[Webkit-unassigned] [Bug 200062] New: Crash in WebContent process with customer schemes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 23 16:56:06 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=200062
Bug ID: 200062
Summary: Crash in WebContent process with customer schemes
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: beidson at apple.com
Crash in WebContent process with customer schemes.
WebKit: WebKit::WebURLSchemeTaskProxy::processNextPendingTask() <==
WebKit: WebKit::WebURLSchemeHandlerProxy::taskDidReceiveData(unsigned long long, unsigned long, unsigned char const*)
WebKit: WebKit::WebURLSchemeHandlerProxy::taskDidReceiveData(unsigned long long, unsigned long, unsigned char const*)
WebKit: WebKit::WebPage::urlSchemeTaskDidReceiveData(unsigned long long, unsigned long long, IPC::DataReference const&)
WebKit: WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&)
Everywhere else in WebURLSchemeTaskProxy we protect it with a Ref before later calling processNextPendingTask.
But not in didReceiveData.
So lets do that.
<rdar://problem/52968793>
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190723/22b23053/attachment.html>
More information about the webkit-unassigned
mailing list