system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-10-02 06:04:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

LibWeb: Create HeapFunction for after_document_populated

Browse source 
...to make it visited by SafeFunction callback of deferred_invoke().

Fixes use-after-free ASAN error that happens if you try to reload the
page.
This commit is contained in:
Aliaksandr Kalenik 2024-04-24 00:38:28 +02:00 committed by Andreas Kling
parent b25d220a2c
commit 64ad536dbb
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Userland/Libraries/LibWeb/HTML/TraversableNavigable.cpp
View file

@ -599,10 +599,10 @@ TraversableNavigable::HistoryStepResult TraversableNavigable::apply_the_history_
// 7. In parallel, attempt to populate the history entry's document for targetEntry, given navigable, potentiallyTargetSpecificSourceSnapshotParams,
// targetSnapshotParams, with allowPOST set to allowPOST and completionSteps set to queue a global task on the navigation and traversal task source given
// navigable's active window to run afterDocumentPopulated.
Platform::EventLoopPlugin::the().deferred_invoke([populated_target_entry, potentially_target_specific_source_snapshot_params, target_snapshot_params, this, allow_POST, navigable, after_document_populated] {
Platform::EventLoopPlugin::the().deferred_invoke([populated_target_entry, potentially_target_specific_source_snapshot_params, target_snapshot_params, this, allow_POST, navigable, after_document_populated = JS::create_heap_function(this->heap(), move(after_document_populated))] {
navigable->populate_session_history_entry_document(populated_target_entry, *potentially_target_specific_source_snapshot_params, target_snapshot_params, {}, Empty {}, CSPNavigationType::Other, allow_POST, [this, after_document_populated, populated_target_entry]() mutable {
queue_global_task(Task::Source::NavigationAndTraversal, *active_window(), JS::create_heap_function(this->heap(), [after_document_populated, populated_target_entry]() mutable {
after_document_populated(true, populated_target_entry);
after_document_populated->function()(true, populated_target_entry);
}));
})
.release_value_but_fixme_should_propagate_errors();