From 04648d93d420cc3cedf5087915a5c7906fcbca95 Mon Sep 17 00:00:00 2001 From: Timothy Flynn Date: Thu, 31 Oct 2024 11:30:24 -0400 Subject: [PATCH] LibWeb: Do not store resize observer entries in a plain vector This is not safe from GC. Unfortunately we cannot add a test to capture the issue, as the allocation which may trigger GC is internal and not observable from JS. --- Userland/Libraries/LibWeb/DOM/Document.cpp | 2 +- Userland/Libraries/LibWeb/ResizeObserver/ResizeObserver.cpp | 2 +- Userland/Libraries/LibWeb/ResizeObserver/ResizeObserver.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Userland/Libraries/LibWeb/DOM/Document.cpp b/Userland/Libraries/LibWeb/DOM/Document.cpp index dda2344b544..2e5e03d84a1 100644 --- a/Userland/Libraries/LibWeb/DOM/Document.cpp +++ b/Userland/Libraries/LibWeb/DOM/Document.cpp @@ -5131,7 +5131,7 @@ size_t Document::broadcast_active_resize_observations() } // 2. Let entries be an empty list of ResizeObserverEntryies. - Vector> entries; + JS::MarkedVector> entries(heap()); // 3. For each observation in [[activeTargets]] perform these steps: for (auto const& observation : observer->active_targets()) { diff --git a/Userland/Libraries/LibWeb/ResizeObserver/ResizeObserver.cpp b/Userland/Libraries/LibWeb/ResizeObserver/ResizeObserver.cpp index 995ca7f7766..8111ef3cb57 100644 --- a/Userland/Libraries/LibWeb/ResizeObserver/ResizeObserver.cpp +++ b/Userland/Libraries/LibWeb/ResizeObserver/ResizeObserver.cpp @@ -97,7 +97,7 @@ void ResizeObserver::disconnect() m_active_targets.clear(); } -void ResizeObserver::invoke_callback(Vector>& entries) const +void ResizeObserver::invoke_callback(ReadonlySpan> entries) const { auto& callback = *m_callback; auto& realm = callback.callback_context->realm(); diff --git a/Userland/Libraries/LibWeb/ResizeObserver/ResizeObserver.h b/Userland/Libraries/LibWeb/ResizeObserver/ResizeObserver.h index 9e0a8886139..5eaa3132efb 100644 --- a/Userland/Libraries/LibWeb/ResizeObserver/ResizeObserver.h +++ b/Userland/Libraries/LibWeb/ResizeObserver/ResizeObserver.h @@ -31,7 +31,7 @@ public: void unobserve(DOM::Element& target); void disconnect(); - void invoke_callback(Vector>& entries) const; + void invoke_callback(ReadonlySpan> entries) const; Vector>& observation_targets() { return m_observation_targets; } Vector>& active_targets() { return m_active_targets; }