Need to keep the document alive in KeyframeEffect::processKeyframes()

https://bugs.webkit.org/show_bug.cgi?id=240677 <rdar://93513759> Reviewed by Saam Barati. Since the Document is used throughout KeyframeEffect::processKeyframes and it's provided as a simple reference, we must ensure we keep it alive with a Ref since JS code in a custom iterator for the keyframes object could cause it to be torn down. * Source/WebCore/animation/KeyframeEffect.cpp: (WebCore::KeyframeEffect::processKeyframes): Canonical link: https://commits.webkit.org/250756@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@294497 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · May 19, 2022 · 41769648c46baef691c1b892b0aacd51ee51e784 · 4176964
1 parent ae2e942
commit 41769648c46baef691c1b892b0aacd51ee51e784
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/Source/WebCore/animation/KeyframeEffect.cpp b/Source/WebCore/animation/KeyframeEffect.cpp
@@ -726,6 +726,8 @@ void KeyframeEffect::keyframesRuleDidChange()
 
 ExceptionOr<void> KeyframeEffect::processKeyframes(JSGlobalObject& lexicalGlobalObject, Document& document, Strong<JSObject>&& keyframesInput)
 {
+    Ref protectedDocument { document };
+
     // 1. If object is null, return an empty sequence of keyframes.
     if (!keyframesInput.get())
         return { };