Bug 301458

Summary:	Add a debug assertion for subclasses of CanMakeCheckedPtr to be always heap allocated
Product:	WebKit	Reporter:	Ryosuke Niwa <rniwa>
Component:	New Bugs	Assignee:	Ryosuke Niwa <rniwa>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	commit-queue, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified
See Also:	https://bugs.webkit.org/show_bug.cgi?id=301519
Bug Depends on:	301488, 301522
Bug Blocks:

Ryosuke Niwa

Reported 2025-10-25 04:18:35 PDT

For the purpose of guaranteeing safety, we must heap-allocate objects that are compatible with CheckedPtr/CheckedRef. Add a debug assert that this condition holds.

Attachments
Add attachment proposed patch, testcase, etc.

Ryosuke Niwa

Comment 1 2025-10-25 04:28:10 PDT

Pull request: https://github.com/WebKit/WebKit/pull/52985

Ryosuke Niwa

Comment 2 2025-10-26 13:32:08 PDT

Pull request: https://github.com/WebKit/WebKit/pull/53013

EWS

Comment 3 2025-10-27 05:03:24 PDT

Committed 302184@main (e0db2dcca8c7): <https://commits.webkit.org/302184@main> Reviewed commits have been landed. Closing PR #53013 and removing active labels.

Radar WebKit Bug Importer

Comment 4 2025-10-27 05:04:12 PDT

<rdar://problem/163480143>

WebKit Commit Bot

Comment 5 2025-10-27 11:53:33 PDT

Re-opened since this is blocked by bug 301522

Ryosuke Niwa

Comment 6 2025-10-27 18:55:09 PDT

Pull request: https://github.com/WebKit/WebKit/pull/53064

EWS

Comment 7 2025-10-27 22:18:59 PDT

Committed 302223@main (b7a31900b46c): <https://commits.webkit.org/302223@main> Reviewed commits have been landed. Closing PR #53064 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.