LayoutCodeReviewerChecklist.rst (1533B)
1 Layout Code Reviewer Checklist 2 ============================== 3 4 General 5 ------- 6 - Follow the general `reviewer checklist 7 <https://firefox-source-docs.mozilla.org/contributing/reviewer_checklist.html>`__. 8 9 Security issues 10 --------------- 11 12 - **Watch for raw pointers that may have their data deleted out from under 13 them**. Examples: 14 15 - If you ever have a raw pointer to a dynamically allocated object, it's good 16 to scrutinize whether the object might be destroyed before the last 17 possible use of the raw pointer. For example: if you have a local variable 18 that points to an object that's owned by a `frame's property table 19 <https://searchfox.org/mozilla-central/source/layout/base/FrameProperties.h>`__, 20 then consider whether the frame might remove/replace the property-table 21 entry (or whether the frame itself might be destroyed) inside any of the 22 function calls that happen while the local pointer is in scope. 23 - Be aware that layout flushes 24 (e.g. ``doc->FlushPendingNotifications(FlushType::Layout)``) can 25 synchronously cause the frame tree (and even the document!) to be 26 destroyed. Specifically: a layout flush can synchronously cause resize 27 events to fire; and the event-listeners for those events can run arbitrary 28 script, which could e.g. remove the iframe element that's hosting the 29 document whose layout we're in the midst of flushing; and that can cause 30 that document to be immediately destroyed, if there aren't any other strong 31 references keeping it alive.