| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2010 Google Inc. All rights reserved. | 2 * Copyright (C) 2010 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 139 | 139 |
| 140 template<typename T> | 140 template<typename T> |
| 141 static bool setReturnValue(v8::ReturnValue<v8::Value> returnValue, T* object
) | 141 static bool setReturnValue(v8::ReturnValue<v8::Value> returnValue, T* object
) |
| 142 { | 142 { |
| 143 return ScriptWrappable::getUnsafeWrapperFromObject(object).setReturnValu
e(returnValue); | 143 return ScriptWrappable::getUnsafeWrapperFromObject(object).setReturnValu
e(returnValue); |
| 144 } | 144 } |
| 145 | 145 |
| 146 protected: | 146 protected: |
| 147 ~ScriptWrappable() | 147 ~ScriptWrappable() |
| 148 { | 148 { |
| 149 // We must not get deleted as long as we contain a wrapper. If this happ
ens, we screwed up ref |
| 150 // counting somewhere. Crash here instead of crashing during a later gc
cycle. |
| 151 RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(!containsWrapper()); |
| 149 ASSERT(m_wrapperOrTypeInfo); // Assert initialization via init() even i
f not subsequently wrapped. | 152 ASSERT(m_wrapperOrTypeInfo); // Assert initialization via init() even i
f not subsequently wrapped. |
| 150 m_wrapperOrTypeInfo = 0; // Break UAF attempts to wrap. | 153 m_wrapperOrTypeInfo = 0; // Break UAF attempts to wrap. |
| 151 } | 154 } |
| 152 | 155 |
| 153 private: | 156 private: |
| 154 // For calling unsafePersistent and getWrapperFromObject. | 157 // For calling unsafePersistent and getWrapperFromObject. |
| 155 friend class MinorGCWrapperVisitor; | 158 friend class MinorGCWrapperVisitor; |
| 156 friend class DOMDataStore; | 159 friend class DOMDataStore; |
| 157 | 160 |
| 158 UnsafePersistent<v8::Object> unsafePersistent() const | 161 UnsafePersistent<v8::Object> unsafePersistent() const |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 196 // FIXME: I noticed that 50%~ of minor GC cycle times can be consumed | 199 // FIXME: I noticed that 50%~ of minor GC cycle times can be consumed |
| 197 // inside data.GetParameter()->deref(), which causes Node destructions.
We should | 200 // inside data.GetParameter()->deref(), which causes Node destructions.
We should |
| 198 // make Node destructions incremental. | 201 // make Node destructions incremental. |
| 199 releaseObject(data.GetValue()); | 202 releaseObject(data.GetValue()); |
| 200 } | 203 } |
| 201 }; | 204 }; |
| 202 | 205 |
| 203 } // namespace WebCore | 206 } // namespace WebCore |
| 204 | 207 |
| 205 #endif // ScriptWrappable_h | 208 #endif // ScriptWrappable_h |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 220473013:
Harden ScriptWrappable against ref count bugs (Closed)
Base URL: svn://svn.chromium.org/blink/trunk