Auto merge of #15145 - SwagColoredKitteh:issue-15101, r=emilio

Prevent crashing when a link tag has two or more in-flight requests (fix for issue #15101)

<!-- Please describe your changes on the following line: -->
The `HTMLLinkElement::set_stylesheet` function now checks whether there already is a stylesheet, and if there is, calls `Document::invalidate_stylesheets` after modifying `self.stylesheet`.

This PR also includes a minimal WPT that causes the panic.

This is fundamentally a timing issue, so while this fix prevents the crash, it does not fix the underlying issue. Making a &lt;link&gt; element send a second request before the first can finish and then getting the two stylesheet responses out-of-order will apply the wrong stylesheet, as demonstrated with https://gist.github.com/SwagColoredKitteh/2c24c7fac635445042eda4a30e10420e.

r? @emilio

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #15101 (github issue number if applicable).

<!-- Either: -->
- [X] There are tests for these changes OR
- [ ] These changes do not require tests because _____

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/15145)
<!-- Reviewable:end -->
This commit is contained in:
bors-servo 2017-01-24 07:06:51 -08:00 committed by GitHub
commit c3f0c9054f
9 changed files with 106 additions and 21 deletions

View file

@ -37,6 +37,15 @@ use stylesheet_loader::{StylesheetLoader, StylesheetContextSource, StylesheetOwn
unsafe_no_jsmanaged_fields!(Stylesheet);
#[derive(JSTraceable, PartialEq, Clone, Copy, HeapSizeOf)]
pub struct RequestGenerationId(u32);
impl RequestGenerationId {
fn increment(self) -> RequestGenerationId {
RequestGenerationId(self.0 + 1)
}
}
#[dom_struct]
pub struct HTMLLinkElement {
htmlelement: HTMLElement,
@ -52,6 +61,8 @@ pub struct HTMLLinkElement {
pending_loads: Cell<u32>,
/// Whether any of the loads have failed.
any_failed_load: Cell<bool>,
/// A monotonically increasing counter that keeps track of which stylesheet to apply.
request_generation_id: Cell<RequestGenerationId>,
}
impl HTMLLinkElement {
@ -65,6 +76,7 @@ impl HTMLLinkElement {
cssom_stylesheet: MutNullableJS::new(None),
pending_loads: Cell::new(0),
any_failed_load: Cell::new(false),
request_generation_id: Cell::new(RequestGenerationId(0)),
}
}
@ -78,11 +90,14 @@ impl HTMLLinkElement {
HTMLLinkElementBinding::Wrap)
}
pub fn set_stylesheet(&self, s: Arc<Stylesheet>) {
assert!(self.stylesheet.borrow().is_none());
*self.stylesheet.borrow_mut() = Some(s);
pub fn get_request_generation_id(&self) -> RequestGenerationId {
self.request_generation_id.get()
}
pub fn set_stylesheet(&self, s: Arc<Stylesheet>) {
assert!(self.stylesheet.borrow().is_none()); // Useful for catching timing issues.
*self.stylesheet.borrow_mut() = Some(s);
}
pub fn get_stylesheet(&self) -> Option<Arc<Stylesheet>> {
self.stylesheet.borrow().clone()
@ -260,6 +275,8 @@ impl HTMLLinkElement {
None => "",
};
self.request_generation_id.set(self.request_generation_id.get().increment());
// TODO: #8085 - Don't load external stylesheets if the node's mq
// doesn't match.
let loader = StylesheetLoader::for_element(self.upcast());