mirror of
				https://github.com/RGBCube/serenity
				synced 2025-10-25 01:12:06 +00:00 
			
		
		
		
	 4e8654e31b
			
		
	
	
		4e8654e31b
		
	
	
	
	
		
			
			Before the completion_steps for timer were casted from JS::SafeFunction to Function in HTML::Timer constructor, which is incorrect because then callback's captured GC-allocated objects are not protected from being deallocated. Let's modify HTML::Timer to use JS::HeapFunction for the callback instead.
		
			
				
	
	
		
			41 lines
		
	
	
	
		
			990 B
		
	
	
	
		
			C++
		
	
	
	
	
	
			
		
		
	
	
			41 lines
		
	
	
	
		
			990 B
		
	
	
	
		
			C++
		
	
	
	
	
	
| /*
 | |
|  * Copyright (c) 2020, Andreas Kling <kling@serenityos.org>
 | |
|  *
 | |
|  * SPDX-License-Identifier: BSD-2-Clause
 | |
|  */
 | |
| 
 | |
| #pragma once
 | |
| 
 | |
| #include <AK/Forward.h>
 | |
| #include <AK/Function.h>
 | |
| #include <AK/WeakPtr.h>
 | |
| #include <LibCore/Forward.h>
 | |
| #include <LibJS/Heap/Cell.h>
 | |
| #include <LibJS/Heap/GCPtr.h>
 | |
| #include <LibJS/Heap/HeapFunction.h>
 | |
| #include <LibWeb/Forward.h>
 | |
| 
 | |
| namespace Web::HTML {
 | |
| 
 | |
| class Timer final : public JS::Cell {
 | |
|     JS_CELL(Timer, JS::Cell);
 | |
| 
 | |
| public:
 | |
|     static JS::NonnullGCPtr<Timer> create(JS::Object&, i32 milliseconds, Function<void()> callback, i32 id);
 | |
|     virtual ~Timer() override;
 | |
| 
 | |
|     void start();
 | |
|     void stop();
 | |
| 
 | |
| private:
 | |
|     Timer(JS::Object& window, i32 milliseconds, JS::NonnullGCPtr<JS::HeapFunction<void()>> callback, i32 id);
 | |
| 
 | |
|     virtual void visit_edges(Cell::Visitor&) override;
 | |
| 
 | |
|     RefPtr<Core::Timer> m_timer;
 | |
|     JS::NonnullGCPtr<JS::Object> m_window_or_worker_global_scope;
 | |
|     JS::NonnullGCPtr<JS::HeapFunction<void()>> m_callback;
 | |
|     i32 m_id { 0 };
 | |
| };
 | |
| 
 | |
| }
 |