[webkit-changes] [WebKit/WebKit] 5352e8: Null pointer dereference in IndexValueStore::Itera...

Sihui noreply at github.com
Mon Oct 28 20:28:31 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 5352e86541903824cd9b009ee7c0839ecf4b1b45
      https://github.com/WebKit/WebKit/commit/5352e86541903824cd9b009ee7c0839ecf4b1b45
  Author: Sihui Liu <sihui_liu at apple.com>
  Date:   2024-10-28 (Mon, 28 Oct 2024)

  Changed paths:
    A LayoutTests/storage/indexeddb/cursor-continue-add-failure-expected.txt
    A LayoutTests/storage/indexeddb/cursor-continue-add-failure-private-expected.txt
    A LayoutTests/storage/indexeddb/cursor-continue-add-failure-private.html
    A LayoutTests/storage/indexeddb/cursor-continue-add-failure.html
    A LayoutTests/storage/indexeddb/resources/cursor-continue-add-failure.js
    M Source/WebCore/Modules/indexeddb/server/IndexValueStore.cpp

  Log Message:
  -----------
  Null pointer dereference in IndexValueStore::Iterator::nextIndexEntry
https://bugs.webkit.org/show_bug.cgi?id=282186
rdar://136799874

Reviewed by Chris Dumez.

Ensure IndexValueStore::removeRecord updates m_orderedKeys when it updates m_records, otherwise when we retrieve record
from m_records with key from m_orderedKeys (like in IndexValueStore::Iterator::nextIndexEntry), there can be null
pointer derererence.

New tests:
LayoutTests/storage/indexeddb/cursor-continue-add-failure.html
LayoutTests/storage/indexeddb/cursor-continue-add-failure-private.html

* LayoutTests/storage/indexeddb/cursor-continue-add-failure-expected.txt: Added.
* LayoutTests/storage/indexeddb/cursor-continue-add-failure-private-expected.txt: Added.
* LayoutTests/storage/indexeddb/cursor-continue-add-failure-private.html: Added.
* LayoutTests/storage/indexeddb/cursor-continue-add-failure.html: Added.
* LayoutTests/storage/indexeddb/resources/cursor-continue-add-failure.js: Added.
(prepareDatabase):
* Source/WebCore/Modules/indexeddb/server/IndexValueStore.cpp:
(WebCore::IDBServer::IndexValueStore::removeRecord):

Canonical link: https://commits.webkit.org/285814@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list