Bug 249119 - Web Inspector: Use-after-scope in lambda in WebCore::isValidRuleHeaderText()
Summary: Web Inspector: Use-after-scope in lambda in WebCore::isValidRuleHeaderText()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Inspector (show other bugs)
Version: WebKit Nightly Build
Hardware: All All
: P2 Normal
Assignee: David Kilzer (:ddkilzer)
URL:
Keywords: InRadar
Depends on: 246768
Blocks:
  Show dependency treegraph
 
Reported: 2022-12-11 20:20 PST by David Kilzer (:ddkilzer)
Modified: 2022-12-12 03:20 PST (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description David Kilzer (:ddkilzer) 2022-12-11 20:20:59 PST
Web Inspector: Use-after-scope in lambda in WebCore::isValidRuleHeaderText().

Currently, `CSSParserImpl` holds a reference to the `CSSParserContext` argument, so the context must outlive the parser.

However, in this code the context is a temporary stack variable which is destroyed after this statement, though the parser holds a reference to it.

```
        CSSParserImpl parser(parserContextForDocument(document), atRuleIdentifier + ' ' + headerText + " {}");
```

<rdar://102887283>
Comment 1 David Kilzer (:ddkilzer) 2022-12-11 20:21:38 PST
This regressed here:

    Web Inspector: Support editing @rules in the Styles sidebar
    https://bugs.webkit.org/show_bug.cgi?id=246768
    <https://commits.webkit.org/256043@main>
Comment 2 David Kilzer (:ddkilzer) 2022-12-11 20:30:25 PST
Pull request: https://github.com/WebKit/WebKit/pull/7466
Comment 3 EWS 2022-12-12 03:20:08 PST
Committed 257722@main (599c0cb20b81): <https://commits.webkit.org/257722@main>

Reviewed commits have been landed. Closing PR #7466 and removing active labels.