[Webkit-unassigned] [Bug 249872] Crash in PDFDocument::injectStyleAndContentScript when downloading PDF

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Apr 11 14:17:11 PDT 2024


https://bugs.webkit.org/show_bug.cgi?id=249872

--- Comment #3 from Michael Catanzaro <mcatanzaro at redhat.com> ---
So the problem here is PDFDocument::injectStyleAndContentScript expects to be called only once per PDFDocument and releases the PDFDocument's reference to the PDFDocumentEventListener. But the PDFDocumentEventListener is still valid even though PDFDocument::m_listener is null, and it calls PDFDocument::injectStyleAndContentScript a second time for the download. This results in a crash because the function assumes m_listener is never null (because it will never be null the first time it is called).

I'm still trying to figure out how to fix it.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240411/7973cce4/attachment.htm>


More information about the webkit-unassigned mailing list