RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 19:38:12 +00:00
Code Issues Activity Actions

LibWeb+LibJS: Don't lazily construct web prototypes in cell constructors

Browse source 
It's not safe to allocate from the GC heap while in the constructor of a
GC heap cell. (Because if this ends up triggering a collection, we may
end up trying to call through an uninitialized vtable).

This was already done safely in the initialize() virtual in much of
LibJS and LibWeb. This patch moves the logic for prototypes, mixins,
and CSSStyleDeclaration as well.

Fixes a long-standing GC crash that was pretty easy to reproduce by
refreshing https://vercel.com/
This commit is contained in:
Andreas Kling 2023-05-21 12:42:22 +02:00
parent e6221117a5
commit cfe663435e
4 changed files with 50 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Userland/Libraries/LibWeb/CSS/CSSStyleDeclaration.h
View file

@ -19,6 +19,7 @@ class CSSStyleDeclaration : public Bindings::PlatformObject {
public:
virtual ~CSSStyleDeclaration() = default;
virtual JS::ThrowCompletionOr<void> initialize(JS::Realm&) override;
virtual size_t length() const = 0;
virtual DeprecatedString item(size_t index) const = 0;