[webkit-reviews] review granted: [Bug 172086] Crash in libxml2.2.dylib: xmlDictReference : [Attachment 310062] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun May 14 22:45:42 PDT 2017
Daniel Bates <dbates at webkit.org> has granted David Kilzer (:ddkilzer)
<ddkilzer at webkit.org>'s request for review:
Bug 172086: Crash in libxml2.2.dylib: xmlDictReference
https://bugs.webkit.org/show_bug.cgi?id=172086
Attachment 310062: Patch
https://bugs.webkit.org/attachment.cgi?id=310062&action=review
--- Comment #4 from Daniel Bates <dbates at webkit.org> ---
Comment on attachment 310062
--> https://bugs.webkit.org/attachment.cgi?id=310062
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=310062&action=review
> Source/WebCore/xml/XSLStyleSheetLibxslt.cpp:125
> + if (m_stylesheetDoc)
I take it that it is not safe to call xmlFreeDoc() with a nullptr.
>>> Source/WebCore/xml/XSLStyleSheetLibxslt.cpp:129
>>> + m_stylesheetDoc = nullptr;
>>
>> This function is an improvement over the current code. Could it simplify
this function as well as the rest of the code if we made m_stylesheetDoc a
std::unique_ptr<> with a custom deleter that calls xmlFreeDoc()? If we made
this change then would we be able to remove m_stylesheetDocTaken? One example
of a std::unique_ptr<> with a custom deleter is OpenTypeMathData::m_mathFont
whose custom deleter is a function object called HbFontDeleter,
<http://trac.webkit.org/browser/trunk/Source/WebCore/platform/graphics/opentype
/OpenTypeMathData.h?rev=216800#L136>.
>
> So here's the challenge with m_stylesheetDoc: It exists in three different
states in this class. Those states are:
>
> 1. nullptr
> 2. Allocated and owned by XSLStyleSheet class.
> 3. Allocated but owned by libxslt data structure, so just a raw pointer in
XSLStyleSheet class.
>
> The m_stylesheetDocTaken variable differentiates between states #2 and #3.
When m_stylesheetDocTaken is false, we're in state #2. When
m_stylesheetDocTaken is true, we're in state #3. (Yes, m_stylesheetDocTaken
could probably be changed to something like m_stylesheetDocOwned and the
true/false values reversed, but I wanted to keep things "simple" for this
patch.)
>
> Now if I could encode the m_stylesheetDocTaken state inside the
std::unique_ptr<>, that would be great! I need to do more research to know,
though. (Seems like that would violate the main goal of std::unique_ptr<>, in
which case I'd have to have two variables: m_stylesheetDoc as
std::unique_ptr<>, and m_stylesheetDocRaw as a raw pointer, which logic to
return the correct one based on how they're set. That doesn't seem much better
than m_stylesheetDoc and m_stylesheetDocTaken, though.)
I see.
> Source/WebCore/xml/XSLStyleSheetLibxslt.cpp:186
> + return !!m_stylesheetDoc;
I take it you feel this reads better.
More information about the webkit-reviews
mailing list