ASSERT(!m_deletionHasBegun) in RefCounted.h should be ASSERT_WITH_SECURITY_IMPLICATION
There are several assertions in RefCounted.h like
These assertions indicate that a use after free will occur. Marking them as ASSERT_WITH_SECURITY_IMPLICATION will help find more security bugs with fuzzing.
I’d also propose changing
#define CHECK_REF_COUNTED_LIFECYCLE 0
#define CHECK_REF_COUNTED_LIFECYCLE 1
to #ifdef NDEBUG && ! defined(ADDRESS_SANITIZER)
so that release ASAN builds can get the benefit of the checking.
Created attachment 240641 [details]
Comment on attachment 240641 [details]
Clearing flags on attachment: 240641
Committed r175382: <http://trac.webkit.org/changeset/175382>
All reviewed patches have been landed. Closing bug.