From a9842ebe48e2b44b53381c74968e8d3c82c9b306 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Wed, 3 Apr 2024 11:49:50 +0200
Subject: [PATCH] LibWeb: Use JS::HeapFunction in
 Fetch::Fetching::PendingResponse

This fixes a long-standing realm leak.
---
 .../Libraries/LibWeb/Fetch/Fetching/PendingResponse.cpp    | 7 +++++--
 Userland/Libraries/LibWeb/Fetch/Fetching/PendingResponse.h | 4 ++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/Userland/Libraries/LibWeb/Fetch/Fetching/PendingResponse.cpp b/Userland/Libraries/LibWeb/Fetch/Fetching/PendingResponse.cpp
index 437d20b2980..1b4b8fde8d0 100644
--- a/Userland/Libraries/LibWeb/Fetch/Fetching/PendingResponse.cpp
+++ b/Userland/Libraries/LibWeb/Fetch/Fetching/PendingResponse.cpp
@@ -34,6 +34,7 @@ PendingResponse::PendingResponse(JS::NonnullGCPtr<Infrastructure::Request> reque
 void PendingResponse::visit_edges(JS::Cell::Visitor& visitor)
 {
     Base::visit_edges(visitor);
+    visitor.visit(m_callback);
     visitor.visit(m_request);
     visitor.visit(m_response);
 }
@@ -41,7 +42,7 @@ void PendingResponse::visit_edges(JS::Cell::Visitor& visitor)
 void PendingResponse::when_loaded(Callback callback)
 {
     VERIFY(!m_callback);
-    m_callback = move(callback);
+    m_callback = JS::create_heap_function(heap(), move(callback));
     if (m_response)
         run_callback();
 }
@@ -59,7 +60,9 @@ void PendingResponse::run_callback()
     VERIFY(m_callback);
     VERIFY(m_response);
     Platform::EventLoopPlugin::the().deferred_invoke([this] {
-        m_callback(*m_response);
+        VERIFY(m_callback);
+        VERIFY(m_response);
+        m_callback->function()(*m_response);
         m_request->remove_pending_response({}, *this);
     });
 }
diff --git a/Userland/Libraries/LibWeb/Fetch/Fetching/PendingResponse.h b/Userland/Libraries/LibWeb/Fetch/Fetching/PendingResponse.h
index e95d5d016fb..4be304abbf4 100644
--- a/Userland/Libraries/LibWeb/Fetch/Fetching/PendingResponse.h
+++ b/Userland/Libraries/LibWeb/Fetch/Fetching/PendingResponse.h
@@ -23,7 +23,7 @@ class PendingResponse : public JS::Cell {
     JS_DECLARE_ALLOCATOR(PendingResponse);
 
 public:
-    using Callback = JS::SafeFunction<void(JS::NonnullGCPtr<Infrastructure::Response>)>;
+    using Callback = Function<void(JS::NonnullGCPtr<Infrastructure::Response>)>;
 
     [[nodiscard]] static JS::NonnullGCPtr<PendingResponse> create(JS::VM&, JS::NonnullGCPtr<Infrastructure::Request>);
     [[nodiscard]] static JS::NonnullGCPtr<PendingResponse> create(JS::VM&, JS::NonnullGCPtr<Infrastructure::Request>, JS::NonnullGCPtr<Infrastructure::Response>);
@@ -38,7 +38,7 @@ private:
 
     void run_callback();
 
-    Callback m_callback;
+    JS::GCPtr<JS::HeapFunction<void(JS::NonnullGCPtr<Infrastructure::Response>)>> m_callback;
     JS::NonnullGCPtr<Infrastructure::Request> m_request;
     JS::GCPtr<Infrastructure::Response> m_response;
 };