[webkit-reviews] review denied: [Bug 179037] Crash in: com.apple.WebKit: WebKit::CacheStorage::Caches::initializeSize(WTF::Function<void (std::optional<WebCore::DOMCacheEngine::Error>&&)>&&) + 30 (CacheStorageEngineCaches.cpp:163) : [Attachment 325408] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Oct 30 19:10:16 PDT 2017


Chris Dumez <cdumez at apple.com> has denied  review:
Bug 179037: Crash in:  com.apple.WebKit:
WebKit::CacheStorage::Caches::initializeSize(WTF::Function<void
(std::optional<WebCore::DOMCacheEngine::Error>&&)>&&) + 30
(CacheStorageEngineCaches.cpp:163)
https://bugs.webkit.org/show_bug.cgi?id=179037

Attachment 325408: Patch

https://bugs.webkit.org/attachment.cgi?id=325408&action=review




--- Comment #5 from Chris Dumez <cdumez at apple.com> ---
Comment on attachment 325408
  --> https://bugs.webkit.org/attachment.cgi?id=325408
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=325408&action=review

>> Source/WebKit/NetworkProcess/cache/CacheStorageEngineCaches.cpp:136
>> +	storeOrigin([protectedThis = makeRef(*this), this, callback =
WTFMove(callback)] (std::optional<Error>&& error) mutable {
> 
> Why don't you need the same in readCachesFromDisk() below?

You initialized m_storage above, but what if somebody calls
clearMemoryRepresentation() before your lambda gets called? Your lambda uses
m_storage without null checking it and the crash log show it is dereferencing
null.


More information about the webkit-reviews mailing list