Bug 201170

Summary: [WebCore] DataCue should not use gcProtect / gcUnprotect
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: Web AudioAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: calvaris, cdumez, darin, eric.carlson, esprehn+autocc, ews-watchlist, ggaren, gyuyoung.kim, mark.lam, philipj, rniwa, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch mark.lam: review+

Description Yusuke Suzuki 2019-08-26 20:13:17 PDT 
JSC::gcProtect / gcUnprotect are APIs designed for JavaScriptCore.framework. It has JSLocker check and the crash in DataCue is happening now.
We should use JSValueInWrappedObject instead.
Comment 1 Radar WebKit Bug Importer 2019-08-26 20:13:42 PDT 
<rdar://problem/54733619>
Comment 2 Yusuke Suzuki 2019-08-26 22:33:56 PDT 
Created attachment 377318 [details]
Patch
Comment 3 Yusuke Suzuki 2019-08-26 22:39:43 PDT 
Created attachment 377319 [details]
Patch
Comment 4 Mark Lam 2019-08-26 23:33:13 PDT 
Comment on attachment 377319 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=377319&action=review

r=me

> Source/WebCore/ChangeLog:17
> +        As a first step, this patch just converts raw JSValue + gcProtect/gcUnprotect with JSC::Strong<>.

I suggest /converts/replaces/.
Comment 5 Yusuke Suzuki 2019-08-26 23:41:36 PDT 
Comment on attachment 377319 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=377319&action=review

>> Source/WebCore/ChangeLog:17
>> +        As a first step, this patch just converts raw JSValue + gcProtect/gcUnprotect with JSC::Strong<>.
> 
> I suggest /converts/replaces/.

Thanks, fixed.
Comment 6 Yusuke Suzuki 2019-08-26 23:51:54 PDT 
Committed r249133: <https://trac.webkit.org/changeset/249133>
Comment 7 Yusuke Suzuki 2019-08-28 10:38:37 PDT 
*** Bug 199340 has been marked as a duplicate of this bug. ***