[webkit-changes] [295118] trunk/Source/WebCore/bindings/js/DOMPromiseProxy.h

Wed, 01 Jun 2022 21:03:00 -0700

Title: [295118] trunk/Source/WebCore/bindings/js/DOMPromiseProxy.h
Revision
295118
Author
cdu...@apple.com
Date
2022-06-01 21:02:10 -0700 (Wed, 01 Jun 2022)

Log Message

DOMPromiseProxyWithResolveCallback<IDLType>::promise() should not use |this| after calling resolve() / reject()
https://bugs.webkit.org/show_bug.cgi?id=241195

Reviewed by Alex Christensen.

* Source/WebCore/bindings/js/DOMPromiseProxy.h:
(WebCore::DOMPromiseProxyWithResolveCallback<IDLType>::promise):

Canonical link: https://commits.webkit.org/251209@main

Modified Paths

Diff

Modified: trunk/Source/WebCore/bindings/js/DOMPromiseProxy.h (295117 => 295118)


--- trunk/Source/WebCore/bindings/js/DOMPromiseProxy.h	2022-06-02 03:56:23 UTC (rev 295117)
+++ trunk/Source/WebCore/bindings/js/DOMPromiseProxy.h	2022-06-02 04:02:10 UTC (rev 295118)
@@ -127,7 +127,10 @@
     if (!deferredPromise)
         return JSC::jsUndefined();
 
+    m_deferredPromises.append(*deferredPromise);
+
     if (m_valueOrException) {
+        // Calls to reject() / resolvePromiseCallback() may destroy |this|.
         if (m_valueOrException->hasException())
             deferredPromise->reject(m_valueOrException->exception());
         else
@@ -134,9 +137,7 @@
             resolvePromiseCallback(*deferredPromise);
     }
 
-    auto result = deferredPromise->promise();
-    m_deferredPromises.append(deferredPromise.releaseNonNull());
-    return result;
+    return deferredPromise->promise();
 }
 
 template<typename IDLType>
@@ -224,7 +225,10 @@
     if (!deferredPromise)
         return JSC::jsUndefined();
 
+    m_deferredPromises.append(*deferredPromise);
+
     if (m_valueOrException) {
+        // Calls to reject() / resolve() may destroy |this|.
         if (m_valueOrException->hasException())
             deferredPromise->reject(m_valueOrException->exception());
         else
@@ -231,9 +235,7 @@
             deferredPromise->resolve();
     }
 
-    auto result = deferredPromise->promise();
-    m_deferredPromises.append(deferredPromise.releaseNonNull());
-    return result;
+    return deferredPromise->promise();
 }
 
 inline void DOMPromiseProxy<IDLUndefined>::clear()
@@ -292,7 +294,10 @@
     if (!deferredPromise)
         return JSC::jsUndefined();
 
+    m_deferredPromises.append(*deferredPromise);
+
     if (m_valueOrException) {
+        // Calls to reject() / resolve() may destroy |this|.
         if (m_valueOrException->hasException())
             deferredPromise->reject(m_valueOrException->exception());
         else
@@ -299,9 +304,7 @@
             deferredPromise->template resolve<IDLType>(m_resolveCallback());
     }
 
-    auto result = deferredPromise->promise();
-    m_deferredPromises.append(deferredPromise.releaseNonNull());
-    return result;
+    return deferredPromise->promise();
 }
 
 template<typename IDLType>

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to