RESOLVED FIXED 107902
Keep a RefPtr<SerializedScriptValue*> when we call serialize()/deserialize() in code generators 
https://bugs.webkit.org/show_bug.cgi?id=107902
Summary Keep a RefPtr<SerializedScriptValue*> when we call serialize()/deserialize() ...
Kentaro Hara
Reported 2013-01-24 20:24:10 PST
If you use a raw SerializedScriptValue* for serialize()/deserialize(), it can potentially cause a use-after-free. This is because serialize()/deserialize() can destruct a RefPtr of the SerializedScriptValue*, depending on data that is serialized/deserialized. So we should keep a RefPtr<SerializedScriptValue*> when we call serialize()/deserialize(). (See https://bugs.webkit.org/show_bug.cgi?id=107792 for more details.)
Attachments
Patch (9.44 KB, patch)
2013-01-24 20:25 PST, Kentaro Hara 		no flags
DetailsFormatted DiffDiff
Patch (9.43 KB, patch)
2013-01-24 20:34 PST, Kentaro Hara 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Kentaro Hara
Comment 1 2013-01-24 20:25:48 PST
Created attachment 184643 [details] Patch
Kentaro Hara
Comment 2 2013-01-24 20:34:08 PST
Created attachment 184647 [details] Patch
WebKit Review Bot
Comment 3 2013-01-24 21:16:36 PST
Comment on attachment 184647 [details] Patch Rejecting attachment 184647 [details] from commit-queue. Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=gce-cq-03', 'apply-attachment', '--no-update', '--non-interactive', 184647, '--port=chromium-xvfb']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue Last 500 characters of output: n't create file /tmp/ppVYjXZI : No space left on device patch: **** Can't create file /tmp/pp1pdqoH : No space left on device patch: **** Can't create file /tmp/ppBnOc2G : No space left on device patch: **** Can't create file /tmp/ppBoGKbH : No space left on device patch: **** Can't create file /tmp/pptq9YZH : No space left on device Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', '--force', '--reviewer', 'Abhishek Arya']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue Full output: http://queues.webkit.org/results/16124063
WebKit Review Bot
Comment 4 2013-01-24 21:57:00 PST
Comment on attachment 184647 [details] Patch Rejecting attachment 184647 [details] from commit-queue. Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=gce-cq-03', 'apply-attachment', '--no-update', '--non-interactive', 184647, '--port=chromium-xvfb']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue Last 500 characters of output: n't create file /tmp/ppBXIyUe : No space left on device patch: **** Can't create file /tmp/ppCTVKte : No space left on device patch: **** Can't create file /tmp/ppAyMyCh : No space left on device patch: **** Can't create file /tmp/ppwMl1Oh : No space left on device patch: **** Can't create file /tmp/ppOB4lqh : No space left on device Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', '--force', '--reviewer', 'Abhishek Arya']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue Full output: http://queues.webkit.org/results/16121123
WebKit Review Bot
Comment 5 2013-01-25 17:39:36 PST
Comment on attachment 184647 [details] Patch Clearing flags on attachment: 184647 Committed r140892: <http://trac.webkit.org/changeset/140892>
WebKit Review Bot
Comment 6 2013-01-25 17:39:39 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.