From 1d846e559150e1ec90486760a8e09fced24b1d67 Mon Sep 17 00:00:00 2001 From: davidot Date: Tue, 13 Sep 2022 01:23:28 +0200 Subject: [PATCH] LibWeb: Visit internal fields of Crypto in visit_edges Not visiting the field holding SubtleCrypto in Crypto caused subtle crashes all over the Value functions, due to accessing SubtleCrypto after it was garbage collected (and potentially replaced by a new cell). This meant that the crashes were only appearing in Value::to_boolean, Value::typeof, etc. Which then held pointer to things that looked like Shapes, Environments and other non-Object Cells. To find the actual cause, all pointer used to construct Values were checked and if a pointer was none of the allowed types, the backtrace is logged. Co-authored-by: Luke Wilde --- Userland/Libraries/LibWeb/Crypto/Crypto.cpp | 6 ++++++ Userland/Libraries/LibWeb/Crypto/Crypto.h | 3 +++ 2 files changed, 9 insertions(+) diff --git a/Userland/Libraries/LibWeb/Crypto/Crypto.cpp b/Userland/Libraries/LibWeb/Crypto/Crypto.cpp index f9f1a3b2a2..f4626ac331 100644 --- a/Userland/Libraries/LibWeb/Crypto/Crypto.cpp +++ b/Userland/Libraries/LibWeb/Crypto/Crypto.cpp @@ -114,4 +114,10 @@ String Crypto::random_uuid() const return builder.to_string(); } +void Crypto::visit_edges(Cell::Visitor& visitor) +{ + Base::visit_edges(visitor); + visitor.visit(m_subtle.ptr()); +} + } diff --git a/Userland/Libraries/LibWeb/Crypto/Crypto.h b/Userland/Libraries/LibWeb/Crypto/Crypto.h index 8d0a782a2a..73e88d8375 100644 --- a/Userland/Libraries/LibWeb/Crypto/Crypto.h +++ b/Userland/Libraries/LibWeb/Crypto/Crypto.h @@ -25,6 +25,9 @@ public: DOM::ExceptionOr get_random_values(JS::Value array) const; String random_uuid() const; +protected: + virtual void visit_edges(Cell::Visitor&) override; + private: explicit Crypto(HTML::Window&); virtual void initialize(JS::Realm&) override;