WebKit Bugzilla
Attachment 357982 Details for
Bug 180373
: Web Inspector: Crashes seen under Inspector::ScriptCallFrame::~ScriptCallFrame
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
[PATCH] Proposed Fix
protect-1.patch (text/plain), 1.65 KB, created by
Joseph Pecoraro
on 2018-12-21 14:47:19 PST
(
hide
)
Description:
[PATCH] Proposed Fix
Filename:
MIME Type:
Creator:
Joseph Pecoraro
Created:
2018-12-21 14:47:19 PST
Size:
1.65 KB
patch
obsolete
>diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 2e7c3ea131a..f6f0d19fd48 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,17 @@ >+2018-12-21 Joseph Pecoraro <pecoraro@apple.com> >+ >+ Web Inspector: Crashes seen under Inspector::ScriptCallFrame::~ScriptCallFrame >+ https://bugs.webkit.org/show_bug.cgi?id=180373 >+ <rdar://problem/33894170> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * inspector/AsyncStackTrace.cpp: >+ (Inspector::AsyncStackTrace::truncate): >+ The `lastUnlockedAncestor->remove()` may release the only reference to it's >+ parent which we intend to use later but don't hold a RefPtr to. Keep the >+ parent alive explicitly by protecting it. >+ > 2018-12-20 Keith Miller <keith_miller@apple.com> > > Add support for globalThis >diff --git a/Source/JavaScriptCore/inspector/AsyncStackTrace.cpp b/Source/JavaScriptCore/inspector/AsyncStackTrace.cpp >index 8cb09796f12..b56ef1d57b7 100644 >--- a/Source/JavaScriptCore/inspector/AsyncStackTrace.cpp >+++ b/Source/JavaScriptCore/inspector/AsyncStackTrace.cpp >@@ -166,7 +166,9 @@ void AsyncStackTrace::truncate(size_t maxDepth) > auto* previousNode = lastUnlockedAncestor; > > // The subtree being truncated must be removed from it's parent before >- // updating its parent pointer chain. >+ // updating its parent pointer chain. Protect the parent node in case >+ // this holds the only reference to it. >+ RefPtr<AsyncStackTrace> protect(lastUnlockedAncestor->m_parent); > auto* sourceNode = lastUnlockedAncestor->m_parent.get(); > lastUnlockedAncestor->remove(); >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=357982">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
hi
:
review+
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 180373
: 357982 |
357987