I was using an older version of WebKit that allowed this type of recursion in creating Renders during a beforeload event. I think it might be worth keeping this ASSERT in, but adding a comment to explain that if this ASSERT happens, it may be another case of an unexpected renderer for an HTMLPluginElement. Something like: // If the render is null, this HTMLPlugInImageElement likely has a fallback renderer // Why there is a fallback renderer? Does this it makes sense that there is one? ASSERT(renderer); Worth adding? I know the path I just explained still exists, but it doesn't seem to happen in practice, and the case where I saw it was with an outdated WebKit. There is already a FIXME comment to remove renderers from SubframeLoader::requestObject anyways.
Darin Adler
Comment 7 2011-06-18 12:26:28 PDT
Comment on attachment 82847 [details] [PATCH] Remove ASSERT Sounds like Joe changed his mind about this, so removing review+ from it.
Joseph Pecoraro
Comment 8 2011-06-20 10:14:15 PDT
Reason for closing: > I was using an older version of WebKit that allowed this type of > recursion in creating Renders during a beforeload event. But that is no longer the case.
Note You need to log in before you can comment on or make changes to this bug.