RESOLVED FIXED107900
Keep a RefPtr<SerializedScriptValue*> when we call serialize()/deserialize() for MessageEvent 
https://bugs.webkit.org/show_bug.cgi?id=107900
Summary Keep a RefPtr<SerializedScriptValue*> when we call serialize()/deserialize() ...
Kentaro Hara
Reported 2013-01-24 20:00:21 PST
If you use a raw SerializedScriptValue* for serialize()/deserialize(), it can potentially cause a use-after-free. This is because serialize()/deserialize() can destruct a RefPtr of the SerializedScriptValue*, depending on data that is serialized/deserialized. So we should keep a RefPtr<SerializedScriptValue*> when we call serialize()/deserialize(). (See https://bugs.webkit.org/show_bug.cgi?id=107792 for more details.)
Attachments
Patch (4.29 KB, patch)
2013-01-24 20:02 PST, Kentaro Hara 		no flags
DetailsFormatted DiffDiff
Patch (4.28 KB, patch)
2013-01-24 20:33 PST, Kentaro Hara 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Kentaro Hara
Comment 1 2013-01-24 20:02:08 PST
Created attachment 184642 [details] Patch
Kentaro Hara
Comment 2 2013-01-24 20:33:18 PST
Created attachment 184646 [details] Patch
WebKit Review Bot
Comment 3 2013-01-24 21:16:07 PST
Comment on attachment 184646 [details] Patch Rejecting attachment 184646 [details] from commit-queue. Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=gce-cq-01', 'apply-attachment', '--no-update', '--non-interactive', 184646, '--port=chromium-xvfb']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue Last 500 characters of output: webkit-commit-queue Parsed 4 diffs from patch file(s). patch: **** Can't create file /tmp/ppXGuTHe : No space left on device patch: **** Can't create file /tmp/ppXchdli : No space left on device patch: **** Can't create file /tmp/ppJlfgAi : No space left on device patch: **** Can't create file /tmp/pplJ1oci : No space left on device Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', '--force', '--reviewer', 'Abhishek Arya']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue Full output: http://queues.webkit.org/results/16117110
WebKit Review Bot
Comment 4 2013-01-24 21:56:57 PST
Comment on attachment 184646 [details] Patch Rejecting attachment 184646 [details] from commit-queue. Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=gce-cq-04', 'apply-attachment', '--no-update', '--non-interactive', 184646, '--port=chromium-xvfb']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue Last 500 characters of output: webkit-commit-queue Parsed 4 diffs from patch file(s). patch: **** Can't create file /tmp/pp3TdUNN : No space left on device patch: **** Can't create file /tmp/ppRGbzuO : No space left on device patch: **** Can't create file /tmp/ppfZ7J6N : No space left on device patch: **** Can't create file /tmp/pp7cK7zM : No space left on device Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', '--force', '--reviewer', 'Abhishek Arya']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue Full output: http://queues.webkit.org/results/16112298
WebKit Review Bot
Comment 5 2013-01-25 17:38:09 PST
Comment on attachment 184646 [details] Patch Clearing flags on attachment: 184646 Committed r140891: <http://trac.webkit.org/changeset/140891>
WebKit Review Bot
Comment 6 2013-01-25 17:38:13 PST
All reviewed patches have been landed. Closing bug.
Gyuyoung Kim
Comment 7 2013-01-25 21:29:25 PST
Build break is fixed on EFL WK2 - http://trac.webkit.org/changeset/140902
Note You need to log in before you can comment on or make changes to this bug.