Bug 74321 - Don't crash in StyleAttributeMutationScope if the style declaration's element has been GCed
Summary: Don't crash in StyleAttributeMutationScope if the style declaration's element...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Adam Klein
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-12-12 12:47 PST by Adam Klein
Modified: 2011-12-12 16:48 PST (History)
5 users (show)

See Also:

Attachments
Patch (3.95 KB, patch)
2011-12-12 12:48 PST, Adam Klein 		no flags Details | Formatted Diff | Diff
Added crbug to ChangeLog (4.01 KB, patch)
2011-12-12 14:23 PST, Adam Klein 		no flags Details | Formatted Diff | Diff
Add ChangeLog details (4.52 KB, patch)
2011-12-12 14:44 PST, Adam Klein 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Klein 2011-12-12 12:47:25 PST 
Don't crash in StyleAttributeMutationScope if the style declaration's element has been GCed
Comment 1 Adam Klein 2011-12-12 12:48:02 PST 
Created attachment 118827 [details]
Patch
Comment 2 Adam Klein 2011-12-12 14:23:42 PST 
Created attachment 118846 [details]
Added crbug to ChangeLog
Comment 3 Ryosuke Niwa 2011-12-12 14:24:43 PST 
Comment on attachment 118846 [details]
Added crbug to ChangeLog

View in context: https://bugs.webkit.org/attachment.cgi?id=118846&action=review

> Source/WebCore/ChangeLog:8
> +        Initially reported as http://crbug.com/107231.

You should describe how the crash was caused and how you fixed. The link to crbug.com usually belongs in Bugzilla, not in the changelog.
Comment 4 Adam Klein 2011-12-12 14:27:40 PST 
Initially reported as http://crbug.com/107231
Comment 5 Adam Klein 2011-12-12 14:44:37 PST 
Created attachment 118853 [details]
Add ChangeLog details
Comment 6 Ryosuke Niwa 2011-12-12 14:49:55 PST 
Comment on attachment 118853 [details]
Add ChangeLog details

View in context: https://bugs.webkit.org/attachment.cgi?id=118853&action=review

> Source/WebCore/ChangeLog:18
> +        In r101101, Rafael Weinstein added code to CSSMutableStyleDeclaration.cpp
> +        which depended on isInlineStyleDeclaration returning true iff the
> +        element it pointed to was non-null (it will be nulled-out if the
> +        element is garbage collected).
> +
> +        Then, in r101172, Andreas Kling changed the semantics so that
> +        isInlineStyleDeclaration only described the type of the declaration,
> +        not the state of the related element.
> +
> +        This change updates Rafael's code with an explicit check that the
> +        element is still alive.

Great! Thanks for adding this description. It makes a huge difference when we're going to look at svn blame in the future.
Comment 7 WebKit Review Bot 2011-12-12 16:48:53 PST 
Comment on attachment 118853 [details]
Add ChangeLog details

Clearing flags on attachment: 118853

Committed r102639: <http://trac.webkit.org/changeset/102639>
Comment 8 WebKit Review Bot 2011-12-12 16:48:58 PST 
All reviewed patches have been landed.  Closing bug.