Summary: | Use-after-move of Vector<ManipulationToken> in TextManipulationController::observeParagraphs() | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | David Kilzer (:ddkilzer) <ddkilzer> | ||||
Component: | HTML Editing | Assignee: | David Kilzer (:ddkilzer) <ddkilzer> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | darin, ews-watchlist, mifenton, rniwa, webkit-bug-importer, wenson_hsieh | ||||
Priority: | P2 | Keywords: | InRadar | ||||
Version: | WebKit Nightly Build | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Description
David Kilzer (:ddkilzer)
2020-04-06 17:52:06 PDT
Created attachment 395641 [details]
Patch v1
Comment on attachment 395641 [details] Patch v1 View in context: https://bugs.webkit.org/attachment.cgi?id=395641&action=review > Source/WebCore/editing/TextManipulationController.cpp:307 > - addItem(ManipulationItemData { startOfCurrentParagraph, endOfCurrentParagraph, nullptr, nullQName(), WTFMove(tokensInCurrentParagraph) }); > + addItem(ManipulationItemData { startOfCurrentParagraph, endOfCurrentParagraph, nullptr, nullQName(), std::exchange(tokensInCurrentParagraph, { }) }); Huh, it's kind of annoying that we have to use std::exchange instead in this simple case... Committed r259620: <https://trac.webkit.org/changeset/259620> All reviewed patches have been landed. Closing bug and clearing flags on attachment 395641 [details]. (In reply to Ryosuke Niwa from comment #3) > it's kind of annoying that we have to use std::exchange instead in this simple case... Given how C++ defines the move operation, *any* time we want to do anything with the object afterward we should use std::exchange. If we use WTFMove or std::move, we should think of the object left behind as "can't look at this; can only destroy it or overwrite it with a new value". Any existing habit of using WTFMove and counting on the thing being null afterward is not good for the long term. We need to either use std::exchange or something new define, something other than WTFMove or std::move. The good news is: auto takenValue = std::exchange(m_oldValue, nullptr); with enough inlining could compile to the same thing as: auto takeValue = WTFMove(m_oldValue); |