[webkit-changes] [WebKit/WebKit] bbae08: REGRESSION (261793 at main): [Mail] Clicking markup b...
Wenson Hsieh
noreply at github.com
Tue Apr 18 16:59:01 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: bbae082ce145c1e0c81fd164bbed75d93d971cb3
https://github.com/WebKit/WebKit/commit/bbae082ce145c1e0c81fd164bbed75d93d971cb3
Author: Wenson Hsieh <wenson_hsieh at apple.com>
Date: 2023-04-18 (Tue, 18 Apr 2023)
Changed paths:
M Source/WebCore/page/ContextMenuContext.h
M Source/WebKit/Shared/ContextMenuContextData.h
M Source/WebKit/UIProcess/API/APIContextMenuElementInfoMac.h
Log Message:
-----------
REGRESSION (261793 at main): [Mail] Clicking markup button causes image/attachment to go blank/disappear
https://bugs.webkit.org/show_bug.cgi?id=255627
rdar://107635311
Reviewed by Aditya Keerthi.
After the changes in 261793 at main, `WebKit::ContextMenuContextData` no longer decodes properly in the
UI process, when created via service controls codepaths (i.e. when clicking the services rollover
button over an attachment in Mail). This is because one of the new members, `m_hasEntireImage`, is
uninitialized to either `true` or `false` and ends up triggering undefined behavior; in turn, code
in the UI process expects either a value of exactly 0 or 1 when decoding `bool` types, so we
subsequently fail to decode and `MESSAGE_CHECK` the Mail web content process.
Fix this by simple initializing `m_hasEntireImage` (I've also added a few more initial values to
harden against similar bugs in the future).
Covered by the existing API test: ImageAnalysisTests.RemoveBackgroundItemInServicesMenu, which began
timing out after 261793 at main. Also, credit to Aditya for being the first to spot that
`m_hasEntireImage` is uninitialized.
* Source/WebCore/page/ContextMenuContext.h:
* Source/WebKit/Shared/ContextMenuContextData.h:
* Source/WebKit/UIProcess/API/APIContextMenuElementInfoMac.h:
Canonical link: https://commits.webkit.org/263109@main
More information about the webkit-changes
mailing list