RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-28 22:05:06 +00:00
Code Issues Activity Actions

LibJS+LibWeb: Make JS::ExecutionContext protect its Web::HTML::ESO owner

Browse source 
We can't be nuking the ESO while its owned execution context is still on
the VM's execution context stack, as that may lead to a use-after-free.

This patch solves this by adding a `context_owner` field to each context
and treating it as a GC root.
This commit is contained in:
Andreas Kling 2022-11-21 11:18:15 +01:00 committed by Linus Groh
parent 1fdce71483
commit 849499988e
3 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibWeb/HTML/Scripting/Environments.cpp
View file

@ -22,6 +22,8 @@ namespace Web::HTML {
EnvironmentSettingsObject::EnvironmentSettingsObject(NonnullOwnPtr<JS::ExecutionContext> realm_execution_context)
: m_realm_execution_context(move(realm_execution_context))
{
m_realm_execution_context->context_owner = this;
// Register with the responsible event loop so we can perform step 4 of "perform a microtask checkpoint".
responsible_event_loop().register_environment_settings_object({}, *this);
}