Crash when SetFocusedElement is called during layout

I think the crash in https://crbug.com/848212 is caused due to Document::focused_element_ being cleared out during the UpdateStyleAndLayoutIgnorePendingStylesheetsForNode call in Document::SetFocusedElement, but I'm unable to reproduce a situtation where this happens. This CL adds a CHECK that crashes when SetFocusedElement is called during UpdateStyleAndLayout, just so I can get some stack traces in the wild and confirm this theory. Bug: 848212 Change-Id: Ia9293ea155e4ae976592166e7ab4f936f25f3f38 Reviewed-on: https://chromium-review.googlesource.com/1085607 Commit-Queue: Kent Tamura <tkent@chromium.org> Reviewed-by: Kent Tamura <tkent@chromium.org> Cr-Commit-Position: refs/heads/master@{#564337}

Crash when SetFocusedElement is called during layout
I think the crash in https://crbug.com/848212 is caused due to Document::focused_element_ being cleared out during the UpdateStyleAndLayoutIgnorePendingStylesheetsForNode call in Document::SetFocusedElement, but I'm unable to reproduce a situtation where this happens. This CL adds a CHECK that crashes when SetFocusedElement is called during UpdateStyleAndLayout, just so I can get some stack traces in the wild and confirm this theory. Bug: 848212 Change-Id: Ia9293ea155e4ae976592166e7ab4f936f25f3f38 Reviewed-on: https://chromium-review.googlesource.com/1085607 Commit-Queue: Kent Tamura <tkent@chromium.org> Reviewed-by: Kent Tamura <tkent@chromium.org> Cr-Commit-Position: refs/heads/master@{#564337}
75d3f6c9 · Adithya Srinivasan · Commit Bot · 1d94dbd1 · 75d3f6c9
Commit 75d3f6c9 authored Jun 05, 2018 by Adithya Srinivasan Committed by Commit Bot Jun 05, 2018
Show whitespace changes
Inline Side-by-side

Showing with 17 additions and 0 deletions

third_party/blink/renderer/core/dom/document.cc third_party/blink/renderer/core/dom/document.cc +17 -0

No files found.
--- a/third_party/blink/renderer/core/dom/document.cc
+++ b/third_party/blink/renderer/core/dom/document.cc
@@ -350,6 +350,18 @@ class DocumentOutliveTimeReporter : public BlinkGCObserver {
  int gc_age_when_document_detached_ = 0;
 };
+class SetFocusedElementForbiddenScope {
+ public:
+  SetFocusedElementForbiddenScope() { count_++; }
+  ~SetFocusedElementForbiddenScope() { count_--; }
+  static bool IsSetFocusedElementForbidden() { return count_ > 0; }
+ private:
+  static int count_;
+};
+int SetFocusedElementForbiddenScope::count_ = 0;
 static const unsigned kCMaxWriteRecursionDepth = 21;
 // This amount of time must have elapsed before we will even consider scheduling
@@ -2348,6 +2360,7 @@ void Document::UpdateStyleAndLayoutTreeForNode(const Node* node) {
 void Document::UpdateStyleAndLayoutIgnorePendingStylesheetsForNode(Node* node) {
  DCHECK(node);
+  SetFocusedElementForbiddenScope set_focused_element_scope;
  if (!node->InActiveDocument())
    return;
  UpdateStyleAndLayoutIgnorePendingStylesheets();
@@ -4506,6 +4519,10 @@ bool Document::SetFocusedElement(Element* new_focused_element,
                                 const FocusParams& params) {
  DCHECK(!lifecycle_.InDetach());
+  // TODO(adithyas): This CHECK has been added to investigate
+  // https://crbug.com/848212, remove this after bug is resolved.
+  CHECK(!SetFocusedElementForbiddenScope::IsSetFocusedElementForbidden());
  clear_focused_element_timer_.Stop();
  // Make sure newFocusedNode is actually in this document