[Webkit-unassigned] [Bug 110206] [v8] ScriptValue has dangerous copy semantics
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 19 04:53:00 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=110206
--- Comment #3 from Dan Carney <dcarney at google.com> 2013-02-19 04:55:21 PST ---
(In reply to comment #2)
> (From update of attachment 189048 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=189048&action=review
>
> > Source/WebCore/ChangeLog:9
> > + Update ScriptValue to use a reference counted ScopedPersistent
> > + as the existing implementation makes it easy to return dead references.
>
> Would you elaborate on what is dangerous?
>
> We're intentionally replacing SharedPersistent with ScopedPersistent, since it is easy to misuse SharedPersistent.
The following returns a disposed handle:
v8::Handle<v8::Value> someFunction() {
ScriptValue value = getSomeValue();
return value->v8Value();
// Should be
// return v8::Local<v8::Value>::New(value.v8Value());
}
This happens in a few places around the codebase. I'm fixing them one by one, but in IDBAny::toV8, I cannot do it, as toV8 is expected to return a persistent handle and I don't want to change the semantics for one case.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list