Skip to site navigation (Press enter)

[webkit-changes] [260545] trunk/Source/WebKitLegacy/mac

darin Wed, 22 Apr 2020 17:29:26 -0700

Title: [260545] trunk/Source/WebKitLegacy/mac

Revision: 260545
Author: [email protected]
Date: 2020-04-22 17:27:58 -0700 (Wed, 22 Apr 2020)

Log Message

[Cocoa] REGRESSION (r260485): Crash in Legacy WebKit createMenu item function (reproducible under Asan)
https://bugs.webkit.org/show_bug.cgi?id=210888


Reviewed by Alex Christensen.

* WebView/WebHTMLView.mm:
(createMenuItem): Speculative fix: Go back to using a local variable. Apparently
the Objective-C for loop doesn't extend the lifetime of its argument the way the
C++ range-based for loop does, so the local variable is needed.

Modified Paths

trunk/Source/WebKitLegacy/mac/ChangeLog
trunk/Source/WebKitLegacy/mac/WebView/WebHTMLView.mm

Diff

Modified: trunk/Source/WebKitLegacy/mac/ChangeLog (260544 => 260545)


--- trunk/Source/WebKitLegacy/mac/ChangeLog	2020-04-23 00:04:26 UTC (rev 260544)
+++ trunk/Source/WebKitLegacy/mac/ChangeLog	2020-04-23 00:27:58 UTC (rev 260545)
@@ -1,3 +1,15 @@
+2020-04-22  Darin Adler  <[email protected]>
+
+        [Cocoa] REGRESSION (r260485): Crash in Legacy WebKit createMenu item function (reproducible under Asan)
+        https://bugs.webkit.org/show_bug.cgi?id=210888
+
+        Reviewed by Alex Christensen.
+
+        * WebView/WebHTMLView.mm:
+        (createMenuItem): Speculative fix: Go back to using a local variable. Apparently
+        the Objective-C for loop doesn't extend the lifetime of its argument the way the
+        C++ range-based for loop does, so the local variable is needed.
+
 2020-04-21  Peng Liu  <[email protected]>
 
         Fix MACCATALYST build failures

Modified: trunk/Source/WebKitLegacy/mac/WebView/WebHTMLView.mm (260544 => 260545)


--- trunk/Source/WebKitLegacy/mac/WebView/WebHTMLView.mm	2020-04-23 00:04:26 UTC (rev 260544)
+++ trunk/Source/WebKitLegacy/mac/WebView/WebHTMLView.mm	2020-04-23 00:27:58 UTC (rev 260545)
@@ -3672,10 +3672,12 @@
 
     case WebCore::SubmenuType: {
         auto menu = adoptNS([[NSMenu alloc] init]);
+        {
+            auto submenuItems = createMenuItems(hitTestResult, item.subMenuItems());
+            for (NSMenuItem *menuItem in submenuItems.get())
+                [menu addItem:menuItem];
+        }
 
-        for (NSMenuItem *menuItem in createMenuItems(hitTestResult, item.subMenuItems()).get())
-            [menu addItem:menuItem];
-
         auto menuItem = adoptNS([[NSMenuItem alloc] initWithTitle:item.title() action:nullptr keyEquivalent:@""]);
 
         if (auto tag = toTag(item.action()))

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes