From 15d265da65e42cd9a46d5a2295b2b1f39a5dfe8c Mon Sep 17 00:00:00 2001 From: Aliaksandr Kalenik Date: Fri, 25 Aug 2023 00:27:45 +0200 Subject: [PATCH] LibWeb: Fix "stack-use-after-return" in navigate_to_a_fragmement() Callback running on the session history queue should capture necessary pointers by value instead of reference, because navigate_to_a_fragment stack will have been destroyed by the time it will be executed. --- Userland/Libraries/LibWeb/HTML/Navigable.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Userland/Libraries/LibWeb/HTML/Navigable.cpp b/Userland/Libraries/LibWeb/HTML/Navigable.cpp index de46f32546..b315eb4923 100644 --- a/Userland/Libraries/LibWeb/HTML/Navigable.cpp +++ b/Userland/Libraries/LibWeb/HTML/Navigable.cpp @@ -1095,7 +1095,7 @@ WebIDL::ExceptionOr Navigable::navigate_to_a_fragment(AK::URL const& url, auto traversable = traversable_navigable(); // 17. Append the following session history synchronous navigation steps involving navigable to traversable: - traversable->append_session_history_traversal_steps([&] { + traversable->append_session_history_traversal_steps([this, traversable, history_entry, entry_to_replace] { // 1. Finalize a same-document navigation given traversable, navigable, historyEntry, and entryToReplace. finalize_a_same_document_navigation(*traversable, *this, history_entry, entry_to_replace);