From 2898701459a3966b3e973823706142ebbc287ae9 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Mon, 17 Oct 2022 10:55:16 +0200
Subject: LibWeb: Hang on to the internal realm with a JS::Handle

This fixes an issue where GC would kill the internal realm if it ran at
the wrong time during startup. Found by aggressively GC'ing between
every allocation.
---
 Userland/Libraries/LibWeb/Bindings/MainThreadVM.cpp | 1 +
 Userland/Libraries/LibWeb/Bindings/MainThreadVM.h   | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/Userland/Libraries/LibWeb/Bindings/MainThreadVM.cpp b/Userland/Libraries/LibWeb/Bindings/MainThreadVM.cpp
index a1fd290993..557a203a79 100644
--- a/Userland/Libraries/LibWeb/Bindings/MainThreadVM.cpp
+++ b/Userland/Libraries/LibWeb/Bindings/MainThreadVM.cpp
@@ -375,6 +375,7 @@ JS::VM& main_thread_vm()
         auto* intrinsics = root_realm->heap().allocate<Intrinsics>(*root_realm, *root_realm);
         auto host_defined = make<HostDefined>(nullptr, *intrinsics);
         root_realm->set_host_defined(move(host_defined));
+        custom_data.internal_realm = root_realm;
 
         // NOTE: We make sure the internal realm has all the Window intrinsics initialized.
         //       The DeferGC is a hack to avoid nested GC allocations due to lazy ensure_web_prototype()
diff --git a/Userland/Libraries/LibWeb/Bindings/MainThreadVM.h b/Userland/Libraries/LibWeb/Bindings/MainThreadVM.h
index a445ee7e4c..406f50a06f 100644
--- a/Userland/Libraries/LibWeb/Bindings/MainThreadVM.h
+++ b/Userland/Libraries/LibWeb/Bindings/MainThreadVM.h
@@ -32,6 +32,8 @@ struct WebEngineCustomData final : public JS::VM::CustomData {
     // FIXME: This should be a set.
     Vector<JS::Handle<DOM::MutationObserver>> mutation_observers;
 
+    JS::Handle<JS::Realm> internal_realm;
+
     OwnPtr<JS::ExecutionContext> root_execution_context;
 };
 
-- 
cgit v1.2.3