Changeset 225658 in webkit


Ignore:
Timestamp:
Dec 7, 2017 5:12:18 PM (6 years ago)
Author:
sbarati@apple.com
Message:

We need to grab the JSLock in InjectedBundle::createWebDataFromUint8Array
https://bugs.webkit.org/show_bug.cgi?id=180492

Reviewed by Alex Christensen.

InjectedBundle::createWebDataFromUint8Array calls into WebCore APIs that allocate
out of the JS heap. It's only legal to allocate out of the JS heap when holding the JS lock.

  • WebProcess/InjectedBundle/InjectedBundle.cpp:

(WebKit::InjectedBundle::createWebDataFromUint8Array):

Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r225655 r225658  
     12017-12-07  Saam Barati  <sbarati@apple.com>
     2
     3        We need to grab the JSLock in InjectedBundle::createWebDataFromUint8Array
     4        https://bugs.webkit.org/show_bug.cgi?id=180492
     5
     6        Reviewed by Alex Christensen.
     7
     8        InjectedBundle::createWebDataFromUint8Array calls into WebCore APIs that allocate
     9        out of the JS heap. It's only legal to allocate out of the JS heap when holding the JS lock.
     10
     11        * WebProcess/InjectedBundle/InjectedBundle.cpp:
     12        (WebKit::InjectedBundle::createWebDataFromUint8Array):
     13
    1142017-12-07  Simon Fraser  <simon.fraser@apple.com>
    215

  • trunk/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp

    r225120 r225658  
    582582{
    583583    JSC::ExecState* execState = toJS(context);
     584    JSLockHolder lock(execState);
    584585    RefPtr<Uint8Array> arrayData = WebCore::toUnsharedUint8Array(execState->vm(), toJS(execState, data));
    585586    return API::Data::create(static_cast<unsigned char*>(arrayData->baseAddress()), arrayData->byteLength());
Note: See TracChangeset for help on using the changeset viewer.