WebKit Bugzilla
Attachment 357987 Details for
Bug 180373
: Web Inspector: Crashes seen under Inspector::ScriptCallFrame::~ScriptCallFrame
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
[PATCH] For Landing
for-landing-1.patch (text/plain), 1.94 KB, created by
Joseph Pecoraro
on 2018-12-21 15:03:54 PST
(
hide
)
Description:
[PATCH] For Landing
Filename:
MIME Type:
Creator:
Joseph Pecoraro
Created:
2018-12-21 15:03:54 PST
Size:
1.94 KB
patch
obsolete
>diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 2e7c3ea131a..a760e3917e6 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,17 @@ >+2018-12-21 Joseph Pecoraro <pecoraro@apple.com> >+ >+ Web Inspector: Crashes seen under Inspector::ScriptCallFrame::~ScriptCallFrame >+ https://bugs.webkit.org/show_bug.cgi?id=180373 >+ <rdar://problem/33894170> >+ >+ Rubber-stamped by Devin Rousso. >+ >+ * inspector/AsyncStackTrace.cpp: >+ (Inspector::AsyncStackTrace::truncate): >+ The `lastUnlockedAncestor->remove()` may release the only reference to it's >+ parent which we intend to use later but don't hold a RefPtr to. Keep the >+ parent alive explicitly by protecting it. >+ > 2018-12-20 Keith Miller <keith_miller@apple.com> > > Add support for globalThis >diff --git a/Source/JavaScriptCore/inspector/AsyncStackTrace.cpp b/Source/JavaScriptCore/inspector/AsyncStackTrace.cpp >index 8cb09796f12..5450e2f3c00 100644 >--- a/Source/JavaScriptCore/inspector/AsyncStackTrace.cpp >+++ b/Source/JavaScriptCore/inspector/AsyncStackTrace.cpp >@@ -167,7 +167,7 @@ void AsyncStackTrace::truncate(size_t maxDepth) > > // The subtree being truncated must be removed from it's parent before > // updating its parent pointer chain. >- auto* sourceNode = lastUnlockedAncestor->m_parent.get(); >+ RefPtr<AsyncStackTrace> sourceNode = lastUnlockedAncestor->m_parent; > lastUnlockedAncestor->remove(); > > while (sourceNode) { >@@ -175,10 +175,10 @@ void AsyncStackTrace::truncate(size_t maxDepth) > previousNode->m_parent->m_childCount = 1; > previousNode = previousNode->m_parent.get(); > >- if (sourceNode == newStackTraceRoot) >+ if (sourceNode.get() == newStackTraceRoot) > break; > >- sourceNode = sourceNode->m_parent.get(); >+ sourceNode = sourceNode->m_parent; > } > > previousNode->m_truncated = true;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=357987">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 180373
:
357982
| 357987