Title: [225693] trunk/Source/_javascript_Core
- Revision
- 225693
- Author
- commit-qu...@webkit.org
- Date
- 2017-12-08 12:21:27 -0800 (Fri, 08 Dec 2017)
Log Message
Web Inspector: CRASH at InspectorConsoleAgent::enable when iterating mutable list of buffered console messages
https://bugs.webkit.org/show_bug.cgi?id=180590
<rdar://problem/35882767>
Patch by Joseph Pecoraro <pecor...@apple.com> on 2017-12-08
Reviewed by Mark Lam.
* inspector/agents/InspectorConsoleAgent.cpp:
(Inspector::InspectorConsoleAgent::enable):
Swap the messages to a Vector that won't change during iteration.
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (225692 => 225693)
--- trunk/Source/_javascript_Core/ChangeLog 2017-12-08 20:16:54 UTC (rev 225692)
+++ trunk/Source/_javascript_Core/ChangeLog 2017-12-08 20:21:27 UTC (rev 225693)
@@ -1,3 +1,15 @@
+2017-12-08 Joseph Pecoraro <pecor...@apple.com>
+
+ Web Inspector: CRASH at InspectorConsoleAgent::enable when iterating mutable list of buffered console messages
+ https://bugs.webkit.org/show_bug.cgi?id=180590
+ <rdar://problem/35882767>
+
+ Reviewed by Mark Lam.
+
+ * inspector/agents/InspectorConsoleAgent.cpp:
+ (Inspector::InspectorConsoleAgent::enable):
+ Swap the messages to a Vector that won't change during iteration.
+
2017-12-08 Michael Saboff <msab...@apple.com>
YARR: Coalesce constructed character classes
Modified: trunk/Source/_javascript_Core/inspector/agents/InspectorConsoleAgent.cpp (225692 => 225693)
--- trunk/Source/_javascript_Core/inspector/agents/InspectorConsoleAgent.cpp 2017-12-08 20:16:54 UTC (rev 225692)
+++ trunk/Source/_javascript_Core/inspector/agents/InspectorConsoleAgent.cpp 2017-12-08 20:21:27 UTC (rev 225693)
@@ -83,9 +83,11 @@
expiredMessage.addToFrontend(*m_frontendDispatcher, m_injectedScriptManager, false);
}
- size_t messageCount = m_consoleMessages.size();
- for (size_t i = 0; i < messageCount; ++i)
- m_consoleMessages[i]->addToFrontend(*m_frontendDispatcher, m_injectedScriptManager, false);
+ Vector<std::unique_ptr<ConsoleMessage>> messages;
+ m_consoleMessages.swap(messages);
+
+ for (size_t i = 0; i < messages.size(); ++i)
+ messages[i]->addToFrontend(*m_frontendDispatcher, m_injectedScriptManager, false);
}
void InspectorConsoleAgent::disable(ErrorString&)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes