[webkit-reviews] review granted: [Bug 202596] Make sure ActiveDOMObject properly deals with detached documents : [Attachment 380242] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 8 10:53:47 PDT 2019
Geoffrey Garen <ggaren at apple.com> has granted Chris Dumez <cdumez at apple.com>'s
request for review:
Bug 202596: Make sure ActiveDOMObject properly deals with detached documents
https://bugs.webkit.org/show_bug.cgi?id=202596
Attachment 380242: Patch
https://bugs.webkit.org/attachment.cgi?id=380242&action=review
--- Comment #4 from Geoffrey Garen <ggaren at apple.com> ---
Comment on attachment 380242
--> https://bugs.webkit.org/attachment.cgi?id=380242
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=380242&action=review
r=me
> Source/WebCore/dom/ActiveDOMObject.cpp:50
> +inline ActiveDOMObject::ActiveDOMObject(ScriptExecutionContext* context,
CheckedScriptExecutionContextType)
> + : ContextDestructionObserver(context)
> +{
> + ASSERT(!is<Document>(context) ||
&downcast<Document>(context)->contextDocument() ==
downcast<Document>(context));
> + if (!context)
> return;
>
> - ASSERT(m_scriptExecutionContext->isContextThread());
> - m_scriptExecutionContext->didCreateActiveDOMObject(*this);
> + ASSERT(context->isContextThread());
> + context->didCreateActiveDOMObject(*this);
> +}
Isn't this constructor still unsafe in the way you described? (
More information about the webkit-reviews
mailing list