Changeset 239525 in webkit
- Timestamp:
- Dec 21, 2018 3:49:26 PM (5 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
inspector/AsyncStackTrace.cpp (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r239477 r239525 1 2018-12-21 Joseph Pecoraro <pecoraro@apple.com> 2 3 Web Inspector: Crashes seen under Inspector::ScriptCallFrame::~ScriptCallFrame 4 https://bugs.webkit.org/show_bug.cgi?id=180373 5 <rdar://problem/33894170> 6 7 Rubber-stamped by Devin Rousso. 8 9 * inspector/AsyncStackTrace.cpp: 10 (Inspector::AsyncStackTrace::truncate): 11 The `lastUnlockedAncestor->remove()` may release the only reference to it's 12 parent which we intend to use later but don't hold a RefPtr to. Keep the 13 parent alive explicitly by protecting it. 14 1 15 2018-12-20 Chris Dumez <cdumez@apple.com> 2 16 -
trunk/Source/JavaScriptCore/inspector/AsyncStackTrace.cpp
r237009 r239525 168 168 // The subtree being truncated must be removed from it's parent before 169 169 // updating its parent pointer chain. 170 auto* sourceNode = lastUnlockedAncestor->m_parent.get();170 RefPtr<AsyncStackTrace> sourceNode = lastUnlockedAncestor->m_parent; 171 171 lastUnlockedAncestor->remove(); 172 172 … … 176 176 previousNode = previousNode->m_parent.get(); 177 177 178 if (sourceNode == newStackTraceRoot)178 if (sourceNode.get() == newStackTraceRoot) 179 179 break; 180 180 181 sourceNode = sourceNode->m_parent .get();181 sourceNode = sourceNode->m_parent; 182 182 } 183 183
Note: See TracChangeset
for help on using the changeset viewer.
