NEW 190449
makeWeakPtr() on a derived class provides a bad pointer if CanMakeWeakPtr<> is not its first base class 
https://bugs.webkit.org/show_bug.cgi?id=190449
Summary makeWeakPtr() on a derived class provides a bad pointer if CanMakeWeakPtr<> i...
Simon Fraser (smfr)
Reported 2018-10-10 15:22:22 PDT
I changed RenderLayer to: class RenderLayer final : public RenderLayerNode, public ScrollableArea { ... } where RenderLayerNode is a base class with virtual members and ScrollableArea is: class ScrollableArea : public CanMakeWeakPtr<ScrollableArea> { ... } This triggered crashes in code that referenced weak ptrs to RenderLayers. It seems that weak_reference_downcast() assumes that the pointers are reinterpret-castable, but that's not always true.
Attachments
Add attachment proposed patch, testcase, etc.
Simon Fraser (smfr)
Comment 2 2018-10-10 20:44:50 PDT
This could probably be marked a dup of one of those. I'd like this to work soonish...
Geoffrey Garen
Comment 3 2018-10-10 20:59:17 PDT
A short-term workaround is to list ScrollableArea first in the inheritance hierarchy: class RenderLayer final : public ScrollableArea, public RenderLayerNode {
Simon Fraser (smfr)
Comment 4 2018-10-11 09:39:53 PDT
Sadly that breaks some other casting I wanted to do (but may have to do differently).
Antti Koivisto
Comment 5 2018-10-11 11:13:28 PDT
I'll try to fix WeakPtr at some point.
Note You need to log in before you can comment on or make changes to this bug.