Bug 249119
| Summary: | Web Inspector: Use-after-scope in lambda in WebCore::isValidRuleHeaderText() | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | David Kilzer (:ddkilzer) <ddkilzer> |
| Component: | Web Inspector | Assignee: | David Kilzer (:ddkilzer) <ddkilzer> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | inspector-bugzilla-changes, pangle, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | All | ||
| OS: | All | ||
| Bug Depends on: | 246768 | ||
| Bug Blocks: | |||
David Kilzer (:ddkilzer)
Web Inspector: Use-after-scope in lambda in WebCore::isValidRuleHeaderText().
Currently, `CSSParserImpl` holds a reference to the `CSSParserContext` argument, so the context must outlive the parser.
However, in this code the context is a temporary stack variable which is destroyed after this statement, though the parser holds a reference to it.
```
CSSParserImpl parser(parserContextForDocument(document), atRuleIdentifier + ' ' + headerText + " {}");
```
<rdar://102887283>
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
David Kilzer (:ddkilzer)
This regressed here:
Web Inspector: Support editing @rules in the Styles sidebar
https://bugs.webkit.org/show_bug.cgi?id=246768
<https://commits.webkit.org/256043@main>
David Kilzer (:ddkilzer)
Pull request: https://github.com/WebKit/WebKit/pull/7466
EWS
Committed 257722@main (599c0cb20b81): <https://commits.webkit.org/257722@main>
Reviewed commits have been landed. Closing PR #7466 and removing active labels.