[inspector] fix use-after-free in ConsoleHelper::reportCall

InspectedContext can be destroyed inside of V8ConsoleMessage::createForConsoleAPI call. BUG=chromium:646175 R=dgozman@chromium.org,alph@chromium.org Review-Url: https://codereview.chromium.org/2388463002 Cr-Commit-Position: refs/heads/master@{#39939}

[inspector] fix use-after-free in ConsoleHelper::reportCall
InspectedContext can be destroyed inside of V8ConsoleMessage::createForConsoleAPI call. BUG=chromium:646175 R=dgozman@chromium.org,alph@chromium.org Review-Url: https://codereview.chromium.org/2388463002 Cr-Commit-Position: refs/heads/master@{#39939}
d99308ef · kozyatinskiy · Commit bot · 759581ea · d99308ef
Commit d99308ef authored Oct 03, 2016 by kozyatinskiy Committed by Commit bot Oct 03, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

v8-console.cc src/inspector/v8-console.cc +2 -1

No files found.
--- a/src/inspector/v8-console.cc
+++ b/src/inspector/v8-console.cc
@@ -93,12 +93,13 @@ class ConsoleHelper {
                  const std::vector<v8::Local<v8::Value>>& arguments) {
    InspectedContext* inspectedContext = ensureInspectedContext();
    if (!inspectedContext) return;
+    int contextGroupId = inspectedContext->contextGroupId();
    V8InspectorImpl* inspector = inspectedContext->inspector();
    std::unique_ptr<V8ConsoleMessage> message =
        V8ConsoleMessage::createForConsoleAPI(
            inspector->client()->currentTimeMS(), type, arguments,
            inspector->debugger()->captureStackTrace(false), inspectedContext);
-    inspector->ensureConsoleMessageStorage(inspectedContext->contextGroupId())
+    inspector->ensureConsoleMessageStorage(contextGroupId)
        ->addMessage(std::move(message));
  }