[webkit-changes] [WebKit/WebKit] 0675bb: Cherry-pick 252432.838@safari-7614-branch (6651709...

Tue, 24 Jan 2023 17:18:09 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 0675bbf6a5db80a0dbf04ae7a7485a09b056d032
      
https://github.com/WebKit/WebKit/commit/0675bbf6a5db80a0dbf04ae7a7485a09b056d032
  Author: Arunsundar Kannan <arunsundar_kan...@apple.com>
  Date:   2023-01-24 (Tue, 24 Jan 2023)

  Changed paths:
    A LayoutTests/fast/forms/textfield-input-type-crash-onblur-expected.txt
    A LayoutTests/fast/forms/textfield-input-type-crash-onblur.html
    M Source/WebCore/html/HTMLInputElement.cpp
    M Source/WebCore/html/HTMLOptionElement.cpp
    M Source/WebCore/html/TextFieldInputType.cpp

  Log Message:
  -----------
  Cherry-pick 252432.838@safari-7614-branch (665170902bfa). rdar://104601528

    UAF crash occurs during a style update when an older freed HTMLElement is 
accessed
    https://bugs.webkit.org/show_bug.cgi?id=247389
    rdar://101420898

    Reviewed by Ryosuke Niwa and Ryan Haddad.

    * LayoutTests/fast/forms/textfield-input-type-crash-onblur-expected.txt: 
Added.
    * LayoutTests/fast/forms/textfield-input-type-crash-onblur.html: Added.
    * Source/WebCore/html/HTMLInputElement.cpp:
    (WebCore::HTMLInputElement::dataListMayHaveChanged):
    * Source/WebCore/html/HTMLOptionElement.cpp:
    (WebCore::HTMLOptionElement::childrenChanged):
    * Source/WebCore/html/TextFieldInputType.cpp:
    (WebCore::TextFieldInputType::createDataListDropdownIndicator):
    (WebCore::TextFieldInputType::dataListMayHaveChanged):

    Canonical link: https://commits.webkit.org/252432.838@safari-7614-branch

Canonical link: https://commits.webkit.org/259321@main


_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to