[webkit-changes] [WebKit/WebKit] 85fd23: Potential use-after-free in WebAnimation::commitSt...
Antoine Quint
noreply at github.com
Mon May 22 13:38:21 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 85fd2302d16a09a82d9a6e81eb286babb23c4b3c
https://github.com/WebKit/WebKit/commit/85fd2302d16a09a82d9a6e81eb286babb23c4b3c
Author: Antoine Quint <graouts at webkit.org>
Date: 2023-05-22 (Mon, 22 May 2023)
Changed paths:
M Source/WebCore/animation/WebAnimation.cpp
Log Message:
-----------
Potential use-after-free in WebAnimation::commitStyles
https://bugs.webkit.org/show_bug.cgi?id=254840
rdar://107444873
Reviewed by Dean Jackson and Darin Adler.
Ensure that the animation's effect and target are kept alive for the duration of this method
since it is possible that calling updateStyleIfNeeded() could call into JavaScript and thus
these two pointers could be changed to a null value using the Web Animations API.
* Source/WebCore/animation/WebAnimation.cpp:
(WebCore::WebAnimation::commitStyles):
Originally-landed-as: 259548.532 at safari-7615-branch (1d6fe184ea53). rdar://107444873
Canonical link: https://commits.webkit.org/264363@main
More information about the webkit-changes
mailing list