Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 4e1728b582499cb80f19ebb24b05a77119060a6e
https://github.com/WebKit/WebKit/commit/4e1728b582499cb80f19ebb24b05a77119060a6e
Author: Rupin Mittal <[email protected]>
Date: 2026-04-13 (Mon, 13 Apr 2026)
Changed paths:
M
Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerNavigationPreloader.cpp
Log Message:
-----------
StabilityTracer: Crash in NetworkProcess::findPendingDownloadLocation
https://bugs.webkit.org/show_bug.cgi?id=312219
rdar://174045941
Reviewed by Chris Dumez.
NetworkProcess::findPendingDownloadLocation passes a lambda to
DownloadProxy::DecideDestinationWithSuggestedFilename which contians a
completionHandler. When this completionHandler is called, we crash because the
underlying function is null. It's possible that when the completionHandler
was passed in to NetworkProcess::findPendingDownloadLocation(), it was already
null.
One of the ways this completionHandler ends up here is:
1. DownloadManager::convertNetworkLoadToDownload()
2. PendingDownload::PendingDownload()
3. NetworkLoad::convertTaskToDownload()
4. NetworkProcess::findPendingDownloadLocation()
There are three callsites to convertNetworkLoadToDownload() that pass in a
completionHandler. One of them constructs the completionHandler right before
passing it in. The other null checks the completionHandler before passing it
in. The third callsite, ServiceWorkerNavigationPreloader::convertToDownload(),
does neither.
So, as a speculative fix, we amend the this third callsite to null check its
completionHandler before passing it to convertNetworkLoadToDownload().
*
Source/WebKit/NetworkProcess/ServiceWorker/ServiceWorkerNavigationPreloader.cpp:
(WebKit::ServiceWorkerNavigationPreloader::convertToDownload):
Canonical link: https://commits.webkit.org/311165@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
