[webkit-changes] [WebKit/WebKit] 795c0f: Crash under PAL::newTextCodec(PAL::TextEncoding co...

Chris Dumez Wed, 20 Dec 2023 16:42:30 -0800

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 795c0f6d648c62b60ce3b98f25414a420b155bb1
      
https://github.com/WebKit/WebKit/commit/795c0f6d648c62b60ce3b98f25414a420b155bb1
  Author: Chris Dumez <cdu...@apple.com>
  Date:   2023-12-20 (Wed, 20 Dec 2023)


  Changed paths:
    M Source/WebCore/loader/SubresourceLoader.cpp
    M Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp
    M Source/WebCore/loader/cache/CachedCSSStyleSheet.h

  Log Message:
  -----------
  Crash under PAL::newTextCodec(PAL::TextEncoding const&)
https://bugs.webkit.org/show_bug.cgi?id=264979
rdar://118267012

Reviewed by Brent Fulgham.

There is evidence for crashes in the wild that the CachedCSSStyleSheet or
the TextResourceDecoder are being used after getting freed. To prevent this,
protect both these objects in the code path identified by the crashes.

This is a speculative fix but it should be very safe.

* Source/WebCore/loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::didFinishLoading):
* Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp:
(WebCore::CachedCSSStyleSheet::finishLoading):
(WebCore::CachedCSSStyleSheet::protectedDecoder const):
* Source/WebCore/loader/cache/CachedCSSStyleSheet.h:

Originally-landed-as: 267815.575@safari-7617-branch (4c3430842100). 
rdar://119598663
Canonical link: https://commits.webkit.org/272391@main


_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [WebKit/WebKit] 795c0f: Crash under PAL::newTextCodec(PAL::TextEncoding co...

Reply via email to