Avoid dangling pointers in WeakBlock list https://bugs.webkit.org/sho…#1670
Open
aoikonomopoulos wants to merge 1 commit intoWebPlatformForEmbedded:wpe-2.38from
Conversation
…w_bug.cgi?id=298236 rdar://157587352 Reviewed by Keith Miller. Before this change, DoublyLinkedList leaves the next/prev pointers in a dangling state when removing a node from the list. Then, if the node is re-added, the next/prev pointers are reset when necessary. Let's make a stronger invariant: if the node is not in the list, then the prev/next pointers are nullptr. (Note that the converse is not true for single element lists.) Then, add some asserts to verify the WeakSet's WeakBlock list lifecycle to try to help track down a mysterious crash. The WeakBlock ownership can be transferred from the WeakSet to the Heap, at which point the prev/next should be nulled out and, after this change, no longer dangling. Bonus: remove MarkedSpace::freeOrShrinkBlock() since it's never called. Canonical link: https://commits.webkit.org/299454@main
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…w_bug.cgi?id=298236 rdar://157587352
Reviewed by Keith Miller.
Before this change, DoublyLinkedList leaves the next/prev pointers in a dangling state when removing a node from the list. Then, if the node is re-added, the next/prev pointers are reset when necessary.
Let's make a stronger invariant: if the node is not in the list, then the prev/next pointers are nullptr. (Note that the converse is not true for single element lists.)
Then, add some asserts to verify the WeakSet's WeakBlock list lifecycle to try to help track down a mysterious crash. The WeakBlock ownership can be transferred from the WeakSet to the Heap, at which point the prev/next should be nulled out and, after this change, no longer dangling.
Bonus: remove MarkedSpace::freeOrShrinkBlock() since it's never called.
Canonical link: https://commits.webkit.org/299454@main
Pull Request Template
File a Bug
All changes should be associated with a bug. The WebKit project is currently using Bugzilla as our bug tracker. Note that multiple changes may be associated with a single bug.
Provided Tooling
The WebKit Project strongly recommends contributors use
Tools/Scripts/git-webkitto generate pull requests. See Setup and Contributing Code for how to do this.Template
If a contributor wishes to file a pull request manually, the template is below. Manually-filed pull requests should contain their commit message as the pull request description, and their commit message should be formatted like the template below.
Additionally, the pull request should be mentioned on Bugzilla, labels applied to the pull request matching the component and version of the Bugzilla associated with the pull request and the pull request assigned to its author.
578321a