Changeset 260545 in webkit

Timestamp:

Apr 22, 2020 5:27:58 PM (4 years ago)

Author:

Darin Adler

Message:

[Cocoa] REGRESSION (r260485): Crash in Legacy WebKit createMenu item function (reproducible under Asan)
​https://bugs.webkit.org/show_bug.cgi?id=210888

Reviewed by Alex Christensen.

• WebView/WebHTMLView.mm:

(createMenuItem): Speculative fix: Go back to using a local variable. Apparently
the Objective-C for loop doesn't extend the lifetime of its argument the way the
C++ range-based for loop does, so the local variable is needed.

Location:

trunk/Source/WebKitLegacy/mac

Files:

• ChangeLog (modified) (1 diff)
• WebView/WebHTMLView.mm (modified) (1 diff)

trunk/Source/WebKitLegacy/mac/ChangeLog

@@ +1 @@
+2020-04-22  Darin Adler  <darin@apple.com>
+
+        [Cocoa] REGRESSION (r260485): Crash in Legacy WebKit createMenu item function (reproducible under Asan)
+        https://bugs.webkit.org/show_bug.cgi?id=210888
+
+        Reviewed by Alex Christensen.
+
+        * WebView/WebHTMLView.mm:
+        (createMenuItem): Speculative fix: Go back to using a local variable. Apparently
+        the Objective-C for loop doesn't extend the lifetime of its argument the way the
+        C++ range-based for loop does, so the local variable is needed.
+
 2020-04-21  Peng Liu  <peng.liu6@apple.com>
 

trunk/Source/WebKitLegacy/mac/WebView/WebHTMLView.mm

@@ -3673 +3673 @@
     case WebCore::SubmenuType: {
         auto menu = adoptNS([[NSMenu alloc] init]);
-
-        for (NSMenuItem *menuItem in createMenuItems(hitTestResult, item.subMenuItems()).get())
-            [menu addItem:menuItem];
+        {
+            auto submenuItems = createMenuItems(hitTestResult, item.subMenuItems());
+            for (NSMenuItem *menuItem in submenuItems.get())
+                [menu addItem:menuItem];
+        }
 
         auto menuItem = adoptNS([[NSMenuItem alloc] initWithTitle:item.title() action:nullptr keyEquivalent:@""]);