DOMCacheStorage: use-after-move in doSequentialMatch()
authorzandobersek@gmail.com <zandobersek@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 14 Jan 2019 15:51:41 +0000 (15:51 +0000)
committerzandobersek@gmail.com <zandobersek@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 14 Jan 2019 15:51:41 +0000 (15:51 +0000)
commit225b5112b48f4281c415b03105fb791604504a08
tree53112ae79ee880662148f97bf6238f8d510759d8
parenta69c15dcb7372d0406dfe37560d741ebd5646663
DOMCacheStorage: use-after-move in doSequentialMatch()
https://bugs.webkit.org/show_bug.cgi?id=193396

Reviewed by Youenn Fablet.

Depending on the platform- and compiler-specific calling conventions,
the doSequentialMatch() code can move out the Vector<Ref<DOMCache>>
object into the callback lambda before the DOMCache object at the
specified index is retrieved for the DOMCache::doMatch() invocation.

This problem is now avoided by retrieving reference to the target
DOMCache object in an earlier expression.

* Modules/cache/DOMCacheStorage.cpp:
(WebCore::doSequentialMatch):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239927 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/Modules/cache/DOMCacheStorage.cpp