rdar://18798463 ASSERT(!m_deletionHasBegun) in RefCounted.h should be ASSERT_WITH_SECURITY_IMPLICATION There are several assertions in RefCounted.h like ASSERT(!m_deletionHasBegun); These assertions indicate that a use after free will occur. Marking them as ASSERT_WITH_SECURITY_IMPLICATION will help find more security bugs with fuzzing. Iād also propose changing #ifdef NDEBUG #define CHECK_REF_COUNTED_LIFECYCLE 0 #else #define CHECK_REF_COUNTED_LIFECYCLE 1 #endif to #ifdef NDEBUG && ! defined(ADDRESS_SANITIZER) so that release ASAN builds can get the benefit of the checking.
Created attachment 240641 [details] Patch
Comment on attachment 240641 [details] Patch Clearing flags on attachment: 240641 Committed r175382: <http://trac.webkit.org/changeset/175382>
All reviewed patches have been landed. Closing bug.