[webkit-changes] [WebKit/WebKit] da5efb: Web Inspector: Use CheckedPtr consistently for laz...

Tue, 06 Jan 2026 10:33:22 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: da5efb0970fc0b1754cbd8b13b4a657aa431d5ef
      
https://github.com/WebKit/WebKit/commit/da5efb0970fc0b1754cbd8b13b4a657aa431d5ef
  Author: Anuj Panta <[email protected]>
  Date:   2026-01-06 (Tue, 06 Jan 2026)

  Changed paths:
    M Source/JavaScriptCore/inspector/JSGlobalObjectInspectorController.h
    M Source/JavaScriptCore/inspector/agents/InspectorAgent.h
    M Source/WebCore/inspector/CommandLineAPIHost.cpp
    M Source/WebCore/inspector/InspectorFrontendClientLocal.cpp
    M Source/WebCore/inspector/InspectorStyleSheet.h
    M Source/WebCore/inspector/PageInspectorController.cpp
    M Source/WebCore/inspector/PageInspectorController.h
    M Source/WebCore/inspector/agents/InspectorPageAgent.h
    M Source/WebCore/inspector/agents/page/PageRuntimeAgent.cpp
    M Source/WebKit/WebProcess/Inspector/WebInspectorBackend.cpp

  Log Message:
  -----------
  Web Inspector: Use CheckedPtr consistently for lazy agent pointers in 
InspectorController
https://bugs.webkit.org/show_bug.cgi?id=304205
rdar://166566606

Reviewed by Ryosuke Niwa.

PageInspectorController stored its lazy/on-demand agent pointers using 
inconsistent
types - m_inspectorAgent and m_pageAgent were raw pointers while m_domAgent 
used CheckedPtr.
This inconsistency created potential use-after-free risks since the agents are 
owned by
the AgentRegistry (m_agents), and when discardValues() is called during page 
destruction,
raw pointers could become dangling without any safety checks. This patch adds 
CanMakeCheckedPtr
support to both InspectorAgent in JavaScriptCore and InspectorPageAgent in 
WebCore, then updates
PageInspectorController to use CheckedPtr consistently for all three lazy agent 
pointers.

* Source/JavaScriptCore/inspector/JSGlobalObjectInspectorController.h:
* Source/JavaScriptCore/inspector/agents/InspectorAgent.h:
* Source/WebCore/inspector/CommandLineAPIHost.cpp:
(WebCore::CommandLineAPIHost::inspect):
* Source/WebCore/inspector/InspectorFrontendClientLocal.cpp:
(WebCore::InspectorFrontendClientLocal::showMainResourceForFrame):
* Source/WebCore/inspector/InspectorStyleSheet.h:
* Source/WebCore/inspector/PageInspectorController.cpp:
(WebCore::PageInspectorController::ensureInspectorAgent):
* Source/WebCore/inspector/PageInspectorController.h:
* Source/WebCore/inspector/agents/InspectorPageAgent.h:
* Source/WebCore/inspector/agents/page/PageRuntimeAgent.cpp:
(WebCore::PageRuntimeAgent::didClearWindowObjectInWorld):
(WebCore::PageRuntimeAgent::reportExecutionContextCreation):
* Source/WebKit/WebProcess/Inspector/WebInspectorBackend.cpp:
(WebKit::WebInspectorBackend::showMainResourceForFrame):

Canonical link: https://commits.webkit.org/305163@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to