254846@main introduced a new GCC warning: [3817/7121] Building CXX object Source/WebCore/CMakeFiles...edSources/unified-sources/UnifiedSource-2f84417a-18.cpp.o In file included from /home/mcatanzaro/Projects/WebKit/Source/WebCore/css/CSSPrimitiveValue.h:26, from /home/mcatanzaro/Projects/WebKit/Source/WebCore/css/parser/CSSParserToken.h:32, from /home/mcatanzaro/Projects/WebKit/Source/WebCore/css/parser/CSSParserToken.cpp:31, from /home/mcatanzaro/Projects/WebKit/WebKitBuild/gtk3/WebCore/DerivedSources/unified-sources/UnifiedSource-2f84417a-18.cpp:2: In member function ‘void WebCore::CSSValue::deref() const’, inlined from ‘static void WTF::DefaultRefDerefTraits< <template-parameter-1-1> >::derefIfNotNull(T*) [with T = WebCore::CSSValue]’ at /home/mcatanzaro/Projects/WebKit/WebKitBuild/gtk3/WTF/Headers/wtf/RefPtr.h:42:23, inlined from ‘WTF::RefPtr<T, <template-parameter-1-2>, <template-parameter-1-3> >::~RefPtr() [with T = WebCore::CSSValue; _PtrTraits = WTF::RawPtrTraits<WebCore::CSSValue>; _RefDerefTraits = WTF::DefaultRefDerefTraits<WebCore::CSSValue>]’ at /home/mcatanzaro/Projects/WebKit/WebKitBuild/gtk3/WTF/Headers/wtf/RefPtr.h:74:61, inlined from ‘WTF::RefPtr<WebCore::CSSValue> WebCore::consumeContentDistributionOverflowPosition(CSSParserTokenRange&, IsPositionKeyword)’ at /home/mcatanzaro/Projects/WebKit/Source/WebCore/css/parser/CSSPropertyParser.cpp:3049:5: /home/mcatanzaro/Projects/WebKit/Source/WebCore/css/CSSValue.h:256:29: warning: pointer used after ‘static void WebCore::CSSValue::operator delete(WebCore::CSSValue*, std::destroying_delete_t)’ [-Wuse-after-free] 256 | unsigned tempRefCount = m_refCount - refCountIncrement; | ^~~~~~~~~~ In member function ‘void WebCore::CSSValue::deref() const’, inlined from ‘static void WTF::DefaultRefDerefTraits< <template-parameter-1-1> >::derefIfNotNull(T*) [with T = WebCore::CSSValue]’ at /home/mcatanzaro/Projects/WebKit/WebKitBuild/gtk3/WTF/Headers/wtf/RefPtr.h:42:23, inlined from ‘WTF::RefPtr<T, <template-parameter-1-2>, <template-parameter-1-3> >::~RefPtr() [with T = WebCore::CSSValue; _PtrTraits = WTF::RawPtrTraits<WebCore::CSSValue>; _RefDerefTraits = WTF::DefaultRefDerefTraits<WebCore::CSSValue>]’ at /home/mcatanzaro/Projects/WebKit/WebKitBuild/gtk3/WTF/Headers/wtf/RefPtr.h:74:61, inlined from ‘WTF::RefPtr<WebCore::CSSValue> WebCore::consumeContentDistributionOverflowPosition(CSSParserTokenRange&, IsPositionKeyword)’ at /home/mcatanzaro/Projects/WebKit/Source/WebCore/css/parser/CSSPropertyParser.cpp:3048:51: /home/mcatanzaro/Projects/WebKit/Source/WebCore/css/CSSValue.h:258:16: note: call to ‘static void WebCore::CSSValue::operator delete(WebCore::CSSValue*, std::destroying_delete_t)’ here 258 | delete this; | ^~~~ Although "use after free" sounds scary, these warnings are always false positives. I don't think I've ever seen this warning find a real bug. In this case, it's complaining that a value is used on line 256 after it's freed on line 258, which we humans know should be impossible, assuming no mismatched ref/derefs. That's admittedly a big assumption, but if it's violated anywhere I doubt we'll find it based on this warning....
I agree with your analysis.
*** This bug has been marked as a duplicate of bug 246292 ***