Title: [236693] trunk/Source/WebCore
- Revision
- 236693
- Author
- rn...@webkit.org
- Date
- 2018-10-01 14:53:36 -0700 (Mon, 01 Oct 2018)
Log Message
ASAN failure in ~GCReachableRef()
https://bugs.webkit.org/show_bug.cgi?id=190113
Reviewed by Darin Adler.
The bug was caused by ~GCReachableRef accessing Ref after it had been poisoned for ASAN
in Ref::leakRef via Ref(Ref&& other). Fixed the bug by using RefPtr instead since that's
the simplest solution here although we could unpoison Ref temporarily as done in ~Ref.
* dom/GCReachableRef.h:
(WebCore::GCReachableRef::GCReachableRef):
(WebCore::GCReachableRef::~GCReachableRef):
(WebCore::GCReachableRef::operator-> const):
(WebCore::GCReachableRef::get const):
(WebCore::GCReachableRef::operator T& const):
(WebCore::GCReachableRef::operator! const):
(WebCore::GCReachableRef::isNull const): Deleted.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (236692 => 236693)
--- trunk/Source/WebCore/ChangeLog 2018-10-01 21:25:21 UTC (rev 236692)
+++ trunk/Source/WebCore/ChangeLog 2018-10-01 21:53:36 UTC (rev 236693)
@@ -1,3 +1,23 @@
+2018-10-01 Ryosuke Niwa <rn...@webkit.org>
+
+ ASAN failure in ~GCReachableRef()
+ https://bugs.webkit.org/show_bug.cgi?id=190113
+
+ Reviewed by Darin Adler.
+
+ The bug was caused by ~GCReachableRef accessing Ref after it had been poisoned for ASAN
+ in Ref::leakRef via Ref(Ref&& other). Fixed the bug by using RefPtr instead since that's
+ the simplest solution here although we could unpoison Ref temporarily as done in ~Ref.
+
+ * dom/GCReachableRef.h:
+ (WebCore::GCReachableRef::GCReachableRef):
+ (WebCore::GCReachableRef::~GCReachableRef):
+ (WebCore::GCReachableRef::operator-> const):
+ (WebCore::GCReachableRef::get const):
+ (WebCore::GCReachableRef::operator T& const):
+ (WebCore::GCReachableRef::operator! const):
+ (WebCore::GCReachableRef::isNull const): Deleted.
+
2018-10-01 Sihui Liu <sihui_...@apple.com>
Remove StorageProcess
Modified: trunk/Source/WebCore/dom/GCReachableRef.h (236692 => 236693)
--- trunk/Source/WebCore/dom/GCReachableRef.h 2018-10-01 21:25:21 UTC (rev 236692)
+++ trunk/Source/WebCore/dom/GCReachableRef.h 2018-10-01 21:53:36 UTC (rev 236693)
@@ -50,42 +50,31 @@
template<typename = std::enable_if_t<std::is_base_of<Node, T>::value>>
GCReachableRef(T& object)
- : m_ref(object)
+ : m_ptr(&object)
{
- GCReachableRefMap::add(m_ref.get());
+ GCReachableRefMap::add(*m_ptr);
}
~GCReachableRef()
{
- if (!isNull())
- GCReachableRefMap::remove(m_ref.get());
+ if (m_ptr)
+ GCReachableRefMap::remove(*m_ptr);
}
- template<typename X, typename Y, typename = std::enable_if_t<std::is_base_of<Node, T>::value>>
- GCReachableRef(Ref<X, Y>&& other)
- : m_ref(WTFMove(other.m_ref))
- {
- if (!isNull())
- GCReachableRefMap::add(m_ref.get());
- }
-
GCReachableRef(GCReachableRef&& other)
- : m_ref(WTFMove(other.m_ref))
+ : m_ptr(WTFMove(other.m_ptr))
{
}
- template<typename X, typename Y> GCReachableRef(const GCReachableRef<X, Y>& other) = delete;
+ T* operator->() const { return &get(); }
+ T* ptr() const RETURNS_NONNULL { return &get(); }
+ T& get() const { ASSERT(m_ptr); return *m_ptr; }
+ operator T&() const { ASSERT(m_ptr); return *m_ptr; }
+ bool operator!() const { return !get(); }
- T* operator->() const { ASSERT(!isNull()); return m_ref.ptr(); }
- T* ptr() const RETURNS_NONNULL { ASSERT(!isNull()); return m_ref.ptr(); }
- T& get() const { ASSERT(!isNull()); return m_ref.get(); }
- operator T&() const { ASSERT(!isNull()); return m_ref.get(); }
- bool operator!() const { ASSERT(!isNull()); return !m_ref.get(); }
-
private:
- bool isNull() const { return m_ref.isHashTableEmptyValue(); }
- Ref<T> m_ref;
+ RefPtr<T> m_ptr;
};
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
