LibJS+LibWeb: Make CyclicModule & GraphLoadingState GC-allocated

This allows them to participate in the ownership graph and fixes a lifetime issue in module loading found by ASAN. Co-Authored-By: networkException <networkexception@serenityos.org>
2025-07-25 00:37:34 +00:00 · 2023-11-17 12:14:18 +01:00 · 2023-11-17 12:14:18 +01:00 · 0817d8bda6
commit 0817d8bda6
parent aa7501a66a
6 changed files with 60 additions and 24 deletions
--- a/Userland/Libraries/LibWeb/HTML/Scripting/Fetching.cpp
+++ b/Userland/Libraries/LibWeb/HTML/Scripting/Fetching.cpp
@ -760,7 +760,7 @@ void fetch_descendants_of_and_link_a_module_script(JS::Realm& realm,
    }

    // 3. Let state be Record { [[ParseError]]: null, [[Destination]]: destination, [[PerformFetch]]: null, [[FetchClient]]: fetchClient }.
-    auto state = FetchContext { {}, destination, {}, fetch_client };
+    auto state = realm.heap().allocate_without_realm<FetchContext>(JS::js_null(), destination, nullptr, fetch_client);

    // FIXME: 4. If performFetch was given, set state.[[PerformFetch]] to performFetch.

@ -796,8 +796,8 @@ void fetch_descendants_of_and_link_a_module_script(JS::Realm& realm,
    WebIDL::upon_rejection(loading_promise, [&state, &module_script, on_complete](auto const&) -> WebIDL::ExceptionOr<JS::Value> {
        // 1. If state.[[ParseError]] is not null, set moduleScript's error to rethrow to state.[[ParseError]] and run
        //    onComplete given moduleScript.
-        if (state.parse_error != nullptr) {
-            module_script.set_error_to_rethrow(*state.parse_error);
+        if (!state->parse_error.is_null()) {
+            module_script.set_error_to_rethrow(state->parse_error);

            on_complete->function()(module_script);
        }
--- a/Userland/Libraries/LibWeb/HTML/Scripting/Fetching.h
+++ b/Userland/Libraries/LibWeb/HTML/Scripting/Fetching.h
@ -54,8 +54,17 @@ struct ScriptFetchOptions {
 // https://html.spec.whatwg.org/multipage/webappapis.html#default-classic-script-fetch-options
 ScriptFetchOptions default_classic_script_fetch_options();

-struct FetchContext : JS::GraphLoadingState::HostDefined {
-    FetchContext(JS::GCPtr<JS::Value> parse_error, Fetch::Infrastructure::Request::Destination destination, JS::GCPtr<JS::Promise> perform_fetch, EnvironmentSettingsObject& fetch_client)
+class FetchContext : public JS::GraphLoadingState::HostDefined {
+    JS_CELL(FetchContext, JS::GraphLoadingState::HostDefined);
+
+public:
+    JS::Value parse_error;                                   // [[ParseError]]
+    Fetch::Infrastructure::Request::Destination destination; // [[Destination]]
+    JS::GCPtr<JS::Promise> perform_fetch;                    // [[PerformFetch]]
+    EnvironmentSettingsObject& fetch_client;                 // [[FetchClient]]
+
+private:
+    FetchContext(JS::Value parse_error, Fetch::Infrastructure::Request::Destination destination, JS::GCPtr<JS::Promise> perform_fetch, EnvironmentSettingsObject& fetch_client)
        : parse_error(parse_error)
        , destination(destination)
        , perform_fetch(perform_fetch)
@ -63,10 +72,13 @@ struct FetchContext : JS::GraphLoadingState::HostDefined {
    {
    }

-    JS::GCPtr<JS::Value> parse_error;                        // [[ParseError]]
-    Fetch::Infrastructure::Request::Destination destination; // [[Destination]]
-    JS::GCPtr<JS::Promise> perform_fetch;                    // [[PerformFetch]]
-    EnvironmentSettingsObject& fetch_client;                 // [[FetchClient]]
+    void visit_edges(Visitor& visitor) override
+    {
+        Base::visit_edges(visitor);
+        visitor.visit(parse_error);
+        visitor.visit(perform_fetch);
+        visitor.visit(fetch_client);
+    }
 };

 DeprecatedString module_type_from_module_request(JS::ModuleRequest const&);