RESOLVED FIXED 202596
Make sure ActiveDOMObject properly deals with detached documents 
https://bugs.webkit.org/show_bug.cgi?id=202596
Summary Make sure ActiveDOMObject properly deals with detached documents
Chris Dumez
Reported 2019-10-04 12:59:03 PDT
Make sure ActiveDOMObject properly deals with detached documents.
Attachments
Patch (5.36 KB, patch)
2019-10-04 13:21 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2019-10-04 13:21:03 PDT
Created attachment 380242 [details] Patch
Radar WebKit Bug Importer
Comment 2 2019-10-07 08:14:17 PDT
<rdar://problem/56036491>
Chris Dumez
Comment 3 2019-10-08 10:36:06 PDT
Comment on attachment 380242 [details] Patch ping review?
Geoffrey Garen
Comment 4 2019-10-08 10:53:47 PDT
Comment on attachment 380242 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=380242&action=review r=me > Source/WebCore/dom/ActiveDOMObject.cpp:50 > +inline ActiveDOMObject::ActiveDOMObject(ScriptExecutionContext* context, CheckedScriptExecutionContextType) > + : ContextDestructionObserver(context) > +{ > + ASSERT(!is<Document>(context) || &downcast<Document>(context)->contextDocument() == downcast<Document>(context)); > + if (!context) > return; > > - ASSERT(m_scriptExecutionContext->isContextThread()); > - m_scriptExecutionContext->didCreateActiveDOMObject(*this); > + ASSERT(context->isContextThread()); > + context->didCreateActiveDOMObject(*this); > +} Isn't this constructor still unsafe in the way you described? (
Chris Dumez
Comment 5 2019-10-08 11:03:39 PDT
Comment on attachment 380242 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=380242&action=review >> Source/WebCore/dom/ActiveDOMObject.cpp:50 >> +} > > Isn't this constructor still unsafe in the way you described? ( Thus the CheckedScriptExecutionContextType parameter. This is a private constructor which other protected constructors call *after* they've checked the script execution context. This is purely to avoid code duplication between constructors.
WebKit Commit Bot
Comment 6 2019-10-08 11:39:11 PDT
Comment on attachment 380242 [details] Patch Clearing flags on attachment: 380242 Committed r250843: <https://trac.webkit.org/changeset/250843>
WebKit Commit Bot
Comment 7 2019-10-08 11:39:12 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.