RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 19:27:44 +00:00
Code Issues Activity Actions

LibWeb: Use JS::HeapFunction for HTML::Timer callback

Browse source 
Before the completion_steps for timer were casted from JS::SafeFunction
to Function in HTML::Timer constructor, which is incorrect because then
callback's captured GC-allocated objects are not protected from being
deallocated. Let's modify HTML::Timer to use JS::HeapFunction for the
callback instead.
This commit is contained in:
Aliaksandr Kalenik 2023-09-26 14:48:53 +02:00 committed by Andreas Kling
parent 883a97984c
commit 4e8654e31b
3 changed files with 17 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Userland/Libraries/LibWeb/HTML/Timer.h
View file

@ -12,6 +12,7 @@
#include <LibCore/Forward.h>
#include <LibJS/Heap/Cell.h>
#include <LibJS/Heap/GCPtr.h>
#include <LibJS/Heap/HeapFunction.h>
#include <LibWeb/Forward.h>
namespace Web::HTML {
@ -27,13 +28,13 @@ public:
void stop();
private:
Timer(JS::Object& window, i32 milliseconds, Function<void()> callback, i32 id);
Timer(JS::Object& window, i32 milliseconds, JS::NonnullGCPtr<JS::HeapFunction<void()>> callback, i32 id);
virtual void visit_edges(Cell::Visitor&) override;
RefPtr<Core::Timer> m_timer;
JS::NonnullGCPtr<JS::Object> m_window_or_worker_global_scope;
Function<void()> m_callback;
JS::NonnullGCPtr<JS::HeapFunction<void()>> m_callback;
i32 m_id { 0 };
};