eliott/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird synced 2026-05-03 21:12:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

LibWeb: Unregister IntersectionObserver in finalize, not the destructor

Browse Source 
Otherwise it UAFs the intersection root. Not sure how this didn't cause
a lot of crashes!
This commit is contained in:
Luke Wilde
2023-08-09 21:08:52 +01:00
committed by Tim Flynn
parent 5694981352
commit 7550b4175e
Notes: sideshowbarker 2024-07-17 03:35:24 +09:00 
Author: https://github.com/Lubrsi
Commit: https://github.com/SerenityOS/serenity/commit/7550b4175e
Pull-request: https://github.com/SerenityOS/serenity/pull/20462
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Userland/Libraries/LibWeb/IntersectionObserver/IntersectionObserver.cpp
View File

@@ -53,7 +53,9 @@ IntersectionObserver::IntersectionObserver(JS::Realm& realm, JS::GCPtr<WebIDL::C
});
}
IntersectionObserver::~IntersectionObserver()
IntersectionObserver::~IntersectionObserver() = default;
void IntersectionObserver::finalize()
{
intersection_root().visit([this](auto& node) {
node->document().unregister_intersection_observer({}, *this);