Bug 107891

Summary: [V8] Keep a RefPtr<SerializedScriptValue*> when we call serialize()/deserialize() (part 1)
Product: WebKit Reporter: Kentaro Hara <haraken>
Component: WebCore JavaScriptAssignee: Kentaro Hara <haraken>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, inferno, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Kentaro Hara 2013-01-24 18:12:04 PST
If you use a raw SerializedScriptValue* for serialize()/deserialize(), it can potentially cause a use-after-free. This is because serialize()/deserialize() can destruct a RefPtr of the SerializedScriptValue*, depending on data that is serialized/deserialized. So we should keep a RefPtr<SerializedScriptValue*> when we call serialize()/deserialize(). (See https://bugs.webkit.org/show_bug.cgi?id=107792 for more details.)
Comment 1 Kentaro Hara 2013-01-24 18:13:34 PST
Created attachment 184628 [details]
Patch
Comment 2 WebKit Review Bot 2013-01-24 19:07:43 PST
Comment on attachment 184628 [details]
Patch

Rejecting attachment 184628 [details] from commit-queue.

New failing tests:
inspector-protocol/debugger-terminate-dedicated-worker-while-paused.html
Full output: http://queues.webkit.org/results/16118043
Comment 3 WebKit Review Bot 2013-01-24 20:58:10 PST
Comment on attachment 184628 [details]
Patch

Rejecting attachment 184628 [details] from commit-queue.

Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=gce-cq-03', 'apply-attachment', '--no-update', '--non-interactive', 184628, '--port=chromium-xvfb']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue

Last 500 characters of output:
led to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', '--force', '--reviewer', 'Abhishek Arya']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue

Parsed 2 diffs from patch file(s).
patch: **** Can't create file /tmp/pp0bfaeL : No space left on device
patch: **** Can't create file /tmp/ppyzXClO : No space left on device

Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', '--force', '--reviewer', 'Abhishek Arya']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue

Full output: http://queues.webkit.org/results/16119088
Comment 4 WebKit Review Bot 2013-01-24 21:15:11 PST
Comment on attachment 184628 [details]
Patch

Rejecting attachment 184628 [details] from commit-queue.

Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=gce-cq-01', 'apply-attachment', '--no-update', '--non-interactive', 184628, '--port=chromium-xvfb']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue

Last 500 characters of output:
led to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', '--force', '--reviewer', 'Abhishek Arya']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue

Parsed 2 diffs from patch file(s).
patch: **** Can't create file /tmp/ppX12815 : No space left on device
patch: **** Can't create file /tmp/ppD6byI5 : No space left on device

Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', '--force', '--reviewer', 'Abhishek Arya']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue

Full output: http://queues.webkit.org/results/16111335
Comment 5 WebKit Review Bot 2013-01-24 21:56:47 PST
Comment on attachment 184628 [details]
Patch

Rejecting attachment 184628 [details] from commit-queue.

Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=gce-cq-02', 'apply-attachment', '--no-update', '--non-interactive', 184628, '--port=chromium-xvfb']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue

Last 500 characters of output:
led to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', '--force', '--reviewer', 'Abhishek Arya']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue

Parsed 2 diffs from patch file(s).
patch: **** Can't create file /tmp/ppkBeIMr : No space left on device
patch: **** Can't create file /tmp/ppsZVdwr : No space left on device

Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', '--force', '--reviewer', 'Abhishek Arya']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue

Full output: http://queues.webkit.org/results/16122109
Comment 6 WebKit Review Bot 2013-01-25 17:30:10 PST
Comment on attachment 184628 [details]
Patch

Clearing flags on attachment: 184628

Committed r140887: <http://trac.webkit.org/changeset/140887>
Comment 7 WebKit Review Bot 2013-01-25 17:30:14 PST
All reviewed patches have been landed.  Closing bug.