RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 23:17:45 +00:00
Code Issues Activity Actions

LibWeb: Visit internal fields of Crypto in visit_edges

Browse source 
Not visiting the field holding SubtleCrypto in Crypto caused subtle
crashes all over the Value functions, due to accessing SubtleCrypto
after it was garbage collected (and potentially replaced by a new cell).
This meant that the crashes were only appearing in Value::to_boolean,
Value::typeof, etc. Which then held pointer to things that looked like
Shapes, Environments and other non-Object Cells.

To find the actual cause, all pointer used to construct Values were
checked and if a pointer was none of the allowed types, the backtrace
is logged.

Co-authored-by: Luke Wilde <lukew@serenityos.org>
This commit is contained in:
davidot 2022-09-13 01:23:28 +02:00 committed by Tim Flynn
parent 0e901f8c68
commit 1d846e5591
2 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Userland/Libraries/LibWeb/Crypto/Crypto.cpp
View file

@ -114,4 +114,10 @@ String Crypto::random_uuid() const
return builder.to_string(); return builder.to_string();
} }
void Crypto::visit_edges(Cell::Visitor& visitor)
{
Base::visit_edges(visitor);
visitor.visit(m_subtle.ptr());
}
} }

3
Userland/Libraries/LibWeb/Crypto/Crypto.h
View file

@ -25,6 +25,9 @@ public:
DOM::ExceptionOr<JS::Value> get_random_values(JS::Value array) const; DOM::ExceptionOr<JS::Value> get_random_values(JS::Value array) const;
String random_uuid() const; String random_uuid() const;
protected:
virtual void visit_edges(Cell::Visitor&) override;
private: private:
explicit Crypto(HTML::Window&); explicit Crypto(HTML::Window&);
virtual void initialize(JS::Realm&) override; virtual void initialize(JS::Realm&) override;