[Webkit-unassigned] [Bug 269754] New: Null pointer dereference in `WebPageProxy::activityStateDidChange()`

Mon Feb 19 14:27:26 PST 2024

https://bugs.webkit.org/show_bug.cgi?id=269754

            Bug ID: 269754
           Summary: Null pointer dereference in
                    `WebPageProxy::activityStateDidChange()`
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: charliew at apple.com

`m_pageClient` is protected in `decidePolicyForNavigationAction()`, but not passed to the created lambdas. When `Transaction` is destructed, `activityStateDidChange()` tries to create a strong reference to `m_pageClient`, but it may already be destroyed. We should pass `protectedPageClient` into the lambdas where `Transaction` is used.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240219/a6467547/attachment.htm>