[Webkit-unassigned] [Bug 112858] Remove upcastPointer from ActiveDOMObject constructor
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 21 06:21:44 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=112858
--- Comment #6 from Russell McClellan <russell.mcclellan at gmail.com> 2013-03-21 06:24:11 PST ---
> A general word of caution - ActiveDOMObject has very strict requirements of what can be done from suspend/resume functions. ScriptExecutionContext::suspendActiveDOMObjects() iterates over the HashMap, and if any new objects are created or destroyed during iteration, it's an instant security bug.
These actually do not need suspend and resume, they're only ActiveDOMObjects so that they can alert the GC that they shouldn't be collected when they have pending activity. There's some precedence for this usage, i.e. AudioContext. Does this make sense? Are there other side-effects to making something an ActiveDOMObject?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list