Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7cccbec2edba053b51bbe7fc732a5c439dc8ec5a
https://github.com/WebKit/WebKit/commit/7cccbec2edba053b51bbe7fc732a5c439dc8ec5a
Author: Anuj Panta <[email protected]>
Date: 2026-01-06 (Tue, 06 Jan 2026)
Changed paths:
M
Source/JavaScriptCore/SaferCPPExpectations/NoUncheckedPtrMemberCheckerExpectations
M Source/JavaScriptCore/inspector/JSGlobalObjectConsoleClient.cpp
M Source/JavaScriptCore/inspector/JSGlobalObjectConsoleClient.h
M Source/JavaScriptCore/inspector/JSGlobalObjectInspectorController.cpp
M Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.cpp
M Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.h
M Source/WebCore/inspector/InspectorInstrumentation.cpp
M Source/WebCore/inspector/agents/WebHeapAgent.cpp
M Source/WebCore/inspector/agents/WebHeapAgent.h
Log Message:
-----------
Web Inspector: Remove raw pointer from InspectorConsoleAgent to
InspectorHeapAgent
https://bugs.webkit.org/show_bug.cgi?id=303962
rdar://166265245
Reviewed by BJ Burg and Devin Rousso.
InspectorConsoleAgent stored a raw pointer to InspectorHeapAgent that was
manually wired in
WebHeapAgent::enable() and cleared in disable(). This could lead to
use-after-free if the heap
agent was destroyed without calling disable() first. This patch removes the
stored pointer entirely
by adopting the service locator pattern. For WebCore, InspectorInstrumentation
now queries
InstrumentingAgents for the heap agent directly and coordinates the snapshot
operation. The
console agent's takeHeapSnapshot() is replaced with reportHeapSnapshot() which
only handles
frontend dispatch. For JSC, the heap agent pointer moves to
JSGlobalObjectConsoleClient via
setPersistentHeapAgent(), following the same pattern used for
InspectorScriptProfilerAgent. This
is safe because both the console client and heap agent are owned by
JSGlobalObjectInspectorController and share the same lifetime.
*
Source/JavaScriptCore/SaferCPPExpectations/NoUncheckedPtrMemberCheckerExpectations:
* Source/JavaScriptCore/inspector/JSGlobalObjectConsoleClient.cpp:
(Inspector::JSGlobalObjectConsoleClient::takeHeapSnapshot):
* Source/JavaScriptCore/inspector/JSGlobalObjectConsoleClient.h:
* Source/JavaScriptCore/inspector/JSGlobalObjectInspectorController.cpp:
(Inspector::JSGlobalObjectInspectorController::createLazyAgents):
* Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.cpp:
(Inspector::InspectorConsoleAgent::reportHeapSnapshot):
(Inspector::InspectorConsoleAgent::takeHeapSnapshot): Deleted.
* Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.h:
* Source/WebCore/inspector/InspectorInstrumentation.cpp:
(WebCore::InspectorInstrumentation::takeHeapSnapshotImpl):
* Source/WebCore/inspector/agents/WebHeapAgent.cpp:
(WebCore::WebHeapAgent::disable):
(WebCore::WebHeapAgent::enable):
* Source/WebCore/inspector/agents/WebHeapAgent.h:
Canonical link: https://commits.webkit.org/305202@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
