<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div><br></div>If we comprehensively deploy smart pointers in place of raw pointers and manual memory management, then yes.<div><br></div><div>The render tree does have places where non-owning references are held, and these can be some of the biggest security risks. One notable example is the m_floats member in RenderInlineBox. Cleaning these up has historically depended on being really careful about teardown order.</div><div><br></div><div>To get rid of those without use of refcounting, we'll likely need a weak pointer scheme of some kind to go along with RenderPtr.</div><div><br></div><div>Regards,</div><div>Maciej<br><div><br><div><div>On Dec 31, 2013, at 11:53 AM, Ryosuke Niwa <<a href="mailto:rniwa@webkit.org">rniwa@webkit.org</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><br>On Tuesday, December 31, 2013, Ryosuke Niwa wrote:<br><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex;">Nice! Does this also make render objects less dangerous? (For security)<span></span><br><br>On Monday, December 30, 2013, Andreas Kling wrote:<br><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex;"><div style="word-wrap: break-word;">Sup WebKittens,<div><br></div><div>I’ve just added a “RenderPtr" smart pointer to the rendering code and am in the process of switching code from using raw pointers to this.</div><div><br></div><div>Check out the code here: <<a href="https://trac.webkit.org/r161115" target="_blank">https://trac.webkit.org/r161115</a>> (note that I’ve since renamed createRenderObject to createRenderer per Antti’s suggestion.)</div><div><br></div><div>It’s basically a clone of OwnPtr that destroys the pointee by calling destroy() on it. This is because RenderObjects currently has a virtual willBeDestroyed() that may depend on still being inside the tree when it executes. I’d like to simplify this eventually, and switch over to std::unique_ptr, but that will require some spooky changes to basic tree operations so I’m deferring it for now.</div><div><br></div><div>Cheers and happy new year,</div><div>Kling</div></div></blockquote><br><br>--<span class="Apple-converted-space"> </span><br><div>Ryosuke Niwa</div><div><br></div><br></blockquote><br><br>--<span class="Apple-converted-space"> </span><br>- R. Niwa<br>_______________________________________________<br>webkit-dev mailing list<br><a href="mailto:webkit-dev@lists.webkit.org">webkit-dev@lists.webkit.org</a><br><a href="https://lists.webkit.org/mailman/listinfo/webkit-dev">https://lists.webkit.org/mailman/listinfo/webkit-dev</a></div></blockquote></div><br></div></div></body></html>