[webkit-changes] [WebKit/WebKit] 64a427: [scroll-animations] com.apple.WebKit.WebContent.Ca...
Nikos Mouchtaris
noreply at github.com
Sun Sep 22 20:18:29 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 64a427a3f3793bc8c57cd9f26c2f47c7a0ecc869
https://github.com/WebKit/WebKit/commit/64a427a3f3793bc8c57cd9f26c2f47c7a0ecc869
Author: Nikolaos Mouchtaris <nmouchtaris at apple.com>
Date: 2024-09-22 (Sun, 22 Sep 2024)
Changed paths:
M Source/WebCore/animation/AnimationTimeline.cpp
M Source/WebCore/animation/AnimationTimelinesController.cpp
Log Message:
-----------
[scroll-animations] com.apple.WebKit.WebContent.CaptivePortal use-after-free crash at WebCore::DocumentTimeline::detachFromDocument
https://bugs.webkit.org/show_bug.cgi?id=279772
rdar://136077432
Reviewed by Charlie Wolfe, Tim Nguyen, and Antoine Quint.
Protect current DocumentTimeline being detatched to prevent use after free.
* Source/WebCore/animation/DocumentTimeline.cpp:
(WebCore::DocumentTimeline::detachFromDocument):
Canonical link: https://commits.webkit.org/284052@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list