Title: [274224] branches/safari-612.1.6-branch/Source/WebKit
- Revision
- 274224
- Author
- [email protected]
- Date
- 2021-03-10 11:11:08 -0800 (Wed, 10 Mar 2021)
Log Message
Cherry-pick r274129. rdar://problem/75163359
Regression(r273875): Potential over-release in WKRemoteObjectCoder's decodeObjCObject()
https://bugs.webkit.org/show_bug.cgi?id=222954
<rdar://75163359>
Reviewed by Darin Adler.
r273875 added an adoptNS() for the result of `[allocation initWithCoder:decoder]`. This would be
fine in general, except that we call awakeAfterUsingCoder on the result right after. As per the
awakeAfterUsingCoder documentation [1], it may return the receiver or a new object. When it
returns a new object, it takes care of releasing the receiver. This is an issue for us here since
we were holding the receiver in a smart pointer.
[1] https://developer.apple.com/documentation/objectivec/nsobject/1417074-awakeafterusingcoder
* Shared/API/Cocoa/WKRemoteObjectCoder.mm:
(decodeObjCObject):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@274129 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-612.1.6-branch/Source/WebKit/ChangeLog (274223 => 274224)
--- branches/safari-612.1.6-branch/Source/WebKit/ChangeLog 2021-03-10 19:09:25 UTC (rev 274223)
+++ branches/safari-612.1.6-branch/Source/WebKit/ChangeLog 2021-03-10 19:11:08 UTC (rev 274224)
@@ -1,3 +1,46 @@
+2021-03-10 Alan Coon <[email protected]>
+
+ Cherry-pick r274129. rdar://problem/75163359
+
+ Regression(r273875): Potential over-release in WKRemoteObjectCoder's decodeObjCObject()
+ https://bugs.webkit.org/show_bug.cgi?id=222954
+ <rdar://75163359>
+
+ Reviewed by Darin Adler.
+
+ r273875 added an adoptNS() for the result of `[allocation initWithCoder:decoder]`. This would be
+ fine in general, except that we call awakeAfterUsingCoder on the result right after. As per the
+ awakeAfterUsingCoder documentation [1], it may return the receiver or a new object. When it
+ returns a new object, it takes care of releasing the receiver. This is an issue for us here since
+ we were holding the receiver in a smart pointer.
+
+ [1] https://developer.apple.com/documentation/objectivec/nsobject/1417074-awakeafterusingcoder
+
+ * Shared/API/Cocoa/WKRemoteObjectCoder.mm:
+ (decodeObjCObject):
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@274129 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-03-08 Chris Dumez <[email protected]>
+
+ Regression(r273875): Potential over-release in WKRemoteObjectCoder's decodeObjCObject()
+ https://bugs.webkit.org/show_bug.cgi?id=222954
+ <rdar://75163359>
+
+ Reviewed by Darin Adler.
+
+ r273875 added an adoptNS() for the result of `[allocation initWithCoder:decoder]`. This would be
+ fine in general, except that we call awakeAfterUsingCoder on the result right after. As per the
+ awakeAfterUsingCoder documentation [1], it may return the receiver or a new object. When it
+ returns a new object, it takes care of releasing the receiver. This is an issue for us here since
+ we were holding the receiver in a smart pointer.
+
+ [1] https://developer.apple.com/documentation/objectivec/nsobject/1417074-awakeafterusingcoder
+
+ * Shared/API/Cocoa/WKRemoteObjectCoder.mm:
+ (decodeObjCObject):
+
2021-03-04 Chris Dumez <[email protected]>
Set ownership of IOSurfaces from the GPUProcess instead of the WebProcess
Modified: branches/safari-612.1.6-branch/Source/WebKit/Shared/API/Cocoa/WKRemoteObjectCoder.mm (274223 => 274224)
--- branches/safari-612.1.6-branch/Source/WebKit/Shared/API/Cocoa/WKRemoteObjectCoder.mm 2021-03-10 19:09:25 UTC (rev 274223)
+++ branches/safari-612.1.6-branch/Source/WebKit/Shared/API/Cocoa/WKRemoteObjectCoder.mm 2021-03-10 19:11:08 UTC (rev 274224)
@@ -310,7 +310,7 @@
if (!result)
[NSException raise:NSInvalidUnarchiveOperationException format:@"Object of class \"%@\" returned nil from -initWithCoder: while being decoded", NSStringFromClass(objectClass)];
- result = [result awakeAfterUsingCoder:decoder];
+ result = adoptNS([result.leakRef() awakeAfterUsingCoder:decoder]);
if (!result)
[NSException raise:NSInvalidUnarchiveOperationException format:@"Object of class \"%@\" returned nil from -awakeAfterUsingCoder: while being decoded", NSStringFromClass(objectClass)];
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
