[Webkit-unassigned] [Bug 194530] New: Add some null checks in JSNodeCustom.h's root() and generated isReachableFromOpaqueRoots() functions.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 12 00:53:12 PST 2019 

https://bugs.webkit.org/show_bug.cgi?id=194530

            Bug ID: 194530
           Summary: Add some null checks in JSNodeCustom.h's root() and
                    generated isReachableFromOpaqueRoots() functions.
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore JavaScript
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mark.lam at apple.com

This is needed to fix a null pointer dereference that arises from the following scenario:
1. a Document detaches from its StyleSheetList.
2. the JSStyleSheetList that is associate with the detached StyleSheetList has yet to be scanned and collected by the GC.
3. the GC eventually looks for the opaque root of the StyleSheetList's owner, and discovers a null owner pointer.

This patch fixes this issue by applying the needed null checks.

<rdar://problem/47973274>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190212/e52cf24a/attachment-0001.html>

More information about the webkit-unassigned mailing list