[webkit-changes] [WebKit/WebKit] 795c0f: Crash under PAL::newTextCodec(PAL::TextEncoding co...

Chris Dumez noreply at github.com
Wed Dec 20 16:42:20 PST 2023


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 795c0f6d648c62b60ce3b98f25414a420b155bb1
      https://github.com/WebKit/WebKit/commit/795c0f6d648c62b60ce3b98f25414a420b155bb1
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2023-12-20 (Wed, 20 Dec 2023)

  Changed paths:
    M Source/WebCore/loader/SubresourceLoader.cpp
    M Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp
    M Source/WebCore/loader/cache/CachedCSSStyleSheet.h

  Log Message:
  -----------
  Crash under PAL::newTextCodec(PAL::TextEncoding const&)
https://bugs.webkit.org/show_bug.cgi?id=264979
rdar://118267012

Reviewed by Brent Fulgham.

There is evidence for crashes in the wild that the CachedCSSStyleSheet or
the TextResourceDecoder are being used after getting freed. To prevent this,
protect both these objects in the code path identified by the crashes.

This is a speculative fix but it should be very safe.

* Source/WebCore/loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::didFinishLoading):
* Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp:
(WebCore::CachedCSSStyleSheet::finishLoading):
(WebCore::CachedCSSStyleSheet::protectedDecoder const):
* Source/WebCore/loader/cache/CachedCSSStyleSheet.h:

Originally-landed-as: 267815.575 at safari-7617-branch (4c3430842100). rdar://119598663
Canonical link: https://commits.webkit.org/272391@main




More information about the webkit-changes mailing list