public/browser
1
0
Fork 0
mirror of https://github.com/lightpanda-io/browser.git synced 2026-02-04 06:23:45 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

fix use after free during inspector contextCollected

Browse Source 
This commit fix the use after free crash into inspector contextCollected
run in the pumpMessageLoop.

Removing a context linked to an inspector triggers a contextCollected
task in the message queue.
But if the contextCollected task run after the GC it try to use free
memory. Forcing the message loop to run before the GC fix the issue.
This commit is contained in:
Pierre Tachoire
2026-01-23 20:07:49 +01:00
parent 4eb5c3e907
commit 969891c71c
1 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/browser/Page.zig
View File

@@ -225,12 +225,24 @@ pub fn deinit(self: *Page) void {
fn reset(self: *Page, comptime initializing: bool) !void {
if (comptime initializing == false) {
// Removins the context triggers the linked inspector.
// It seems to append a collect task to the message loop.
self._session.executor.removeContext();
// We force running the message loop after removing the context b/c we
// will force a GC run just after. If we remove this part, the task
// will run after the GC and we will use memory after free.
self._session.browser.runMessageLoop();
// We force a garbage collection with lowMemoryNotification between
// page navigations to keep v8 memory usage as low as possible.
// Calling immediately after a runMessageLoop ensure
self._session.browser.env.lowMemoryNotification();
self._script_manager.shutdown = true;
self._session.browser.http_client.abort();
self._script_manager.deinit();
_ = self._session.browser.page_arena.reset(.{ .retain_with_limit = 1 * 1024 * 1024 });
self._session.browser.env.lowMemoryNotification();
}
self._factory = Factory.init(self);