[webkit-changes] [WebKit/WebKit] 1e64ff: Crash under ~Node() due to CheckedPtr

[Chris Dumez]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 1e64ff6225471ac624d3536c41ba9e620d647fba
      
https://github.com/WebKit/WebKit/commit/1e64ff6225471ac624d3536c41ba9e620d647fba
  Author: Chris Dumez <cdu...@apple.com>
  Date:   2024-01-29 (Mon, 29 Jan 2024)

  Changed paths:
    M Source/WebCore/dom/Document.h
    M Source/WebCore/dom/Element.cpp
    M Source/WebCore/dom/Node.cpp
    M Source/WebCore/dom/Node.h
    M Source/WebCore/dom/ShadowRoot.cpp
    M Source/WebCore/dom/ShadowRoot.h
    M Source/WebCore/page/scrolling/ScrollAnchoringController.cpp
    M Source/WebCore/rendering/RenderObject.cpp
    M Source/WebCore/rendering/RenderObject.h

  Log Message:
  -----------
  Crash under ~Node() due to CheckedPtr
https://bugs.webkit.org/show_bug.cgi?id=268265
rdar://120253664

Reviewed by Brent Fulgham.

Stop using CheckedPtr with Nodes completely. Ever since adopting, we've
been getting crashes in the CanMakeCheckedPtrBase destructor.

I've tried reducing the use of CheckedPtr with Nodes but the crashes are
still happening in the wild. To address the issue, I am getting rid of all
remaining usage for now.

I've switched to WeakRef/WeakPtr when possible. However, for the Node data
members I had to go back to raw pointers for now. Sadly, we can't use
WeakPtr for those at the moment because of the DOM & CSS JIT. We should
revisit to get rid of these raw pointers but for now, we need to address
the crashes caused by CheckedPtr adoption.

* Source/WebCore/dom/Document.h:
(WebCore::Document::incrementPtrCount const): Deleted.
(WebCore::Document::decrementPtrCount const): Deleted.
(WebCore::Document::registerCheckedPtr const): Deleted.
(WebCore::Document::copyCheckedPtr const): Deleted.
(WebCore::Document::moveCheckedPtr const): Deleted.
(WebCore::Document::unregisterCheckedPtr const): Deleted.
* Source/WebCore/dom/Element.cpp:
(WebCore::attrNodeListMap):
(WebCore::elementIdentifiersMap):
* Source/WebCore/dom/Node.cpp:
* Source/WebCore/dom/Node.h:
(WebCore::Node::previousSibling const):
(WebCore::Node::protectedPreviousSibling const):
(WebCore::Node::nextSibling const):
(WebCore::Node::protectedNextSibling const):
(WebCore::Node::parentNode const):
* Source/WebCore/dom/ShadowRoot.cpp:
* Source/WebCore/dom/ShadowRoot.h:
* Source/WebCore/page/scrolling/ScrollAnchoringController.cpp:
(WebCore::canIncludeElementInPriorityCandidateChain):
* Source/WebCore/rendering/RenderObject.cpp:
* Source/WebCore/rendering/RenderObject.h:

Canonical link: https://commits.webkit.org/273664@main


_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes