[Webkit-unassigned] [Bug 109065] [v8] move persistent::new and ::dispose into same class
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 6 13:38:36 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=109065
--- Comment #9 from Dan Carney <dcarney at google.com> 2013-02-06 13:40:43 PST ---
(From update of attachment 186875)
View in context: https://bugs.webkit.org/attachment.cgi?id=186875&action=review
>> Source/WebCore/bindings/v8/ScriptWrappable.h:47
>> + CRASH();
>
> This part of the patch seems separable from the rest of this work. Perhaps we should make this change in a separate patch?
sure. i can remove it or replace it with an assert in another patch. i thought it might help block a potential use after free exploit, but I understood the ordering wrong.
>> Source/WebCore/bindings/v8/ScriptWrappable.h:79
>> v8::Persistent<v8::Object> m_maskedWrapper;
>
> Aside from the masking, it seems like we could use a ScopedPersistent here.
Yeah, if I can get the masking removed at some point, I'll just replace it.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list