[webkit-changes] [WebKit/WebKit] eac7aa: Use-after-free crash under EventTarget::innerInvok...
Chris Dumez
noreply at github.com
Tue Dec 19 17:13:18 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: eac7aa0748e71af41a45f74aed3448458734c12a
https://github.com/WebKit/WebKit/commit/eac7aa0748e71af41a45f74aed3448458734c12a
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-12-19 (Tue, 19 Dec 2023)
Changed paths:
A LayoutTests/fast/events/document-destruction-during-event-firing-crash-expected.txt
A LayoutTests/fast/events/document-destruction-during-event-firing-crash.html
Log Message:
-----------
Use-after-free crash under EventTarget::innerInvokeEventListeners()
https://bugs.webkit.org/show_bug.cgi?id=263029
rdar://116802026
Reviewed by Ryosuke Niwa.
Make sure we keep the script execution context alive by holding it in a Ref<>.
* LayoutTests/fast/events/document-destruction-during-event-firing-crash-expected.txt: Added.
* LayoutTests/fast/events/document-destruction-during-event-firing-crash.html: Added.
* Source/WebCore/dom/EventTarget.cpp:
(WebCore::EventTarget::innerInvokeEventListeners):
Originally-landed-as: 267815.272 at safari-7617-branch (fc0cce085a99). rdar://119565389
Canonical link: https://commits.webkit.org/272315@main
More information about the webkit-changes
mailing list