pool/webkit2gtk3
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a69f4899c6
webkit2gtk3/bug281495.patch
Dominique Leuenberger a69f4899c6 - Update to version 2.46.4 
Also fix a typo in a CVE ref, and remove some mistakenly-added bugs/CVEs that
don't affect Linux.

OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/webkit2gtk3?expand=0&rev=498
2024-11-28 09:07:48 +00:00

85 lines
2.9 KiB
Diff
Raw Blame History

From 8fd152326050b81559903682e0767d289adef9cb Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Wed, 16 Oct 2024 13:45:39 -0500
Subject: [PATCH] REGRESSION(283414@main): [WPE][GTK] Crash in ProcessLauncher
socket monitor callback https://bugs.webkit.org/show_bug.cgi?id=281495
Reviewed by NOBODY (OOPS!).
The socket monitor callback that I added in 283414@main accidentally
deletes itself by calling m_socketMonitor.stop(). This causes the lambda
capture to itself be deleted. We can change the socket monitor to wait
until the callback has finished before deleting it.
* Source/WTF/wtf/glib/GSocketMonitor.cpp:
(WTF::GSocketMonitor::~GSocketMonitor):
(WTF::GSocketMonitor::socketSourceCallback):
(WTF::GSocketMonitor::stop):
---
Source/WTF/wtf/glib/GSocketMonitor.cpp | 21 +++++++++++++++++++--
Source/WTF/wtf/glib/GSocketMonitor.h | 2 ++
2 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/Source/WTF/wtf/glib/GSocketMonitor.cpp b/Source/WTF/wtf/glib/GSocketMonitor.cpp
index c88ea9f91ca4..f3e31efb5053 100644
--- a/Source/WTF/wtf/glib/GSocketMonitor.cpp
+++ b/Source/WTF/wtf/glib/GSocketMonitor.cpp
@@ -33,6 +33,7 @@ namespace WTF {
GSocketMonitor::~GSocketMonitor()
{
+ RELEASE_ASSERT(!m_isExecutingCallback);
stop();
}
@@ -40,7 +41,17 @@ gboolean GSocketMonitor::socketSourceCallback(GSocket*, GIOCondition condition,
{
if (g_cancellable_is_cancelled(monitor->m_cancellable.get()))
return G_SOURCE_REMOVE;
- return monitor->m_callback(condition);
+
+ monitor->m_isExecutingCallback = true;
+ gboolean result = monitor->m_callback(condition);
+ monitor->m_isExecutingCallback = false;
+
+ if (monitor->m_shouldDestroyCallback) {
+ monitor->m_callback = nullptr;
+ monitor->m_shouldDestroyCallback = false;
+ }
+
+ return result;
}
void GSocketMonitor::start(GSocket* socket, GIOCondition condition, RunLoop& runLoop, Function<gboolean(GIOCondition)>&& callback)
@@ -65,7 +76,13 @@ void GSocketMonitor::stop()
m_cancellable = nullptr;
g_source_destroy(m_source.get());
m_source = nullptr;
- m_callback = nullptr;
+
+ // It's normal to stop the socket monitor from inside its callback.
+ // Don't destroy the callback while it's still executing.
+ if (m_isExecutingCallback)
+ m_shouldDestroyCallback = true;
+ else
+ m_callback = nullptr;
}
} // namespace WTF
diff --git a/Source/WTF/wtf/glib/GSocketMonitor.h b/Source/WTF/wtf/glib/GSocketMonitor.h
index 7ec383a6e37c..9393c546b593 100644
--- a/Source/WTF/wtf/glib/GSocketMonitor.h
+++ b/Source/WTF/wtf/glib/GSocketMonitor.h
@@ -51,6 +51,8 @@ private:
GRefPtr<GSource> m_source;
GRefPtr<GCancellable> m_cancellable;
Function<gboolean(GIOCondition)> m_callback;
+ bool m_isExecutingCallback { false };
+ bool m_shouldDestroyCallback { false };
};
} // namespace WTF
--
2.46.1
Reference in New Issue View Git Blame Copy Permalink