Google Git
Sign in
chromium / chromium / src / 05ec0abb4b7fa97b9b1e211c1c395b2bffb7a2a2
commit05ec0abb4b7fa97b9b1e211c1c395b2bffb7a2a2[log] [tgz]
authorKoji Ishii <[email protected]>Tue Dec 17 15:07:30 2019
committerCommit Bot <[email protected]>Tue Dec 17 15:07:30 2019
treeca0fa70b79cb8913e6c7a3c72779a2a6ef77aa25
parent7fd49d771e68e9b303d94d15ff495ef407d09970 [diff]
Merge 3987: Partially revert |NGPaintFragment::LayoutObjectWillBeDestroyed()|

This patch partially reverts r715954 <crrev.com/c/1914580>.
The patch is to turn use-after-free to null-deref crash, but
from the crash logs, it is possible that we mark "destroyed"
too actively.

This patch reverts to the original method, to check a flag
|is_layout_object_destroyed_| as needed.

As |NGFragmentItem| work make progress, we will need to
investigate this more. But given crashes are occuring in M80,
this is safer than trying to fix the marking.

The partial revert was chosen (over the full revert) as
there are more code that depends on the change to
|NGPhysicalFramgent::layout_object_|.

(cherry picked from commit 0c47fdec7186cfb53c12c07fa4d383cdb6bd0b12)

Bug: 1033203
Change-Id: I7cb21cc09f7250ec031b2efc5c904c342a86aaee
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1963593
Reviewed-by: Ian Kilpatrick <[email protected]>
Commit-Queue: Koji Ishii <[email protected]>
Cr-Original-Commit-Position: refs/heads/master@{#724233}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1971186
Reviewed-by: Koji Ishii <[email protected]>
Cr-Commit-Position: refs/branch-heads/3987@{#203}
Cr-Branched-From: c4e8da9871cc266be74481e212f3a5252972509d-refs/heads/master@{#722274}
2 files changed
tree: ca0fa70b79cb8913e6c7a3c72779a2a6ef77aa25
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. jingle/
  31. media/
  32. mojo/
  33. native_client_sdk/
  34. net/
  35. pdf/
  36. ppapi/
  37. printing/
  38. remoting/
  39. rlz/
  40. sandbox/
  41. services/
  42. skia/
  43. sql/
  44. storage/
  45. styleguide/
  46. testing/
  47. third_party/
  48. tools/
  49. ui/
  50. url/
  51. weblayer/
  52. .clang-format
  53. .clang-tidy
  54. .eslintrc.js
  55. .git-blame-ignore-revs
  56. .gitattributes
  57. .gitignore
  58. .gn
  59. .vpython
  60. .vpython3
  61. .yapfignore
  62. AUTHORS
  63. BUILD.gn
  64. CODE_OF_CONDUCT.md
  65. codereview.settings
  66. DEPS
  67. ENG_REVIEW_OWNERS
  68. LICENSE
  69. LICENSE.chromium_os
  70. OWNERS
  71. PRESUBMIT.py
  72. PRESUBMIT_test.py
  73. PRESUBMIT_test_mocks.py
  74. README.md
  75. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .