Changeset 239927 in webkit
- Timestamp:
- Jan 14, 2019 7:51:41 AM (5 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
Modules/cache/DOMCacheStorage.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r239926 r239927 1 2019-01-14 Zan Dobersek <zdobersek@igalia.com> 2 3 DOMCacheStorage: use-after-move in doSequentialMatch() 4 https://bugs.webkit.org/show_bug.cgi?id=193396 5 6 Reviewed by Youenn Fablet. 7 8 Depending on the platform- and compiler-specific calling conventions, 9 the doSequentialMatch() code can move out the Vector<Ref<DOMCache>> 10 object into the callback lambda before the DOMCache object at the 11 specified index is retrieved for the DOMCache::doMatch() invocation. 12 13 This problem is now avoided by retrieving reference to the target 14 DOMCache object in an earlier expression. 15 16 * Modules/cache/DOMCacheStorage.cpp: 17 (WebCore::doSequentialMatch): 18 1 19 2019-01-14 Zalan Bujtas <zalan@apple.com> 2 20 -
trunk/Source/WebCore/Modules/cache/DOMCacheStorage.cpp
r239427 r239927 60 60 } 61 61 62 caches[index]->doMatch(WTFMove(info), WTFMove(options), [caches = WTFMove(caches), info, options, completionHandler = WTFMove(completionHandler), index](ExceptionOr<FetchResponse*>&& result) mutable { 62 auto& cache = caches[index].get(); 63 cache.doMatch(WTFMove(info), WTFMove(options), [caches = WTFMove(caches), info, options, completionHandler = WTFMove(completionHandler), index](ExceptionOr<FetchResponse*>&& result) mutable { 63 64 if (result.hasException()) { 64 65 completionHandler(result.releaseException());
Note: See TracChangeset
for help on using the changeset viewer.
