Merge pull request #2360 from lightpanda-io/wp/mrdimidium/fix-crash

Fix v8 crash

src/browser/Browser.zig

@@ -86,7 +86,6 @@ pub fn closeSession(self: *Browser) void {
     if (self.session) |*session| {
         session.deinit();
         self.session = null;
-        self.env.memoryPressureNotification(.critical);
     }
 }
 

src/browser/Session.zig

@@ -105,6 +105,12 @@ pub fn deinit(self: *Session) void {
         self.removePage();
     }
     self.cookie_jar.deinit();
+
+    // Force V8 to flush any remaining weak callbacks while
+    // fc_identity_pool is still alive. Identity structs allocated from
+    // this pool back V8 weak-callback parameters; freeing the pool first
+    // would leave dangling pointers that segfault on the next GC.
+    self.browser.env.memoryPressureNotification(.critical);
     self.fc_identity_pool.deinit();
 
     self.storage_shed.deinit(self.browser.app.allocator);

src/cdp/CDP.zig

@@ -365,6 +365,16 @@ pub fn disposeBrowserContext(self: *CDP, browser_context_id: []const u8) bool {
     if (std.mem.eql(u8, bc.id, browser_context_id) == false) {
         return false;
     }
+    // Reentrant teardown from a CDP message drained inside HttpClient.syncRequest.
+    // Tearing down the browser context here would free Session/Page state
+    // that the unwinding script-eval frame above us is about to dereference
+    // (see Session.removePage's matching guard). Defer cleanup to
+    // CDP.deinit at connection close, by which time eval has unwound.
+    if (bc.session.currentPage()) |page| {
+        if (page.frame._script_manager.base.is_evaluating) {
+            return true;
+        }
+    }
     bc.deinit();
     self.browser.closeSession();
     self.browser_context = null;