New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 843591 link

Starred by 2 users
Status: Duplicate
Merged: issue 781880
Owner: ----
Closed: May 2018
Cc:
creis@chromium.org
ekaramad@chromium.org
dcheng@chromium.org
nasko@chromium.org
wfh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Site isolation causes infinite stream of network requests for HTLMObjectElement loading SVG data.

Project Member Reported by erikc...@chromium.org, May 16 2018 
For repro, follow steps #2 in https://bugs.chromium.org/p/chromium/issues/detail?id=838760#c15.

Please note: this issue was exposed by my CL, which adds a call to documentElement()->LazyReattachIfAttached() from Document::SetPrinting.

Ideally, the HTMLObject wouldn't be detached to begin with [which I'm working on a fix for]. But reattaching it should still only cause a single network request. The fact that there's an infinite loop is not great. The rough order of events is described in:

https://bugs.chromium.org/p/chromium/issues/detail?id=838760#c20

Somehow, with site isolation enabled [timing change?], HTMLFrameOwnerElement::SetEmbeddedContentView is not being called soon enough, thus sparking the infinite loop.

Comment 1 by alex...@chromium.org, May 16 2018

Cc: ekaramad@chromium.org
Components: Internals>Sandbox>SiteIsolation
+ekaramad, who's been looking at lazy reattach in https://crrev.com/c/996314.

Comment 2 by ekaramad@chromium.org, May 16 2018 

So interestingly applying path in comment #1 seems to fix the problem. I tried with and without the CL and with the CL above there is only one request.

Currently, the issue with OOPIF+Plugins is that LazyReattach leads to resetting the embeded content view to nullptr which is fine with actual WebPluginContains since they will tear down, or even LocalFrameView which will kill the frame, but not for RemoteFrameViews. Losing RemoteFrameView does not do much. In "normal" navigation code path we never remove the RemoteFrameView.

Comment 3 by ekaramad@chromium.org, May 16 2018 

Perhaps the infinite loop is indeed due to GetEmbeddedContentView() returning nullptr in the OOPIF case (because it was removed in the attempt to reload the <object>). This causes an infinite recursion from here:
https://cs.chromium.org/chromium/src/third_party/blink/renderer/core/layout/layout_embedded_object.cc?rcl=d18b8969f814f29e8f101b8f5cf2dc4b27e055bd&l=139

And this to some extent should explain while the patch in comment #1 fixes the problem.

Comment 4 by ekaramad@chromium.org, May 16 2018

Mergedinto: 781880
Status: Duplicate (was: Untriaged)
I also believe following comment #3 we should mark this a dupe of bug 781880. Feel free to undo if this does not add up.

Sign in to add a comment