Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e1d780dcb545a6a90b4ae0909c29b5c70d95a922
https://github.com/WebKit/WebKit/commit/e1d780dcb545a6a90b4ae0909c29b5c70d95a922
Author: Patrick Angle <pan...@apple.com>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
M Source/JavaScriptCore/inspector/ScriptCallStack.cpp
M Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.cpp
Log Message:
-----------
Web Inspector: Deeply nested console logging can cause ConsoleMessage to be
destroyed while we are still trying to log it
https://bugs.webkit.org/show_bug.cgi?id=256932
rdar://108063640
Reviewed by Mark Lam.
InspectorConsoleAgent has been incorrectly managing the lifetime of each
ConsoleMessage by moving messages into a vector
of messages before we have passed those messages on to the frontend. This means
that a console message that causes
another console message to be logged may eventually cause our original message
to be dropped from the vector if this
occurs deeply enough. At that point, when we unwind back to the original
message, it has been destroyed while we are
trying to send it to the frontend, which results in a bad time because we are
still inside a function on the
ConsoleMessage that tries to access its own member variables like m_arguments,
and fails because the message object
itself has been destroyed, taking its members with it.
This also fixes a subtle message inversion in the backlog of messages and what
is logged to the console when Web
Inspector is open, since the message is sent to the frontend after all other
processing, but we were previously adding
the message to the vector of past messages before that processing (which may in
turn cause more logging before the
actual logging we called in to perform) to occur.
A second minor issue is that ScriptCallStack is incorrectly asserting in its
constructor, which preventing investigation
of this issue initially. The call stack should be less than __or equal to__ the
max call stack, not just less than.
* Source/JavaScriptCore/inspector/ConsoleMessage.cpp:
(Inspector::ConsoleMessage::addToFrontend):
* Source/JavaScriptCore/inspector/InjectedScript.cpp:
(Inspector::InjectedScript::wrapObject const):
(Inspector::InjectedScript::wrapTable const):
* Source/JavaScriptCore/inspector/ScriptCallStack.cpp:
(Inspector::ScriptCallStack::ScriptCallStack):
* Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.cpp:
(Inspector::InspectorConsoleAgent::addConsoleMessage):
* Source/WebCore/page/PageConsoleClient.cpp:
(WebCore::PageConsoleClient::messageWithTypeAndLevel):
Originally-landed-as: 259548.777@safari-7615-branch (e74d4b07ad38).
rdar://108063640
Canonical link: https://commits.webkit.org/266438@main
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
