[webkit-changes] [WebKit/WebKit] 0b0856: UI process crash due to null pointer dereference u...
Abrar Rahman Protyasha
noreply at github.com
Sat May 25 13:51:38 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 0b0856901df8b016acfa66a7677c7552d7b0f1bb
https://github.com/WebKit/WebKit/commit/0b0856901df8b016acfa66a7677c7552d7b0f1bb
Author: Abrar Rahman Protyasha <a_protyasha at apple.com>
Date: 2024-05-25 (Sat, 25 May 2024)
Changed paths:
M Source/WebKit/UIProcess/ViewGestureController.cpp
Log Message:
-----------
UI process crash due to null pointer dereference under ViewGestureController::applyMagnification()
https://bugs.webkit.org/show_bug.cgi?id=274710
rdar://128521737
Reviewed by Wenson Hsieh.
We have received a few crash reports with the following signature:
```
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Codes: 0x0000000000000001, 0x0000000000000000
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebKit 0x1ada630ec WebKit::ViewGestureController::applyMagnification() + 208
1 com.apple.WebKit 0x1ad8dee50 WebKit::ViewGestureController::handleMagnificationGestureEvent(NSEvent*, WebCore::FloatPoint) + 296
2 com.apple.WebKit 0x1ad9160e4 WebKit::WebViewImpl::magnifyWithEvent(NSEvent*) + 164
```
... which is simply a null pointer dereference in applyMagnification().
The only pointer dereference in that function occurs on the
DrawingAreaProxy, so let's speculatively guard said dereference.
* Source/WebKit/UIProcess/ViewGestureController.cpp:
(WebKit::ViewGestureController::applyMagnification):
Canonical link: https://commits.webkit.org/279322@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list