[webkit-changes] [WebKit/WebKit] f747a6: Regression(268375 at main) Crash under ~Node() due to...
Chris Dumez
noreply at github.com
Thu Oct 26 16:25:15 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: f747a6b78181b8efeb10a03e42b1fb66216082f5
https://github.com/WebKit/WebKit/commit/f747a6b78181b8efeb10a03e42b1fb66216082f5
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-10-26 (Thu, 26 Oct 2023)
Changed paths:
A LayoutTests/fast/dom/Node/Node-destruction-crash-expected.txt
A LayoutTests/fast/dom/Node/Node-destruction-crash.html
M Source/WTF/wtf/CheckedPtr.h
M Source/WTF/wtf/CheckedRef.h
M Source/WTF/wtf/StackTrace.cpp
M Source/WTF/wtf/StackTrace.h
M Source/WebCore/css/StyleSheetContents.cpp
M Source/WebCore/dom/Document.h
M Source/WebCore/dom/ShadowRoot.h
M Source/WebCore/dom/TreeScope.cpp
M Source/WebCore/dom/TreeScope.h
M Source/WebCore/history/HistoryItem.cpp
M Source/WebCore/rendering/RenderListBox.h
M Source/WebCore/rendering/RenderObject.cpp
M Source/WebCore/style/StyleScope.cpp
M Source/WebCore/style/StyleScope.h
M Source/WebKit/NetworkProcess/NetworkProcess.h
Log Message:
-----------
Regression(268375 at main) Crash under ~Node() due to CheckedRef
https://bugs.webkit.org/show_bug.cgi?id=263671
rdar://117483509
Reviewed by Ryosuke Niwa.
Add code behind a CHECKED_POINTER_DEBUG compile flag (off by default) to help
debug CheckedPtr / CheckedRef crashes. I used this code to debug the crash in
this bug.
Do a partial revert of 268375 at main to address the regression and add a FIXME
comment to address this better in the near future.
* LayoutTests/fast/dom/Node/Node-destruction-crash-expected.txt: Added.
* LayoutTests/fast/dom/Node/Node-destruction-crash.html: Added.
* Source/WTF/wtf/CheckedPtr.h:
(WTF::CheckedPtr::~CheckedPtr):
(WTF::CheckedPtr::releaseNonNull):
(WTF::CheckedPtr::operator=):
(WTF::CheckedPtr::unregisterCheckedPtrIfNecessary):
* Source/WTF/wtf/CheckedRef.h:
(WTF::CheckedRef::~CheckedRef):
(WTF::CheckedRef::CheckedRef):
(WTF::CheckedRef::operator=):
(WTF::CheckedRef::unregisterCheckedPtrIfNecessary):
(WTF::CanMakeCheckedPtrBase::CanMakeCheckedPtrBase):
(WTF::CanMakeCheckedPtrBase::operator=):
(WTF::CanMakeCheckedPtrBase::~CanMakeCheckedPtrBase):
(WTF::CanMakeCheckedPtrBase::copyCheckedPtr const):
(WTF::CanMakeCheckedPtrBase::moveCheckedPtr const):
(WTF::CanMakeCheckedPtrBase::unregisterCheckedPtr const):
(WTF::CanMakeCheckedPtrBase::SharedStackTrace::create):
(WTF::CanMakeCheckedPtrBase::SharedStackTrace::toString const):
(WTF::CanMakeCheckedPtrBase::SharedStackTrace::SharedStackTrace):
(WTF::PtrCounterType>::registerCheckedPtr const):
(WTF::bool const):
(WTF::SingleThreadIntegralWrapper<IntegralType>::operator const): Deleted.
* Source/WTF/wtf/StackTrace.cpp:
(WTF::StackTrace::toString const):
* Source/WTF/wtf/StackTrace.h:
* Source/WebCore/dom/Document.h:
(WebCore::Document::registerCheckedPtr const):
(WebCore::Document::copyCheckedPtr const):
(WebCore::Document::moveCheckedPtr const):
(WebCore::Document::unregisterCheckedPtr const):
* Source/WebCore/dom/ShadowRoot.h:
* Source/WebCore/dom/TreeScope.cpp:
(WebCore::TreeScope::registerCheckedPtr const):
(WebCore::TreeScope::copyCheckedPtr const):
(WebCore::TreeScope::moveCheckedPtr const):
(WebCore::TreeScope::unregisterCheckedPtr const):
* Source/WebCore/dom/TreeScope.h:
* Source/WebCore/rendering/RenderListBox.h:
* Source/WebCore/rendering/RenderObject.cpp:
* Source/WebCore/style/StyleScope.cpp:
(WebCore::Style::Scope::updateQueryContainerState):
* Source/WebCore/style/StyleScope.h:
* Source/WebKit/NetworkProcess/NetworkProcess.h:
Canonical link: https://commits.webkit.org/269829@main
More information about the webkit-changes
mailing list