[Webkit-unassigned] [Bug 237060] Queue throwing exception of blob objects during destruction
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 22 14:55:56 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=237060
--- Comment #5 from Yusuke Suzuki <ysuzuki at apple.com> ---
Comment on attachment 452903
--> https://bugs.webkit.org/attachment.cgi?id=452903
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=452903&action=review
> Source/WebCore/fileapi/Blob.cpp:289
> + auto& heap = globalObject.vm().heap;
> +
> + if (!heap.isShuttingDown()) {
Let's add VM::isShuttingDown() getter and use it instead of touching heap directly here.
Heap and VM can become different after global GC. So for now, VM::isShuttingDown() implementation should be `return heap.isShuttingDown()`.
But we should avoid touching heap directly here.
> Source/WebCore/fileapi/Blob.cpp:290
> + auto* context = m_loader->getScriptExecutionContext();
I think there is no guarantee that ScriptExecutionContext* is already destroyed. Is it ensured that this is still valid?
> Source/WebCore/fileapi/FileReaderLoader.h:127
> + ScriptExecutionContext* m_scriptExecutionContext;
I think we cannot have this raw pointer since we have no mechanism to make this nullptr when ScriptExecutionContext is destroyed. Is this correct?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220222/6776c879/attachment.htm>
More information about the webkit-unassigned
mailing list