[webkit-changes] [268159] trunk/Source/WebCore

Wed, 07 Oct 2020 15:45:25 -0700

Title: [268159] trunk/Source/WebCore
Revision
268159
Author
[email protected]
Date
2020-10-07 15:44:09 -0700 (Wed, 07 Oct 2020)

Log Message

Crash under JSAudioWorkletProcessorConstructor::~JSAudioWorkletProcessorConstructor()
https://bugs.webkit.org/show_bug.cgi?id=217448
<rdar://problem/70059902>

Reviewed by Geoffrey Garen.

Make sure we clear out m_processorConstructorMap in AudioWorkletGlobalScope::prepareForTermination()
since this map keeps JS wrappers alive.

No new tests, already covered by existing tests that are crashing on ASAN bots.

* Modules/webaudio/AudioWorkletGlobalScope.cpp:
(WebCore::AudioWorkletGlobalScope::prepareForTermination):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (268158 => 268159)


--- trunk/Source/WebCore/ChangeLog	2020-10-07 22:42:21 UTC (rev 268158)
+++ trunk/Source/WebCore/ChangeLog	2020-10-07 22:44:09 UTC (rev 268159)
@@ -1,3 +1,19 @@
+2020-10-07  Chris Dumez  <[email protected]>
+
+        Crash under JSAudioWorkletProcessorConstructor::~JSAudioWorkletProcessorConstructor()
+        https://bugs.webkit.org/show_bug.cgi?id=217448
+        <rdar://problem/70059902>
+
+        Reviewed by Geoffrey Garen.
+
+        Make sure we clear out m_processorConstructorMap in AudioWorkletGlobalScope::prepareForTermination()
+        since this map keeps JS wrappers alive.
+
+        No new tests, already covered by existing tests that are crashing on ASAN bots.
+
+        * Modules/webaudio/AudioWorkletGlobalScope.cpp:
+        (WebCore::AudioWorkletGlobalScope::prepareForTermination):
+
 2020-10-07  Tyler Wilcock  <[email protected]>
 
         background-clip:var(--a) invalidates -webkit-background-clip:text when --a:text

Modified: trunk/Source/WebCore/Modules/webaudio/AudioWorkletGlobalScope.cpp (268158 => 268159)


--- trunk/Source/WebCore/Modules/webaudio/AudioWorkletGlobalScope.cpp	2020-10-07 22:42:21 UTC (rev 268158)
+++ trunk/Source/WebCore/Modules/webaudio/AudioWorkletGlobalScope.cpp	2020-10-07 22:44:09 UTC (rev 268159)
@@ -115,6 +115,8 @@
         defaultTaskGroup->stopAndDiscardAllTasks();
     stopActiveDOMObjects();
 
+    m_processorConstructorMap.clear();
+
     // Event listeners would keep DOMWrapperWorld objects alive for too long. Also, they have references to JS objects,
     // which become dangling once Heap is destroyed.
     removeAllEventListeners();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to