[webkit-changes] [WebKit/WebKit] a7dc74: Crash under ReportingScope::unregisterReportingObs...
Chris Dumez
noreply at github.com
Thu Aug 10 16:43:59 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: a7dc74b15bbc34e5eddff0d376fc0f1d18ed815e
https://github.com/WebKit/WebKit/commit/a7dc74b15bbc34e5eddff0d376fc0f1d18ed815e
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-08-10 (Thu, 10 Aug 2023)
Changed paths:
M Source/WebCore/Modules/reporting/ReportingObserver.cpp
M Source/WebCore/Modules/reporting/ReportingScope.cpp
Log Message:
-----------
Crash under ReportingScope::unregisterReportingObserver()
https://bugs.webkit.org/show_bug.cgi?id=260038
rdar://113533957
Reviewed by David Kilzer.
The ReportingScope keeps the ReportingObservers alive via its `m_reportingObservers`
vector. The crash would happen because ReportingScope::removeAllObservers() would
call clear() on this vector, which may cause ReportingObserver objects to get
destroyed. In turn, the ReportingObserver destructor would call
ReportingScope::unregisterReportingObserver() to unregister itself. This would
try to modify the vector while it is in the middle of getting cleared.
To address the issue, the ReportingObserver destructor no longer attempts to
unregister itself from the ReportingScope. Since the ReportingScope keeps a
strong reference to the observers, there is no way the observer is still
registered if its destructor gets called.
* Source/WebCore/Modules/reporting/ReportingObserver.cpp:
(WebCore::ReportingObserver::~ReportingObserver): Deleted.
* Source/WebCore/Modules/reporting/ReportingScope.cpp:
(WebCore::ReportingScope::unregisterReportingObserver):
Canonical link: https://commits.webkit.org/266791@main
More information about the webkit-changes
mailing list