Speculative fix for crashes underneath StyleLengthResolution::adjustValueForPageZoom#57891
Merged
webkit-commit-queue merged 1 commit intoWebKit:mainfrom Feb 6, 2026
Conversation
Collaborator
|
EWS run on previous version of this PR (hash 25b8b23) Details
|
🛠 jsc-armv7
sammygill
force-pushed
the
eng/Mysterious-crashes-under-StyleLengthResolution-adjustValueForPageZoom
branch
from
25b8b23 to
b14ab2f
Compare
Collaborator
|
EWS run on previous version of this PR (hash b14ab2f) Details
|
sammygill
force-pushed
the
eng/Mysterious-crashes-under-StyleLengthResolution-adjustValueForPageZoom
branch
from
b14ab2f to
d1a385f
Compare
Collaborator
|
EWS run on previous version of this PR (hash d1a385f) Details |
webkit-ews-buildbot
added
the
merging-blocked
brentfulgham
approved these changes
Feb 5, 2026
Contributor
brentfulgham
left a comment
brentfulgham
left a comment
There was a problem hiding this comment.
Thank you for adding this extra check. r=me!
| // alive by checking it on the Document. | ||
| static RenderView* renderViewForDocument(const Document& document) | ||
| { | ||
| if (document.view()) |
Contributor
There was a problem hiding this comment.
I'd suggest:
if (document.view()) [Likely]
d1a385f to
ed59ff6
Compare
Collaborator
|
EWS run on current version of this PR (hash ed59ff6) Details
|
sammygill
added
safe-merge-queue
…alueForPageZoom https://bugs.webkit.org/show_bug.cgi?id=306989 rdar://168722605 Reviewed by Brent Fulgham. Stability data seems to suggest that it is possible to hit some crashes underneath StyleLengthResolution::adjustValueForPageZoom. These crashes seem to be coming from the fact that we attempt to access the page zoom factor via the RenderView on CSSToLengthConversionData. It is not very clear how we can get into this state since code inspection seems to indicate that we try very hard to make sure that cleanup between these two objects is handled properly. An investigation to attempt to reproduce this crash has also not been very fruitful since it seems at least some of those who experienced this crash were not aware that it happened, could not remember it occurring, or were not able to get it to reproduce either by navigating through history. In order to increase stability, and also hopefully be able to obtain more actionable bug reports, we attempt a speculative fix for addressing this crash. The main change is that in the constructor for CSSToLengthConversionData, we use a new helper function to figure out what we should use for the RenderView field. Since we cannot directly check the existence of the LocalFrameView on the RenderView, we look at the Document, which is the sole owner of the RenderView, to see if it is still there. If the Document no longer has its LocalFrameView, then we will return nullptr for the RenderView. Much of the other code in CSSToLengthConversionData already performs a nullptr check for RenderView, so we also need to start doing the same in adjustValueForPageZoom since there is no guarantee that this pointer is always non-null. Canonical link: https://commits.webkit.org/306918@main
webkit-commit-queue
force-pushed
the
eng/Mysterious-crashes-under-StyleLengthResolution-adjustValueForPageZoom
branch
from
ed59ff6 to
a7e0750
Compare
Collaborator
|
Committed 306918@main (a7e0750): https://commits.webkit.org/306918@main Reviewed commits have been landed. Closing PR #57891 and removing active labels. |
webkit-commit-queue
removed
the
merge-queue
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
a7e0750
ed59ff6