Skip to site navigation (Press enter)

[webkit-changes] [225658] trunk/Source/WebKit

sbarati Thu, 07 Dec 2017 17:12:39 -0800

Title: [225658] trunk/Source/WebKit

Revision: 225658
Author: [email protected]
Date: 2017-12-07 17:12:18 -0800 (Thu, 07 Dec 2017)

Log Message

We need to grab the JSLock in InjectedBundle::createWebDataFromUint8Array
https://bugs.webkit.org/show_bug.cgi?id=180492


Reviewed by Alex Christensen.

InjectedBundle::createWebDataFromUint8Array calls into WebCore APIs that allocate
out of the JS heap. It's only legal to allocate out of the JS heap when holding the JS lock.

* WebProcess/InjectedBundle/InjectedBundle.cpp:
(WebKit::InjectedBundle::createWebDataFromUint8Array):

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp

Diff

Modified: trunk/Source/WebKit/ChangeLog (225657 => 225658)


--- trunk/Source/WebKit/ChangeLog	2017-12-08 00:59:02 UTC (rev 225657)
+++ trunk/Source/WebKit/ChangeLog	2017-12-08 01:12:18 UTC (rev 225658)
@@ -1,3 +1,16 @@
+2017-12-07  Saam Barati  <[email protected]>
+
+        We need to grab the JSLock in InjectedBundle::createWebDataFromUint8Array
+        https://bugs.webkit.org/show_bug.cgi?id=180492
+
+        Reviewed by Alex Christensen.
+
+        InjectedBundle::createWebDataFromUint8Array calls into WebCore APIs that allocate
+        out of the JS heap. It's only legal to allocate out of the JS heap when holding the JS lock.
+
+        * WebProcess/InjectedBundle/InjectedBundle.cpp:
+        (WebKit::InjectedBundle::createWebDataFromUint8Array):
+
 2017-12-07  Simon Fraser  <[email protected]>
 
         Propagate WebKit2Logging channels to the Web Process

Modified: trunk/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp (225657 => 225658)


--- trunk/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp	2017-12-08 00:59:02 UTC (rev 225657)
+++ trunk/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp	2017-12-08 01:12:18 UTC (rev 225658)
@@ -581,6 +581,7 @@
 Ref<API::Data> InjectedBundle::createWebDataFromUint8Array(JSContextRef context, JSValueRef data)
 {
     JSC::ExecState* execState = toJS(context);
+    JSLockHolder lock(execState);
     RefPtr<Uint8Array> arrayData = WebCore::toUnsharedUint8Array(execState->vm(), toJS(execState, data));
     return API::Data::create(static_cast<unsigned char*>(arrayData->baseAddress()), arrayData->byteLength());
 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes