Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: b5502f0dc670c978232c2b14a3b075e9636d8351
https://github.com/WebKit/WebKit/commit/b5502f0dc670c978232c2b14a3b075e9636d8351
Author: Ryan Reno <rr...@apple.com>
Date: 2024-08-22 (Thu, 22 Aug 2024)
Changed paths:
M Source/WebCore/Modules/reporting/ReportingObserver.cpp
Log Message:
-----------
REGRESSION (280886@main) ReportingObserver can be garbage collected while a
task is queued to make report callbacks.
https://bugs.webkit.org/show_bug.cgi?id=278534
rdar://133409507
Reviewed by Brent Fulgham.
In 280886@main I tied the lifetime of the ReportingObserver object to
whether or not it is observing reports by making it an ActiveDOMObject.
In some cases (especially
imported/w3c/web-platform-tests/reporting/disconnect.html)
the object and its callback can be garbage collected while there's an
outstanding task to make the callback with its reports which can
cause a null pointer dereference when attempting to invoke the callback.
This change will keep the object alive until after the callback has been
serviced, even if all references are dropped and the ReportingObserver
has disconnected.
* Source/WebCore/Modules/reporting/ReportingObserver.cpp:
(WebCore::ReportingObserver::appendQueuedReportIfCorrectType):
Canonical link: https://commits.webkit.org/282645@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
