[webkit-reviews] review granted: [Bug 192975] ThreadTimers should not store a raw pointer in its heap : [Attachment 358055] Adds the hardening
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 9 13:07:18 PST 2019
Geoffrey Garen <ggaren at apple.com> has granted Ryosuke Niwa <rniwa at webkit.org>'s
request for review:
Bug 192975: ThreadTimers should not store a raw pointer in its heap
https://bugs.webkit.org/show_bug.cgi?id=192975
Attachment 358055: Adds the hardening
https://bugs.webkit.org/attachment.cgi?id=358055&action=review
--- Comment #11 from Geoffrey Garen <ggaren at apple.com> ---
Comment on attachment 358055
--> https://bugs.webkit.org/attachment.cgi?id=358055
Adds the hardening
View in context: https://bugs.webkit.org/attachment.cgi?id=358055&action=review
r=me
Kinda of a bummer that it's still pretty complicated, but seems to give us the
robustness we want.
> Source/WebCore/platform/ThreadTimers.cpp:82
> + if (m_firingTimers) {
> + m_pendingSharedTimerFireTime = MonotonicTime { };
> + m_sharedTimer->stop();
> + }
We can just move this down below the null timer removal, and keep the old
shared behavior.
> Source/WebCore/platform/ThreadTimers.cpp:84
> + RefPtr<ThreadTimerHeapItem> firstItemWithValidTimer;
We don't need this out of band state. We can just use m_timerHeap.first().
More information about the webkit-reviews
mailing list