[webkit-changes] [WebKit/WebKit] b5502f: REGRESSION (280886 at main) ReportingObserver can be ...
Ryan Reno
noreply at github.com
Thu Aug 22 20:30:24 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: b5502f0dc670c978232c2b14a3b075e9636d8351
https://github.com/WebKit/WebKit/commit/b5502f0dc670c978232c2b14a3b075e9636d8351
Author: Ryan Reno <rreno at apple.com>
Date: 2024-08-22 (Thu, 22 Aug 2024)
Changed paths:
M Source/WebCore/Modules/reporting/ReportingObserver.cpp
Log Message:
-----------
REGRESSION (280886 at main) ReportingObserver can be garbage collected while a task is queued to make report callbacks.
https://bugs.webkit.org/show_bug.cgi?id=278534
rdar://133409507
Reviewed by Brent Fulgham.
In 280886 at main I tied the lifetime of the ReportingObserver object to
whether or not it is observing reports by making it an ActiveDOMObject.
In some cases (especially imported/w3c/web-platform-tests/reporting/disconnect.html)
the object and its callback can be garbage collected while there's an
outstanding task to make the callback with its reports which can
cause a null pointer dereference when attempting to invoke the callback.
This change will keep the object alive until after the callback has been
serviced, even if all references are dropped and the ReportingObserver
has disconnected.
* Source/WebCore/Modules/reporting/ReportingObserver.cpp:
(WebCore::ReportingObserver::appendQueuedReportIfCorrectType):
Canonical link: https://commits.webkit.org/282645@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list