From 1885fe529f0a9c620e8a832ad946c77b1805883c Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Thu, 20 Oct 2022 18:38:25 +0200 Subject: [PATCH] LibWeb: Add GC finalizer to Layout::ImageBox It's not safe to unregister ImageBox from the browsing context in the destructor (since the browsing context may have already been swept and destroyed). --- Userland/Libraries/LibWeb/Layout/ImageBox.cpp | 8 +++++++- Userland/Libraries/LibWeb/Layout/ImageBox.h | 5 ++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/Userland/Libraries/LibWeb/Layout/ImageBox.cpp b/Userland/Libraries/LibWeb/Layout/ImageBox.cpp index d263d0a6a0..752d367177 100644 --- a/Userland/Libraries/LibWeb/Layout/ImageBox.cpp +++ b/Userland/Libraries/LibWeb/Layout/ImageBox.cpp @@ -18,8 +18,14 @@ ImageBox::ImageBox(DOM::Document& document, DOM::Element& element, NonnullRefPtr browsing_context().register_viewport_client(*this); } -ImageBox::~ImageBox() +ImageBox::~ImageBox() = default; + +void ImageBox::finalize() { + Base::finalize(); + + // NOTE: We unregister from the browsing context in finalize() to avoid trouble + // in the scenario where our BrowsingContext has already been swept by GC. browsing_context().unregister_viewport_client(*this); } diff --git a/Userland/Libraries/LibWeb/Layout/ImageBox.h b/Userland/Libraries/LibWeb/Layout/ImageBox.h index 9887312702..a3b0164d9a 100644 --- a/Userland/Libraries/LibWeb/Layout/ImageBox.h +++ b/Userland/Libraries/LibWeb/Layout/ImageBox.h @@ -12,7 +12,7 @@ namespace Web::Layout { -class ImageBox +class ImageBox final : public ReplacedBox , public HTML::BrowsingContext::ViewportClient { JS_CELL(ImageBox, ReplacedBox); @@ -37,6 +37,9 @@ private: // ^BrowsingContext::ViewportClient virtual void browsing_context_did_set_viewport_rect(Gfx::IntRect const&) final; + // ^JS::Cell + virtual void finalize() override; + int preferred_width() const; int preferred_height() const;