Bug 190449 - makeWeakPtr() on a derived class provides a bad pointer if CanMakeWeakPtr<> is not its first base class
Summary: makeWeakPtr() on a derived class provides a bad pointer if CanMakeWeakPtr<> i...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Template Framework (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-10-10 15:22 PDT by Simon Fraser (smfr)
Modified: 2018-10-11 11:13 PDT (History)
7 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Simon Fraser (smfr) 2018-10-10 15:22:22 PDT 
I changed RenderLayer to:

class RenderLayer final : public RenderLayerNode, public ScrollableArea {
...
}

where RenderLayerNode is a base class with virtual members
and ScrollableArea is:

class ScrollableArea : public CanMakeWeakPtr<ScrollableArea> {
...
}

This triggered crashes in code that referenced weak ptrs to RenderLayers. It seems that weak_reference_downcast() assumes that the pointers are reinterpret-castable, but that's not always true.
Comment 2 Simon Fraser (smfr) 2018-10-10 20:44:50 PDT 
This could probably be marked a dup of one of those. I'd like this to work soonish...
Comment 3 Geoffrey Garen 2018-10-10 20:59:17 PDT 
A short-term workaround is to list ScrollableArea first in the inheritance hierarchy:

class RenderLayer final : public ScrollableArea, public RenderLayerNode {
Comment 4 Simon Fraser (smfr) 2018-10-11 09:39:53 PDT 
Sadly that breaks some other casting I wanted to do (but may have to do differently).
Comment 5 Antti Koivisto 2018-10-11 11:13:28 PDT 
I'll try to fix WeakPtr at some point.