Web Inspector: Crashes seen under Inspector::ScriptCallFrame::~ScriptCallFrame
authorjoepeck@webkit.org <joepeck@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 21 Dec 2018 23:49:26 +0000 (23:49 +0000)
committerjoepeck@webkit.org <joepeck@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 21 Dec 2018 23:49:26 +0000 (23:49 +0000)
commitec582b96929d2ce0ff5eb3f26000c27b8aecf1f5
tree5896e560cc9790b96c80207e33128f6a2b981a79
parentfa591c8d729d454db624e143c85c5ef26db4f2ff
Web Inspector: Crashes seen under Inspector::ScriptCallFrame::~ScriptCallFrame
https://bugs.webkit.org/show_bug.cgi?id=180373
<rdar://problem/33894170>

Rubber-stamped by Devin Rousso.

* inspector/AsyncStackTrace.cpp:
(Inspector::AsyncStackTrace::truncate):
The `lastUnlockedAncestor->remove()` may release the only reference to it's
parent which we intend to use later but don't hold a RefPtr to. Keep the
parent alive explicitly by protecting it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239525 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/inspector/AsyncStackTrace.cpp