[webkit-changes] [225693] trunk/Source/JavaScriptCore

[commit-queue]

Title: [225693] trunk/Source/_javascript_Core

Revision

225693

Author

commit-qu...@webkit.org

Date

2017-12-08 12:21:27 -0800 (Fri, 08 Dec 2017)

Log Message

Web Inspector: CRASH at InspectorConsoleAgent::enable when iterating mutable list of buffered console messages
https://bugs.webkit.org/show_bug.cgi?id=180590
<rdar://problem/35882767>

Patch by Joseph Pecoraro <pecor...@apple.com> on 2017-12-08
Reviewed by Mark Lam.

* inspector/agents/InspectorConsoleAgent.cpp:
(Inspector::InspectorConsoleAgent::enable):
Swap the messages to a Vector that won't change during iteration.

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/inspector/agents/InspectorConsoleAgent.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (225692 => 225693)

--- trunk/Source/_javascript_Core/ChangeLog	2017-12-08 20:16:54 UTC (rev 225692)
+++ trunk/Source/_javascript_Core/ChangeLog	2017-12-08 20:21:27 UTC (rev 225693)
@@ -1,3 +1,15 @@
+2017-12-08  Joseph Pecoraro  <pecor...@apple.com>
+
+        Web Inspector: CRASH at InspectorConsoleAgent::enable when iterating mutable list of buffered console messages
+        https://bugs.webkit.org/show_bug.cgi?id=180590
+        <rdar://problem/35882767>
+
+        Reviewed by Mark Lam.
+
+        * inspector/agents/InspectorConsoleAgent.cpp:
+        (Inspector::InspectorConsoleAgent::enable):
+        Swap the messages to a Vector that won't change during iteration.
+
 2017-12-08  Michael Saboff  <msab...@apple.com>
 
         YARR: Coalesce constructed character classes

Modified: trunk/Source/_javascript_Core/inspector/agents/InspectorConsoleAgent.cpp (225692 => 225693)

--- trunk/Source/_javascript_Core/inspector/agents/InspectorConsoleAgent.cpp	2017-12-08 20:16:54 UTC (rev 225692)
+++ trunk/Source/_javascript_Core/inspector/agents/InspectorConsoleAgent.cpp	2017-12-08 20:21:27 UTC (rev 225693)
@@ -83,9 +83,11 @@
         expiredMessage.addToFrontend(*m_frontendDispatcher, m_injectedScriptManager, false);
     }
 
-    size_t messageCount = m_consoleMessages.size();
-    for (size_t i = 0; i < messageCount; ++i)
-        m_consoleMessages[i]->addToFrontend(*m_frontendDispatcher, m_injectedScriptManager, false);
+    Vector<std::unique_ptr<ConsoleMessage>> messages;
+    m_consoleMessages.swap(messages);
+
+    for (size_t i = 0; i < messages.size(); ++i)
+        messages[i]->addToFrontend(*m_frontendDispatcher, m_injectedScriptManager, false);
 }
 
 void InspectorConsoleAgent::disable(ErrorString&)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes