[Webkit-unassigned] [Bug 249872] Crash in PDFDocument::injectStyleAndContentScript when downloading PDF

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Apr 11 14:17:11 PDT 2024


--- Comment #3 from Michael Catanzaro <mcatanzaro at redhat.com> ---
So the problem here is PDFDocument::injectStyleAndContentScript expects to be called only once per PDFDocument and releases the PDFDocument's reference to the PDFDocumentEventListener. But the PDFDocumentEventListener is still valid even though PDFDocument::m_listener is null, and it calls PDFDocument::injectStyleAndContentScript a second time for the download. This results in a crash because the function assumes m_listener is never null (because it will never be null the first time it is called).

I'm still trying to figure out how to fix it.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240411/7973cce4/attachment.htm>

More information about the webkit-unassigned mailing list