From 7b9ca7da96108c39142ebf9b6d639d9725beebf4 Mon Sep 17 00:00:00 2001 From: Aaron Leventhal Date: Tue, 15 Jun 2021 16:38:34 -0700 Subject: [PATCH] Safe slot reassigment 1. Use GetWithoutInvalidation() instead of Get() in DCHECKs. We should never call Get() inside of a DCHECK(), because this can lead to a different code path depending on whether DCHECKs are enabled. 2. Get() should not cause immediate side effects. At most, it should queue up an invalidation for later processing. Fixing #1 and #2 were required in order to get past a first set of errors introduced by the new test. 3. The actual fix -- avoid infinite loop by calling a special new SlotAssignmentWillChange(), rather than ChildrenChanged(), where a minimal GetWithoutInvalidation() is called that does not lead to IsShadowContentRelevantForAccessibility() => FirstChild() => RecalcAssignedNodes() => ChildrenChanged() ... (infinite loop). A simpler potential fix is in CL:2965317 but requires more research. It's also mentioned in a TODO comment. Bug: 1219311 Change-Id: Iafaa289f241a851404ce352715d2970172a2e5f8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2961158 Reviewed-by: Joey Arhar Reviewed-by: Mason Freed Reviewed-by: Dominic Mazzoni Commit-Queue: Aaron Leventhal Cr-Commit-Position: refs/heads/master@{#892778} --- .../crashtests/slot-assignment-lockup.html | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 accessibility/crashtests/slot-assignment-lockup.html diff --git a/accessibility/crashtests/slot-assignment-lockup.html b/accessibility/crashtests/slot-assignment-lockup.html new file mode 100644 index 00000000000000..85b6c9294a5eaa --- /dev/null +++ b/accessibility/crashtests/slot-assignment-lockup.html @@ -0,0 +1,34 @@ + + + + + +