[webkit-changes] [WebKit/WebKit] 795c0f: Crash under PAL::newTextCodec(PAL::TextEncoding co...
Chris Dumez
noreply at github.com
Wed Dec 20 16:42:20 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 795c0f6d648c62b60ce3b98f25414a420b155bb1
https://github.com/WebKit/WebKit/commit/795c0f6d648c62b60ce3b98f25414a420b155bb1
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M Source/WebCore/loader/SubresourceLoader.cpp
M Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp
M Source/WebCore/loader/cache/CachedCSSStyleSheet.h
Log Message:
-----------
Crash under PAL::newTextCodec(PAL::TextEncoding const&)
https://bugs.webkit.org/show_bug.cgi?id=264979
rdar://118267012
Reviewed by Brent Fulgham.
There is evidence for crashes in the wild that the CachedCSSStyleSheet or
the TextResourceDecoder are being used after getting freed. To prevent this,
protect both these objects in the code path identified by the crashes.
This is a speculative fix but it should be very safe.
* Source/WebCore/loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::didFinishLoading):
* Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp:
(WebCore::CachedCSSStyleSheet::finishLoading):
(WebCore::CachedCSSStyleSheet::protectedDecoder const):
* Source/WebCore/loader/cache/CachedCSSStyleSheet.h:
Originally-landed-as: 267815.575 at safari-7617-branch (4c3430842100). rdar://119598663
Canonical link: https://commits.webkit.org/272391@main
More information about the webkit-changes
mailing list