Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d4f46e50d65d31bcf4297db3f42341c6ab3b56ab
https://github.com/WebKit/WebKit/commit/d4f46e50d65d31bcf4297db3f42341c6ab3b56ab
Author: Michael Catanzaro <[email protected]>
Date: 2025-11-24 (Mon, 24 Nov 2025)
Changed paths:
M Source/WebCore/platform/graphics/freetype/FontPlatformDataFreeType.cpp
Log Message:
-----------
Double free / use-after-free of static FcPattern in
FontPlatformDataFreeType::create
https://bugs.webkit.org/show_bug.cgi?id=302858
Reviewed by Carlos Garcia Campos.
Here we adopt a reference that we do not own. Well, we sort of own it,
in the static local variable, but we need to *continue* owning it and
therefore must not pass ownership to the FontPlatformData constructor.
So, remove the adoptRef(). A RefPtr will be implicitly created,
increasing the ref count on the FcPattern, as is required.
(Note this FcPattern will be leaked, but that's OK because it's global
data. The ref count should be 1 at program termination.)
Canonical link: https://commits.webkit.org/303513@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
